Privacy Policy

Last Updated: May 27, 2026

Defakes.com ("we", "us", "our", or "Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our deepfake detection platform, including our web application, Telegram Mini App, and related services.

Please read this Privacy Policy carefully. By using our Service, you consent to the data practices described in this policy. If you do not agree with our policies and practices, you may not use our Service.

1. What We Collect

Depending on how you use the Service, we may collect:

Account Data

  • Telegram identifiers (user ID, username, display name)
  • Authentication tokens and session data
  • Wallet addresses (if linked for cryptocurrency rewards)
  • Referral codes and referral relationships

User Content

  • Uploads and links you submit for analysis
  • Evidence reports you generate (PDFs, forensic data)
  • Votes, annotations, and comments on content
  • Case submissions and analysis results

Device & Usage Data

  • IP address and approximate location
  • Device information (type, operating system, browser)
  • Usage logs, timestamps, and session data
  • Basic analytics (pages visited, features used, interactions)
  • Error logs and performance data

Transaction Data

  • Purchases and payment information
  • Points credits, debits, and balance changes
  • Receipts (processed by payment providers; we may store references like session IDs)
  • Order history and fulfillment status

Integrity Data

  • Cryptographic hashes/digests and related metadata
  • May be stored in databases and/or on-chain
  • Blockchain transaction hashes and metadata
  • Analysis scores and confidence ratings

League & Gamification Data

  • Participation XP and accuracy scores
  • League standings and rankings
  • Detective rank and rating history
  • Gold task attempts and accuracy metrics
  • Streak data and activity history

2. How We Use Data

We use collected data to:

  • Provide and operate the Service: Process video analysis, manage voting and consensus, generate reports, handle transactions, and maintain league/ranking systems
  • Prevent abuse and fraud: Implement rate limits, detect sybil attacks, enforce anti-gaming measures, and maintain platform integrity
  • Improve models and product quality: Use aggregated and derived signals to train AI models, improve detection accuracy, and enhance user experience (note: we do not use raw user content for training without consent)
  • Customer support and communications: Respond to inquiries, provide assistance, send notifications about your account or transactions
  • Legal compliance and safety enforcement: Comply with applicable laws, respond to legal requests, enforce our Terms of Service, and protect users and the platform

3. Public vs Private Visibility

Public Cases

If you post a case as Public, other users may see:

  • The media content (or reference/preview)
  • AI analysis verdicts and confidence scores
  • Community consensus (vote counts, annotations)
  • Your display name or username (if associated)
  • Case metadata (timestamps, analysis type)

Public cases appear in public feeds and may be shared or referenced by other users.

Private Cases

If you set a case as Private (or it is forced restricted/evidence mode):

  • Visibility is limited to you and explicitly permitted viewers
  • Media content is not shown in public feeds
  • Analysis results are not publicly visible
  • Only you can access the full case details

Evidence Reports

Reports follow the same visibility rules:

  • Private case → Private report (accessible only to you)
  • Public case → Report visibility may depend on sharing settings
  • You can share reports manually via direct links

Note: Even for private cases, cryptographic hashes may be stored on-chain for integrity purposes. These hashes are not reversible to the original content.

4. Sharing with Vendors and Third Parties

We may share data with service providers that help us operate the platform, subject to contractual restrictions:

Service Providers

  • Hosting and Infrastructure: Database hosting (Supabase), cloud storage, CDN services
  • Analytics and Monitoring: Usage analytics, error tracking, performance monitoring
  • Payment Processing: Payment processors (Stripe) handle payment transactions
  • AI Inference Providers: Third-party AI services that process video and image analysis
  • Blockchain Infrastructure: Blockchain networks (Base) for on-chain hash storage
  • Communication Services: Notification and messaging services

All service providers are contractually obligated to process data only as necessary to provide their services, implement appropriate security measures, not use data for their own purposes beyond service provision, and comply with applicable privacy and data protection laws.

We do not sell your personal data to third parties.

5. On-Chain / Immutable Records

When we store cryptographic hashes, digests, or references on a public blockchain (e.g., Base network) or append-only log:

  • Permanent and Public: These records may be permanent and publicly viewable on the blockchain
  • Cannot Be Deleted: Blockchain records are immutable and cannot be removed once confirmed
  • Integrity Proofs Only: These records are intended to serve as integrity proofs (verification that content existed at a certain time), not raw media or personal information
  • Not Reversible: Hashes are one-way functions; the original content cannot be reconstructed from the hash

You can choose whether to anchor your analysis to the blockchain. Anchoring provides cryptographic proof of analysis results but makes the hash publicly visible.

6. Retention and Deletion

Data Retention

We retain data as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations (tax records, transaction logs, etc.)
  • Resolve disputes and enforce agreements
  • Maintain platform security and integrity

Account Deletion

You may request deletion of your account and associated data by contacting us at privacy@defakes.com.

Limitations on Deletion:

  • Transaction Records: Financial and payment records may be retained as required by law (e.g., tax compliance, accounting)
  • Abuse Prevention Logs: Records related to security incidents, fraud prevention, or Terms of Service violations may be retained for safety and legal purposes
  • On-Chain Records: Blockchain records cannot be deleted or modified once confirmed
  • Anonymized/Aggregated Data: We may retain anonymized or aggregated data for analytics and improvement purposes

Upon deletion: Your account will be deactivated, your personal information will be removed from active systems, public cases may remain visible (with anonymized attribution) unless explicitly removed, and private cases and associated data will be deleted (subject to retention requirements above).

8. Security

Our Security Measures

We implement reasonable technical and organizational safeguards to protect your data:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure database storage with access controls
  • Authentication and authorization systems
  • Regular security assessments and updates
  • Row-level security policies on sensitive data

Your Responsibilities

  • No system is perfectly secure: Despite our efforts, no method of transmission or storage is 100% secure
  • Keep your account secure: Use a strong, unique password for your Telegram account, enable two-factor authentication on Telegram, keep your devices secure and up-to-date, and do not share your authentication tokens or session data
  • Report security issues: If you discover a security vulnerability, please report it to security@defakes.com

9. Your Rights

Depending on where you live, you may have certain rights regarding your personal data:

Common Rights (May Vary by Jurisdiction)

  • Access: Request access to your personal data
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal and operational requirements)
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Objection: Object to certain processing of your data
  • Restriction: Request restriction of processing in certain circumstances
  • Withdrawal of Consent: Withdraw consent where processing is based on consent

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@defakes.com with your request and the specific right you wish to exercise, verification of your identity (to protect your data), and any relevant details to help us locate your data.

We will respond to your request within a reasonable timeframe and in accordance with applicable law.

Note: Some rights may be limited by legal obligations (e.g., retention requirements for financial records), legitimate business interests (e.g., fraud prevention), or technical limitations (e.g., blockchain immutability).

7. Minors

Age Restrictions

  • The Service is not intended for children under 13 years of age
  • We do not knowingly collect personal information from children under 13
  • If we become aware that we have collected information from a child under 13, we will take steps to delete such information

Additional Restrictions

  • Purchases: Purchases and payment transactions are restricted to users 18 years or older (or with verified guardian consent)
  • Professional Services: Evidence reports and professional-grade analysis services are restricted to users 18 years or older

If you are a parent or guardian and believe your child has provided personal information, please contact us immediately at privacy@defakes.com.

10. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: privacy@defakes.com
  • Security Issues: security@defakes.com

For general inquiries, you can also reach us through our Service's contact features.