Guardian is in private beta. Sign up now to reserve your spot and upload content you want protected. Full monitoring activates by email invitation as we onboard in waves.

Legal

Privacy policy

Last updated: January 5, 2026 · Effective for all users of Guardian by Deep Media, Inc.

1. Introduction

This Privacy Policy describes how Deep Media, Inc. ("Deep Media," "we," "us," "our") collects, uses, stores, discloses, and protects information when you use Guardian (the "Service"). Guardian is a personal identity protection product that monitors public surfaces of the internet for unauthorized uses of your face, voice, name, and likeness.

We have designed Guardian under a single overriding principle: collect the minimum required to deliver the protection you sign up for, and never repurpose that data for advertising, sale, or any function unrelated to your protection. This policy reflects that commitment in legally precise terms.

This policy applies to use of Guardian at guardian.deepid.ai and all sub-domains, mobile applications, APIs, and any related services we offer (collectively, the "Service"). It does not apply to third-party websites, services, or platforms whose content Guardian monitors on your behalf; those services maintain their own privacy practices.

2. Information we collect

Account information. When you create a Guardian account we collect your email address, a password (stored only as a one-way bcrypt hash), and any optional profile information you choose to provide (display name, time zone, communication preferences).

Connected content. When you connect a public social profile (Instagram, TikTok, YouTube, X, LinkedIn, Facebook, Threads), Guardian retrieves the public content you have authorized us to access in order to build a protection baseline. We do not access private messages, private posts, or DMs. We do not write, post, or modify any content on your behalf.

Biometric identifiers. If you choose to enroll biometric protection, we generate biometric hashes from a 30-second facial capture and a 10-second voice phrase. Section 3 below describes biometric handling in detail.

Uploaded content. Photos, videos, and audio you upload to expand your protection baseline are stored encrypted at rest and used only to refine matching for your account.

Findings and scan data. Records of candidate matches discovered by Guardian's agents, including the source URL, platform, match score, and forensic artifacts. Findings are tied to your account and visible only to you (and team members you authorize on team plans).

Billing information. For paid plans, Stripe processes payment information directly. Deep Media stores only a redacted card identifier and billing zip code; we do not store full card numbers.

Technical data. IP address, browser type, device identifiers, and basic interaction telemetry necessary to operate the Service, prevent abuse, and diagnose errors. We do not use this data for advertising profiling.

3. Biometric data — explicit consent and handling

Guardian's biometric features are optional. You can use the Service without enrolling any biometric identifier. If you choose to enroll, the following rules govern our handling of that data, in compliance with the Illinois Biometric Information Privacy Act (BIPA), the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and the Washington My Health My Data Act.

Explicit consent. Before any biometric capture, you are presented with a written disclosure describing exactly what is captured (a 30-second facial sweep and 10-second voice phrase), how it is converted into a biometric hash, how long it is retained, and the specific purpose: detecting unauthorized uses of your likeness across the internet. You must affirmatively consent in writing (electronic signature) before capture begins.

Capture environment. Capture runs entirely in your browser. The raw frames and audio buffer are processed in memory and never transmitted in raw form to Deep Media servers. The browser computes a high-dimensional embedding (a mathematical fingerprint), which is one-way: it cannot be reversed into a recognizable image or recording.

Storage. The biometric hash is transmitted over TLS 1.3 to our servers, encrypted at rest with AES-256, and stored in a logically isolated biometric database with role-based access controls. Only systems serving your account can decrypt your hash.

Use limitation. Your biometric hash is used solely to compare against media that Guardian's agents surface from public sources. It is never used for authentication, never used for advertising, never used to train machine-learning models, and never shared with third parties.

Retention. Biometric hashes are retained for as long as your account is active. You may delete your biometric hash at any time from Account → Privacy → Delete Biometrics. Deletion is irreversible and completes within seventy-two (72) hours, after which a cryptographic deletion certificate is generated.

BIPA-specific retention schedule. For Illinois residents, biometric hashes are deleted no later than: (a) the date on which the initial purpose for collection has been satisfied, (b) three (3) years after the individual's last interaction with the Service, or (c) immediately upon request — whichever is earlier.

Washington My Health My Data. To the extent any biometric data is considered "consumer health data" under the Washington My Health My Data Act, we treat it as such: separate explicit consent, no sharing without separate authorization, and a dedicated deletion pathway honored within 30 days.

Disclosure. We do not sell, lease, trade, or otherwise profit from biometric data. We do not disclose biometric data to third parties except (i) to subprocessors strictly necessary to operate the Service under a written contract that mirrors these protections, or (ii) under legally binding subpoena, in which case we will notify you unless prohibited by law.

4. How we use your information

To deliver the Service. We use account, connected-content, biometric, and uploaded data exclusively to run scans, surface matches, prepare and issue takedown notices, generate evidence packages, and present your dashboard.

