Privacy Policy

Last updated: April 8, 2026

What we collect

When you submit a scan, we receive the images, text descriptions, and product context you provide. We also collect minimal technical metadata (IP address, browser user agent) for security, rate limiting, and fraud prevention.

How we use your data

Your scans are analyzed by our forensic authentication engine (Pure Studio) to produce a confidence score and directive. When a scan is escalated for human review, anonymized evidence layers are used by our training system to strengthen the model. Your uploads are never sold or shared with third parties for advertising.

Web reference scans

To improve authentication accuracy, we perform a reverse image search against public web sources (Google Vision Web Detection). Only the uploaded image is sent to the search API, not your account details. Results are stored with your scan record for 30 days.

Content safety scanning

Every uploaded image is automatically scanned for malware, embedded executables, metadata anomalies, and known-bad content hashes. Uploads that match known illegal content (including child sexual abuse material) are blocked, preserved as evidence, and reported to law enforcement as required by 18 USC § 2258A and applicable international laws. We do not notify users when reports are filed, as doing so may constitute obstruction of justice. See our Prohibited Use Policy for the full list of content we do not permit.

Retention

Review items and scan metadata are retained for 30 days, then automatically deleted. Content flagged under our safety scanning (quarantine, legal reports) is preserved for a minimum of 90 days per 18 USC § 2258A(h). Authentication certificates contain a cryptographic hash of your input and remain valid for verification purposes but do not store raw imagery.

Your rights

You can request deletion of your scan history at any time by contacting support@approvalwhisper.com. We respond within 30 days.

Contact

Questions about privacy? Email privacy@approvalwhisper.com