Privacy Policy

1. Information We Collect

Account Data: When you register, we collect your email address and a securely hashed version of your password. We never store plaintext passwords.

Uploaded Content: Files you submit for analysis are processed in memory and immediately deleted after scanning. We do not retain copies of your uploaded files. Only scan metadata (file name, file type, AI score, and a SHA-256 hash of the content) is stored.

Usage Analytics: We log API requests for service monitoring and abuse prevention. IP addresses are stored as SHA-256 hashes — we never store raw IP addresses. Usage logs include endpoint, method, response time, and status code.

Payment Data: Payment processing is handled entirely by Stripe. We store only your Stripe customer ID — never card numbers, bank details, or other financial data.

2. How We Use Your Data

We use your information to provide the Forensa service, enforce usage limits, prevent abuse, improve detection accuracy, and communicate service updates. We do not sell your data to third parties. We do not use your uploaded content to train AI models.

3. Blockchain Logging

When you opt into blockchain logging, a SHA-256 hash of your scan result is recorded on the Polygon network. This hash is irreversible — the original content cannot be reconstructed from it. Blockchain records are immutable and public by design; this is the feature's purpose (providing tamper-proof audit trails).

4. Data Retention

Scan metadata and history are retained for as long as your account is active. If you delete your account, all associated data (scans, API keys, usage logs) is permanently removed within 30 days. Blockchain records, once written, cannot be deleted due to the immutable nature of blockchain technology.

5. Security

We employ industry-standard security measures including bcrypt password hashing, JWT token authentication with 24-hour expiry, SHA-256 IP hashing, HTTPS enforcement in production, and CORS restrictions. API keys are stored as SHA-256 hashes — the raw key is shown only once at creation time.

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us at privacy@forensa.ai. European users have additional rights under GDPR, including data portability and the right to lodge a complaint with a supervisory authority.

7. Cookies

Forensa uses only essential cookies (JWT authentication token stored in localStorage). We do not use tracking cookies, advertising cookies, or third-party analytics that track individual users.

8. Contact

For privacy-related inquiries, contact us at privacy@forensa.ai.