Privacy

Last updated June 26, 2026

ChronoVerify is built so that verifying a photo does not mean handing over the photo. Images you check are processed in memory, then discarded. They are not written to disk, not logged, and not shared. This page explains exactly what happens to a photo you submit and what little data we keep to run the service.

What happens to a photo you verify

• The image is read into memory, analyzed, and released when the response is sent. It is not written to disk, not saved to a database, and not written to any log.
• When you verify by URL, the fetched image is handled the same way and discarded after analysis.
• Your image is never used to train any model. The verdict pipeline is deterministic and does not send your image to a language model.

What we keep, and why

• For the free public verifier: a single per-day count of how many checks ran. It carries no image, no result detail, and nothing that identifies you. It exists only to watch load and abuse.
• For API keys: the email you provide (for receipts and key recovery), the key itself, a running usage count, and your prepaid credit balance. This is the minimum needed to operate billing.
• A verdict includes a SHA-256 and SHA-512 fingerprint of the exact file you submitted. The fingerprint is returned to you so you can re-check the file yourself. We do not keep a record linking that fingerprint to you.

Payments

Card payments are handled by Stripe. We never see or store full card numbers. Stripe's own privacy terms govern that data.

Cookies and tracking

• The site sets no advertising or cross-site tracking cookies. If we measure traffic, we use a cookieless, privacy-respecting method.
• The dashboard stores your API key in your own browser so you do not have to paste it on each visit. It stays in your browser and is only sent in the authenticated API calls you make.

Transport and infrastructure

• Traffic is served over HTTPS. Cloudflare sits in front of the service and terminates TLS at its edge, which is standard for a site behind a content delivery network.
• The service runs on Render. Operational backups cover the billing database (keys, usage, balances). They do not cover your images, which are never stored in the first place.

What we do not claim

ChronoVerify is an independent product and does not currently hold SOC 2 or ISO 27001 certification. We state that plainly rather than imply an audit we have not completed. If you need a formal data processing agreement for a vertical pilot, contact us.

Contact

Questions about privacy, or a data request: support@chronoverify.com.