Privacy Policy

Last updated: March 21, 2026

Introduction

DeLeak.ai ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our content protection platform ("the Service"). Please read this policy carefully. By using the Service, you consent to the practices described herein.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, and password when you create an account
  • Creator Handles: Usernames and platform identifiers you register for monitoring
  • Content Data: Images, videos, and other content you upload for watermarking or fingerprinting
  • Payment Information: Billing details processed securely through Stripe (we do not store full credit card numbers)
  • Communications: Messages you send to our support team

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, scan history, and interaction patterns
  • Device Information: Browser type, operating system, device identifiers, and IP address
  • Cookies: Session cookies, authentication tokens, and analytics cookies

1.3 Information From Third Parties

  • OAuth Providers: Name and email from Google SSO if you choose to sign in with Google
  • Platform Data: Publicly available information from monitored platforms related to your content

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Scan platforms for unauthorized distribution of your content
  • Generate and submit DMCA takedown notices on your behalf
  • Apply steganographic watermarks to your content for leak tracing
  • Perform facial recognition matching to identify your content
  • Send notifications about scan results and DMCA updates
  • Process payments and manage subscriptions
  • Provide customer support
  • Analyze usage patterns to improve the Service
  • Comply with legal obligations

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your data in the following circumstances:

  • DMCA Submissions: When submitting takedown notices, your name and contact information may be included as required by law
  • Service Providers: Trusted third-party services that help us operate (Stripe for payments, Supabase for data storage, Cloudflare for CDN and security, Resend for email)
  • Legal Requirements: When required by law, regulation, legal process, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share your information

4. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL) and at rest, secure authentication mechanisms, regular security audits, and access controls limiting employee access to personal data. However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Scan results and DMCA records are retained for legal compliance purposes (minimum 3 years). When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law. Uploaded content used for fingerprinting is deleted within 30 days of account closure.

6. Your Rights (GDPR and Global Privacy)

Depending on your location, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data for certain purposes
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@deleak.ai. We will respond within 30 days. For EU/EEA residents, our legal basis for processing is contract performance (providing the Service), legitimate interest (improving the Service and preventing fraud), and consent (marketing communications).

7. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, for transfers of personal data from the EU/EEA.

8. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics Cookies: Help us understand how users interact with the Service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly.

10. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of your personal information. We do not sell personal information. To exercise your CCPA rights, contact us at privacy@deleak.ai.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. We may also send you an email notification for significant changes. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12. Data Processing Agreement

For business customers and agencies subject to GDPR, we offer a Data Processing Agreement (DPA) upon request. The DPA outlines our obligations as a data processor, including security measures, sub-processor management, and data breach notification procedures. Contact legal@deleak.ai to request a DPA.

13. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at:

DeLeak.ai

Email: privacy@deleak.ai

General: support@deleak.ai