Privacy Policy.

This policy covers three groups of people:

• Customers — developers and companies who sign up for an AntiNude account and integrate the Services into their products.
• End users — individuals whose images or videos are scanned by an application that embeds the AntiNude SDK.
• Website visitors — anyone browsing our marketing site, documentation, or status page.

For end users: AntiNude is typically a processor acting on behalf of the application you are using. The application’s own privacy policy governs the broader processing of your data; this policy describes what AntiNude itself receives.

2.1 Account information

When you sign up, we collect:

• Email address, name, and company name.
• Authentication credentials (hashed passwords, OAuth identifiers).
• Billing details processed by our payment provider — we store only a token and the last four digits of the card.
• Team membership, role, and access control configuration.

2.2 Telemetry from the SDK

When the SDK classifies an image, it sends us a small, fixed-shape telemetry event so that we can bill, debug, and improve the product. A typical event includes:

• API key identifier and SDK version.
• The verdict (safe or unsafe) and the highest-scoring detection (class name + score) returned by the on-device model.
• All retained per-class detections (class name + score). Bounding-box coordinates stay on-device and are not transmitted.
• Inference latency in milliseconds and the on-device model version string.
• The IP address that submitted the event, used by the backend for rate limiting and abuse detection.

We do not receive image pixels. The SDK never uploads raw bytes, thumbnails, or any reconstruction of the image. Only the verdict and the per-class numeric scores described above reach our servers. You can also pass reportToServer: false at SDK construction to suppress telemetry entirely (scans then run fully offline).

2.3 Hosted Cloud API (opt-in)

A Hosted Cloud API — where customers POST image bytes to our backend for inference instead of running it on-device — is on the roadmap. It is not available today. If and when we ship it, the privacy stance will be: inputs processed in volatile memory only, deleted immediately after the response, never written to disk, never used for model training, opt-in per project. This page will be updated before any such endpoint goes live.

2.4 Website and product analytics

On antinude.io and the customer dashboard, we use first-party cookies and similar technologies for authentication, security (CSRF tokens, rate limiting), and aggregated usage analytics. We do not run third-party advertising trackers and we do not sell visitor data. You can disable non-essential cookies in your browser; essential cookies cannot be disabled without breaking sign-in.

2.5 Communications

When you contact support@antinude.io, file a ticket, or join a webinar, we keep a record of the conversation so we can respond, train our support team, and improve the product.

We use the information described above only for the following purposes:

• Providing the Services — authenticating requests, returning classifications, surfacing dashboards, sending webhooks.
• Billing and quota enforcement — counting scans, applying rate limits, generating invoices.
• Security and abuse prevention — detecting credential stuffing, key leakage, automated abuse, and CSAM. See §6 for our zero-tolerance CSAM workflow.
• Product improvement — analyzing aggregate verdict distributions and latency to improve model thresholds and SDK performance. We do not use customer data to train upstream foundation models.
• Customer support — responding to questions and incidents.
• Legal compliance — responding to lawful requests and meeting our regulatory obligations.

If you are in the EEA, UK, or Switzerland, we process personal data under the following legal bases:

• Contract — to deliver the Services you (or your employer) have signed up for.
• Legitimate interests — to secure the Services, prevent abuse, debug, and improve the product. We balance these interests against your rights and offer an opt-out where required.
• Legal obligation — to comply with tax, accounting, and child-protection laws.
• Consent — for optional features like marketing emails. You can withdraw consent at any time.

We do not sell personal data. We share data only with a small number of vetted subprocessors that help us run the Services. The current list, with the data each one receives, is published at antinude.io/security and includes, at the time of this writing:

• Amazon Web Services (US, EU) — primary infrastructure: compute, storage, networking.
• Cloudflare — DDoS protection, edge caching for static assets.
• Stripe — payment processing; receives billing details directly from your browser.
• Postmark — transactional email (receipts, alerts).
• Linear and Notion — internal ticketing and documentation; may receive support-conversation content.

