Privacy Policy

This policy covers three groups of people:

• Customers — developers and companies who sign up for an AntiNude account and integrate the Services into their products.
• End users — individuals whose images are scanned by an application that embeds the AntiNude SDK.
• Website visitors — anyone browsing our marketing site, documentation, or status page.

For end users: AntiNude is typically a processor acting on behalf of the application you are using. The application’s own privacy policy governs the broader processing of your data; this policy describes what AntiNude itself receives.

2.1 Account information

When you sign up, we collect:

• Email address, name, and company name.
• Authentication credentials (hashed passwords, OAuth identifiers).
• Billing details processed by our payment provider — we store only a token and the last four digits of the card.
• Team membership, role, and access control configuration.

2.2 Telemetry from the SDK and API

When the SDK classifies an image, it sends us a small, fixed-shape telemetry event so that we can bill, enforce rate limits, debug, and improve the product. A typical event includes:

• API key identifier, project ID, and SDK version.
• The verdict (e.g. safe, unsafe) and category scores returned by the on-device model.
• Image dimensions, file size in bytes, and inference latency.
• A SHA-256 hash of the image bytes (used for deduplication and abuse detection — the hash is one-way and is not reversible into the original image).
• Coarse device information: operating system, OS version, device class (phone/tablet), and the CPU architecture used to run the model.
• The IP address that submitted the event, truncated to a /24 (IPv4) or /48 (IPv6) prefix at ingestion.

We do not receive image pixels. The SDK never uploads raw image bytes, thumbnails, or any reconstruction of the image. The only image-derived data that reaches our servers are the numeric category scores and the irreversible hash described above.

2.3 Hosted Cloud API (opt-in)

For customers who explicitly choose our Hosted Cloud API instead of the on-device SDK, we receive the full image bytes for the duration of inference. In that mode:

• Images are processed in volatile memory and are not written to disk.
• Images are deleted immediately after the classification response is returned.
• We do not retain images beyond the request lifecycle and we do not use them to train our models.
• Cloud API mode is off by default; customers must opt in per-project and acknowledge the change in scope.

2.4 Website and product analytics

On antinude.io and the customer dashboard, we use first-party cookies and similar technologies for authentication, security (CSRF tokens, rate limiting), and aggregated usage analytics. We do not run third-party advertising trackers and we do not sell visitor data. You can disable non-essential cookies in your browser; essential cookies cannot be disabled without breaking sign-in.

2.5 Communications

When you contact support@antinude.io, file a ticket, or join a webinar, we keep a record of the conversation so we can respond, train our support team, and improve the product.

We use the information described above only for the following purposes:

• Providing the Services — authenticating requests, returning classifications, surfacing dashboards, sending webhooks.
• Billing and quota enforcement — counting scans, applying rate limits, generating invoices.
• Security and abuse prevention — detecting credential stuffing, key leakage, automated abuse, and CSAM. See §6 for our zero-tolerance CSAM workflow.
• Product improvement — analyzing aggregate verdict distributions and latency to improve model thresholds and SDK performance. We do not use customer data to train upstream foundation models.
• Customer support — responding to questions and incidents.
• Legal compliance — responding to lawful requests and meeting our regulatory obligations.

If you are in the EEA, UK, or Switzerland, we process personal data under the following legal bases:

• Contract — to deliver the Services you (or your employer) have signed up for.
• Legitimate interests — to secure the Services, prevent abuse, debug, and improve the product. We balance these interests against your rights and offer an opt-out where required.
• Legal obligation — to comply with tax, accounting, and child-protection laws.
• Consent — for optional features like marketing emails. You can withdraw consent at any time.

We do not sell personal data. We share data only with a small number of vetted subprocessors that help us run the Services. The current list, with the data each one receives, is published at antinude.io/security and includes, at the time of this writing:

• Amazon Web Services (US, EU) — primary infrastructure: compute, storage, networking.
• Cloudflare — DDoS protection, edge caching for static assets.
• Stripe — payment processing; receives billing details directly from your browser.
• Postmark — transactional email (receipts, alerts).
• Linear and Notion — internal ticketing and documentation; may receive support-conversation content.

