Privacy Policy

Introduction

This Privacy Policy describes how Tectra, operated by Tectra LLC ("we", "us", "our"), collects, uses, and protects your information when you use our platform, APIs, SDKs, browser extension, and related services (collectively, the "Service").

Data We Collect

Account Information

When you create an account, we collect your email address and organization name. This information is used for authentication, billing, and communication about the Service.

Content Records

When you sign content through Tectra, we store cryptographic data associated with your content: SHA-256 hashes, perceptual hashes (pHash), digital signatures, and metadata (timestamps, origin information, signing key identifiers). We do not store actual image or video content when you use the SDK or Docker Agent.

Usage Data

We collect basic usage metrics such as API call counts, signing and verification volumes, and error rates to monitor service health and enforce plan limits.

API & Cloud Processing

When you use the cloud API to sign content, files are uploaded, processed in memory to extract hashes and generate signatures, and then immediately discarded. File content is not persisted to disk or any long-term storage. Only the resulting cryptographic record is stored.

Browser Extension

The Tectra Verify browser extension sends images to our verification API when you choose to verify them. Images are processed in memory to compute hashes for verification and are not stored on our servers. The extension does not automatically collect or transmit any data without your explicit action.

Blockchain Records

Content hashes are permanently anchored on the Polygon blockchain as part of Merkle tree root transactions. Blockchain records are public and immutable - once published, they cannot be modified or deleted. These records contain only cryptographic hashes, not the content itself.

Third-Party Services

We use the following third-party services in the operation of Tectra:

• Stripe - Payment processing for subscriptions and billing. Stripe collects and processes payment information under their own privacy policy.
• Polygon - Public blockchain network used for immutable content hash anchoring.
• Resend - Transactional email delivery for account notifications, password resets, and usage alerts.

Cookies & Local Storage

Tectra uses minimal client-side storage. We store JSON Web Tokens (JWT) in localStorage for authentication. We do not use third-party tracking cookies or advertising pixels.

GDPR & Data Rights

If you are located in the European Economic Area, you have the right to access, correct, or request deletion of your personal data. Please note that blockchain records are immutable and cannot be deleted once anchored. To exercise your data rights, contact us at privacy@tectra.vision.

Data Retention

Account data (email, organization, API keys) is retained while your account is active and for a reasonable period afterward for legal and operational purposes. Content records (hashes, signatures, metadata) are retained indefinitely as part of the provenance record. Blockchain anchored records are permanent and immutable.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact

For privacy-related questions, data requests, or concerns, contact us at privacy@tectra.vision.