We require every subprocessor to sign a Data Processing Addendum with confidentiality, security, and sub-processing obligations at least as strict as ours. We notify customers at least 30 days before adding a new subprocessor that processes personal data, and customers may object during that window.

AntiNude has a zero-tolerance policy for child sexual abuse material (CSAM). The on-device detector does not attempt to classify CSAM specifically — it identifies adult nudity. If our backend later observes a pattern of telemetry suggestive of CSAM usage (e.g. abuse signals tied to an account):

• We report the incident to the National Center for Missing & Exploited Children (NCMEC) and any other authority required by applicable law.
• We share the minimum metadata required by law (account identifier, telemetry timestamps); we do not receive or store the underlying image (the SDK runs on-device).
• We may suspend the offending account and preserve relevant records as required by law.

This is the one circumstance in which we will override customer confidentiality. We document each report internally and review the process annually with outside counsel.

AntiNude operates infrastructure in the United States and the European Union. EU and UK customer data is processed in the EU by default; you can request US-only or EU-only residency in your project settings. When we transfer personal data out of the EEA, UK, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and supplementary measures (encryption in transit and at rest, key management in-region) as required by Schrems II case law.

• Account data — retained while your account is active, then deleted within 90 days of account closure (longer if law requires).
• Telemetry events — retained for 13 months in identifiable form for billing and abuse review, then aggregated.
• Hosted Cloud API inputs — n/a today (no such endpoint exists). When the Hosted Cloud API ships, inputs will be deleted immediately after the response (zero retention).
• Support tickets — retained for 24 months from the last message in the thread.
• Billing records — retained for 7 years to meet tax and accounting requirements.

Depending on where you live, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your data (subject to legal retention obligations).
• Receive your data in a portable format.
• Restrict or object to certain processing.
• Withdraw consent for processing that relies on consent.
• Lodge a complaint with a supervisory authority (e.g. your national data-protection regulator).

California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and limit the use of sensitive personal information, and the right to not be discriminated against for exercising those rights. We do not “sell” or “share” personal information as those terms are defined under the CCPA/CPRA.

To exercise any of these rights, email privacy@antinude.io. We will verify your identity and respond within 30 days (45 days for complex requests, with notice).

End users: if you are interacting with an application that embeds our SDK and you wish to exercise these rights, please contact that application’s operator first — they are the controller of your data. We will assist them in fulfilling your request.

We treat security as a first-class product feature. Highlights:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Single sign-on (SAML and OIDC) for enterprise customers.
• Hardware-backed keys for production database access; no shared admin passwords.
• A public security disclosure program at security@antinude.io.

No system is perfectly secure. If we learn of a personal-data breach that affects you, we will notify affected customers and (where required) regulators within 72 hours.

The Services are intended for businesses and developers. They are not directed to children under 16 and we do not knowingly collect personal data from children under 16. If you believe a child has provided us with data, please contact privacy@antinude.io and we will delete it.

Imagery and video depicting minors. Customers may not use the Services to classify images or video depicting identifiable minors outside of a legitimate child-safety, parental-control, or law-enforcement context. Where the application’s user flow can plausibly include images of minors (for example, user-generated content, camera-roll scanning, or social features), the customer is responsible for implementing their own gating before invoking the SDK. The SDK does not perform age estimation — it identifies adult nudity. This requirement is reflected in §3 of our Terms of Service.

The SDK’s output is a classification that the embedding application uses to make its own decisions (e.g. blur, block, queue for review). AntiNude itself does not make legal or similarly significant decisions about end users solely by automated means. Customers integrating our Services are responsible for any high-impact decisions they take based on our output and should provide human review where the law requires it.

We will update this page when our practices change. The “Last updated” date at the top reflects the most recent revision. For material changes, we will notify account owners by email at least 30 days before the change takes effect.

Privacy questions, data-subject requests, and complaints can be sent to:

• General privacy: privacy@antinude.io
• Security disclosures: security@antinude.io
• Customer support: support@antinude.io

You can also reach our Data Protection Officer at dpo@antinude.io. Our EU representative under Article 27 GDPR is listed in our Data Processing Addendum.