Privacy Policy

Last updated: May 25, 2026

What we collect

When you submit a scan, we receive the images, text descriptions, and product context you provide. We also collect minimal technical metadata (IP address, browser user agent) for security, rate limiting, and fraud prevention.

How we use your data

Your scans are analyzed by our ApprovalWhisper Authentication Engine to produce a confidence score and directive. When a scan is escalated for human review, de-identified operational signals may be used to improve service reliability and abuse detection. Your uploads are never sold or shared with third parties for advertising.

Web reference scans

To improve authentication accuracy, we perform a reverse image search against public web sources via a third-party computer vision service. Only the uploaded image is sent to the provider, not your account details. Results are stored with your scan record for 30 days. See our Sub-processors page for the current list of third-party service providers.

Content safety scanning

Every uploaded image is automatically scanned for malware, embedded executables, metadata anomalies, and known-bad content hashes. Uploads that match known illegal content (including child sexual abuse material) are blocked, preserved as evidence, and reported to law enforcement as required by 18 USC § 2258A and applicable international laws. We do not notify users when reports are filed, as doing so may constitute obstruction of justice. See our Prohibited Use Policy for the full list of content we do not permit.

Retention

Review items and scan metadata are retained for 30 days, then automatically deleted. Content flagged under our safety scanning (quarantine, legal reports) is preserved for a minimum of 90 days per 18 USC § 2258A(h). Authentication certificates contain a cryptographic hash of your input and remain valid for verification purposes but do not store raw imagery.

Your rights

You can request deletion of your scan history at any time by contacting support@approvalwhisper.com. We respond within 30 days.

EEA and UK residents (GDPR)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
  • Restriction: Ask us to restrict processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.

To exercise any of these rights, email support@approvalwhisper.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

California residents (CCPA / CPRA)

Under the California Consumer Privacy Act, California residents have the right to:

  • Know what personal information we collect, use, disclose, or sell.
  • Delete personal information we hold about you, subject to certain exceptions.
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a request, email support@approvalwhisper.com with the subject line “California Privacy Request.” We will verify your identity before processing the request and respond within 45 days.

Cookies

We use essential cookies only. See our Cookie Policy for details.

Contact

Questions about privacy? Email support@approvalwhisper.com

ApprovalWhisper © 2026— ClearGarment AI