We require every subprocessor to sign a Data Processing Addendum with confidentiality, security, and sub-processing obligations at least as strict as ours. We notify customers at least 30 days before adding a new subprocessor that processes personal data, and customers may object during that window.

AntiNude has a zero-tolerance policy for child sexual abuse material (CSAM). If our systems flag an image as likely CSAM:

• We report the incident to the National Center for Missing & Exploited Children (NCMEC) and any other authority required by applicable law.
• We share the irreversible hash and minimum metadata required by law; we do not receive or store the underlying image (the SDK runs on-device).
• We may suspend the offending account and preserve relevant records as required by law.

This is the one circumstance in which we will override customer confidentiality. We document each report internally and review the process annually with outside counsel.

AntiNude operates infrastructure in the United States and the European Union. EU and UK customer data is processed in the EU by default; you can request US-only or EU-only residency in your project settings. When we transfer personal data out of the EEA, UK, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and supplementary measures (encryption in transit and at rest, key management in-region) as required by Schrems II case law.

• Account data — retained while your account is active, then deleted within 90 days of account closure (longer if law requires).
• Telemetry events — retained for 13 months in identifiable form for billing and abuse review, then aggregated.
• Hosted Cloud API images — deleted immediately after the response is returned (zero retention).
• Support tickets — retained for 24 months from the last message in the thread.
• Billing records — retained for 7 years to meet tax and accounting requirements.

Depending on where you live, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your data (subject to legal retention obligations).
• Receive your data in a portable format.
• Restrict or object to certain processing.
• Withdraw consent for processing that relies on consent.
• Lodge a complaint with a supervisory authority (e.g. your national data-protection regulator).

California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and limit the use of sensitive personal information, and the right to not be discriminated against for exercising those rights. We do not “sell” or “share” personal information as those terms are defined under the CCPA/CPRA.

To exercise any of these rights, email privacy@antinude.io. We will verify your identity and respond within 30 days (45 days for complex requests, with notice).

End users: if you are interacting with an application that embeds our SDK and you wish to exercise these rights, please contact that application’s operator first — they are the controller of your data. We will assist them in fulfilling your request.

We treat security as a first-class product feature. Highlights:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Single sign-on (SAML and OIDC) for enterprise customers.
• Hardware-backed keys for production database access; no shared admin passwords.
• Annual third-party penetration tests and a public security disclosure program at security@antinude.io.
• SOC 2 Type II report available under NDA.

No system is perfectly secure. If we learn of a personal-data breach that affects you, we will notify affected customers and (where required) regulators within 72 hours.

The Services are intended for businesses and developers. They are not directed to children under 16 and we do not knowingly collect personal data from children under 16. If you believe a child has provided us with data, please contact privacy@antinude.io and we will delete it.

Imagery depicting minors. Customers may not use the Services to classify imagery depicting identifiable minors outside of a legitimate child-safety, parental-control, or law-enforcement context. Where the application’s user flow can plausibly include images of minors (for example, user-generated content, camera-roll scanning, or social features), the customer must enable the SDK’s built-in age pre-filter — which performs an on-device age-estimation check and aborts NSFW classification for images estimated to depict minors — or implement an equivalent control of their own. This requirement is reflected in §3 of our Terms of Service. If the age pre-filter or our CSAM safeguards trigger on an image, AntiNude follows the workflow in §6.

The SDK’s output is a classification that the embedding application uses to make its own decisions (e.g. blur, block, queue for review). AntiNude itself does not make legal or similarly significant decisions about end users solely by automated means. Customers integrating our Services are responsible for any high-impact decisions they take based on our output and should provide human review where the law requires it.

We will update this page when our practices change. The “Last updated” date at the top reflects the most recent revision. For material changes, we will notify account owners by email at least 30 days before the change takes effect.

Privacy questions, data-subject requests, and complaints can be sent to:

• General privacy: privacy@antinude.io
• Security disclosures: security@antinude.io
• Customer support: support@antinude.io

You can also reach our Data Protection Officer at dpo@antinude.io. Our EU representative under Article 27 GDPR is listed in our Data Processing Addendum.