Privacy Policy

Last Updated: November 28, 2025

1. Introduction

NudeLockr ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our content protection platform.

Privacy-First Promise: We DO NOT store your original full-resolution nude content. Only low-resolution thumbnails (300x300px) and cryptographic fingerprints are retained for service functionality.

2. Information We Collect

2.1 Account Information

  • Email address (required for login and notifications)
  • Name (optional, for DMCA takedown notices)
  • Password (hashed and encrypted, we never see your plain-text password)
  • OAuth data (if you sign up via Google)

2.2 Content Data (What We DO and DON'T Store)

What We STORE:

  • Thumbnails: 300x300px low-resolution previews for dashboard display (~40KB per file)
  • Perceptual hashes: Cryptographic fingerprints for content identification (64-character strings)
  • Watermark IDs: Unique identifiers embedded in your content
  • NudeLockr IDs: Cryptographic proof of ownership for Certificates of Authenticity
  • File metadata: Original filename, file size, upload date, MIME type

What We DON'T STORE:

  • Your original full-resolution files (deleted immediately after processing)
  • Any sensitive adult content beyond thumbnails

2.3 Trace Checker Data

  • Files uploaded for watermark extraction (processed in-memory, not stored)
  • Extracted watermark IDs and match results
  • Timestamps of trace checks performed

2.4 Usage Data

  • IP addresses (for security and fraud prevention)
  • Browser type and device information
  • Pages visited and features used
  • Error logs and performance metrics

2.5 Payment Information

  • Processed securely by Stripe (we never see your full card details)
  • We store: subscription status, plan type, billing date
  • Stripe stores: payment methods, transaction history

2.6 Identity Verification Data (Optional Feature)

What We STORE:

  • Verification status (verified/not verified)
  • Date and time of successful verification
  • Stripe Identity session ID (for reference only)

What We DON'T STORE:

  • Government-issued ID documents or images
  • ID numbers (driver's license, passport, etc.)
  • Selfie photos or biometric data
  • Any sensitive identity information

Identity verification is processed entirely by Stripe Identity. NudeLockr never sees, accesses, or stores your ID documents. Stripe only tells us whether verification passed or failed—nothing more.

3. How We Use Your Information

  • Service Delivery: Process uploads, generate watermarks, create certificates
  • Authentication: Verify your identity and secure your account
  • Notifications: Alert you of important account activity
  • DMCA Support: Auto-fill takedown notices with your information
  • Billing: Process subscriptions and send payment receipts
  • Improvement: Analyze usage patterns to improve the platform (anonymized data)
  • Security: Detect fraud, abuse, and unauthorized access

4. Third-Party Services

We share limited data with trusted third-party services to deliver our features:

Supabase (Database & Authentication)

Stores: Account data, metadata, certificates

Privacy Policy: supabase.com/privacy

Cloudinary (Image Storage)

Stores: 300x300px thumbnails only (NOT full-resolution files)

Privacy Policy: cloudinary.com/privacy

Forensic Watermarking Provider

Processes: Embeds invisible watermarks, extracts watermarks from files

Data Shared: Your uploaded files (processed in-memory, not stored by provider)

Stripe (Payment Processing)

Processes: Card payments, subscription billing

Privacy Policy: stripe.com/privacy

Stripe Identity (Optional Identity Verification)

Processes: Government ID verification, selfie matching (for paid subscribers only)

Data Shared: Your ID documents are processed directly by Stripe—NudeLockr never sees them

What We Receive: Only verification status (pass/fail) and timestamp

Privacy Policy: stripe.com/privacy

5. Data Retention

  • Active accounts: Thumbnails, fingerprints, and certificates stored indefinitely while you use the service
  • After cancellation: Data retained for 30 days, then deleted (or immediately upon request)
  • Legal holds: Data may be retained longer if required by law or active DMCA disputes
  • Backups: Encrypted backups deleted within 90 days

6. Your Privacy Rights

You have the right to:

  • Access: Request a copy of all data we store about you
  • Deletion: Request permanent deletion of your account and all associated data
  • Correction: Update or correct your personal information
  • Portability: Export your data in machine-readable format (JSON)
  • Opt-Out: Unsubscribe from marketing emails (security alerts always sent)

To exercise these rights, email hello@nudelockr.com with your account email.

7. Security Measures

  • End-to-end HTTPS encryption for all data transmission
  • Database encryption at rest (AES-256)
  • Password hashing with bcrypt
  • Two-factor authentication available (optional)
  • Regular security audits and penetration testing
  • Limited employee access to sensitive data (logged and monitored)

8. Cookies and Tracking

We use cookies for:

  • Essential cookies: Authentication, session management (required for service)
  • Analytics cookies: Anonymized usage statistics
  • No advertising cookies: We do not sell your data or show ads

You can disable non-essential cookies in your browser settings.

9. Children's Privacy

NudeLockr is intended for users 18 years and older. We do not knowingly collect data from minors. If we discover a minor has created an account, it will be terminated immediately.

10. International Users (GDPR Compliance)

For users in the European Union:

  • Legal basis for processing: Consent and contract performance
  • Data controller: NudeLockr (contact: hello@nudelockr.com)
  • Data transfers: We use EU-approved standard contractual clauses for non-EU services
  • Right to lodge complaint with your local data protection authority

11. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected and how it's used
  • Right to delete personal information (with exceptions for legal obligations)
  • Right to opt-out of sale (we do NOT sell your data)
  • Right to non-discrimination for exercising privacy rights

12. Data Breach Notification

In the unlikely event of a data breach, we will notify affected users within 72 hours via email and provide details on what data was compromised and steps we're taking to remediate.

13. Changes to Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be emailed to all users 30 days in advance. Continued use after changes constitutes acceptance.

14. Contact Us

For privacy questions, data requests, or concerns:

Email: hello@nudelockr.com
Website: nudelockr.com

Summary: Your privacy matters. We only store what's necessary (thumbnails, fingerprints, certificates), delete your full files immediately, encrypt everything, and never sell your data. You have full control to access, export, or delete your information at any time.