To improve detection accuracy for your account. Aggregated, anonymized scan metrics inform how we tune detection thresholds. No identifiable data is used to train shared machine-learning models.

To send service communications. Account confirmations, security notices, scan reports, and incident alerts. You may not opt out of security-relevant communications. You may opt out of all non-essential communications at any time.

To detect fraud and abuse. We monitor for sign-up patterns indicating account fraud, bot abuse, and attempts to enroll someone other than the account holder. Suspected violations may result in account suspension.

To comply with legal obligations. We retain records to the extent required by tax, accounting, and regulatory law.

5. What we never do

We do not sell your personal information to anyone.

We do not use your biometric data for advertising, profiling, or any function unrelated to detecting unauthorized uses of your likeness.

We do not share your biometric data with third parties for marketing purposes.

We do not embed third-party advertising trackers, pixels, fingerprinting scripts, or session-replay tools on our website or in the Service.

We do not train shared AI or machine-learning models on your enrolled biometric data or uploaded content.

We do not access private messages, private profiles, or any non-public content on third-party platforms.

We do not require government identification to use Guardian.

6. Your rights

Right to access. You may request a copy of the personal information we hold about you at any time by emailing privacy@deepmedia.ai. We will respond within 30 days.

Right to correction. You may correct inaccurate personal information directly in your account or by contacting us.

Right to deletion. You may delete biometric hashes, individual scans, individual findings, uploaded content, and your entire account at any time. Account deletion completes within 30 days; biometric deletion completes within 72 hours.

Right to portability. You may export your scan history, findings, and account metadata in machine-readable JSON at any time.

Right to opt out of sale. We do not sell personal information. This right is therefore moot; we honor it by policy regardless.

Right to non-discrimination. We will not discriminate against you for exercising any privacy right.

GDPR-specific rights. EU/EEA/UK residents additionally have the right to restrict processing, to object to processing, to lodge a complaint with a supervisory authority, and to withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

BIPA-specific rights. Illinois residents have the rights to know what biometric data is collected, the purpose, retention schedule, and the right to a written disclosure prior to collection.

CCPA-specific rights. California residents have the rights to know, to delete, to correct, to opt out of sale (n/a — we do not sell), to limit use of sensitive personal information, and to non-discrimination.

Washington MHMD rights. Washington residents have the rights to access, delete, withdraw consent, and appeal an adverse decision concerning consumer health data.

7. Data deletion process

You can initiate deletion from within the Service: Account → Privacy → Delete. Three categories of deletion are available: (i) biometric hash only, (ii) all content and scan data, or (iii) full account deletion.

Biometric deletion completes within seventy-two (72) hours, irreversibly. You may re-enroll later if you choose; a new hash is generated at that time.

Full account deletion completes within thirty (30) days. We retain anonymized aggregate metrics (e.g., the total number of takedowns issued during a reporting period) that contain no identifiable data. We retain billing records as required by applicable tax and accounting law (generally seven years).

Upon completion of deletion we generate a deletion certificate available for download from the deletion-confirmation email. Once issued, this certificate is the authoritative record that your data has been deleted from our production systems.

8. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include TLS 1.3 in transit, AES-256 at rest, role-based access controls, audit logging on every data access event, annual penetration testing, and a vulnerability disclosure program for outside researchers.

Despite these measures, no system is perfectly secure. In the event of a security incident affecting your personal information, we will notify affected users without unreasonable delay and in any case within the timeframe required by applicable law.

9. Children's privacy

Guardian is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact privacy@deepmedia.ai and we will delete it.

Parents may enroll a minor child's likeness for monitoring purposes during beta, provided the parent or legal guardian provides written consent and is the account holder. Guardian treats minors' biometric data with heightened protections, including expedited deletion and a prohibition on any team-dashboard sharing without re-consent.

10. International transfers

Deep Media is headquartered in the United States. If you access the Service from outside the United States, your personal information may be transferred to, stored, and processed in the United States. We use Standard Contractual Clauses (SCCs) for transfers from the EEA, UK, and Switzerland, supplemented by additional safeguards required by the Schrems II decision and applicable supervisory-authority guidance.

11. Subprocessors

We engage a limited set of subprocessors strictly necessary to operate the Service, including cloud infrastructure (AWS, hosting US-East and US-West regions), email delivery (Postmark), error monitoring (Sentry), and payment processing (Stripe). A current list is available at guardian.deepmid.ai/subprocessors. Each subprocessor is bound by a written contract that mirrors the protections in this policy.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email and via in-product notice at least thirty (30) days before they take effect. The "Last updated" date below indicates the most recent revision.

13. Contact us

For privacy questions, data requests, or to exercise any right described in this policy, contact: privacy@deepmedia.ai. For EU/EEA/UK residents, you may also lodge a complaint with your local data-protection authority.

Postal address: Deep Media, Inc., Attn: Privacy, 1500 Broadway, Oakland, CA 94612.