Privacy Policy
Effective Date: 3 June 2025
1. Introduction
Deepfend Ltd ("Deepfend", "we", "our", or "us") operates the Deepfend application and associated services (the "Service"). Deepfend is a security and threat-detection platform that helps users verify the authenticity of digital content and identities, including the detection of deepfakes and manipulated media.
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, who we share it with, and what rights you have over your data. Please read this policy carefully before using the Service.
By using Deepfend you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please discontinue use of the Service.
2. Data We Collect
2.1 Account and Contact Information
When you register for an account we collect:
Full name
Email address
Password (stored in hashed form — we never store your plaintext password)
2.2 Identity Verification Data
To verify your identity we use a third-party sub-processor, Sumsub (see Section 6). The following data is collected and processed by Sumsub on our behalf; it is not stored on Deepfend's own servers:
Government-issued identity documents (e.g. passport, national ID, driving licence)
Facial biometric data (face scan and/or liveness check)
Phone number (for SMS verification)
Selfie or other user-submitted photograph
Sumsub's handling of this data is governed by their own privacy policy and data processing agreement. We recommend reviewing Sumsub's documentation before completing identity verification.
2.3 Usage and Analytics Data
We automatically collect certain technical and usage data when you interact with the Service, including:
Device type, operating system, and app version
IP address and approximate location derived from it
Feature interactions, screen views, and session duration
Crash reports and diagnostic information
This data is collected via third-party analytics providers (see Section 6) and used in aggregated, anonymised form where possible.
2.4 Data You Provide Directly
You may also provide data when you:
Contact our support team
Submit feedback or report content
Participate in surveys or research
3. How We Use Your Data
We use the data we collect for the following purposes:
To create and manage your account
To verify your identity and prevent fraud
To provide and improve the Deepfend threat-detection and content-verification features
To communicate with you about your account, security alerts, and service updates
To respond to support enquiries
To analyse usage patterns and improve the Service
To comply with legal obligations
To enforce our Terms of Service
We process your data on the following legal bases (as applicable under GDPR and equivalent laws): (a) performance of a contract with you; (b) our legitimate interests in operating and improving the Service; (c) compliance with legal obligations; and (d) your consent, where we have requested it.
4. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law or for the resolution of disputes.
Identity verification records held by Sumsub are subject to Sumsub's own retention policy, which may reflect regulatory requirements.
Usage and analytics data that has been aggregated and anonymised is not subject to deletion requests, as it can no longer be linked to you.
5. Data Sharing
We do not sell your personal data. We share data only in the circumstances described below.
5.1 Sub-processors and Service Providers
We work with carefully selected third-party companies who process data on our behalf. These companies are contractually bound to process data only on our instructions and to maintain appropriate security measures. They include:
Identity verification: Sumsub — handles government ID, biometrics, phone number, and selfie data
Cloud infrastructure and hosting: third-party cloud providers who store and process Service data
Analytics: providers who help us understand how the Service is used
5.2 Legal Requirements
We may disclose your data if required to do so by law, regulation, or valid legal process (e.g. court order or government request), or if we believe disclosure is necessary to protect the rights, property, or safety of Deepfend, our users, or the public.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of all or part of our assets, your data may be transferred to the successor entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.
6. Third-Party Services
The following third-party services may process your data as part of the Service:
Sumsub — identity verification sub-processor. Processes government ID documents, biometrics, selfies, and phone numbers.
AWS — store and process account data, content, and Service-related data on our behalf.
Amplitude — collect usage and diagnostic data to help us improve the Service.
Each of these providers operates under their own privacy documentation and is bound by a data processing agreement with Deepfend.
7. International Data Transfers
Deepfend operates globally and your data may be transferred to, stored in, or processed in countries outside your country of residence, including countries that may not provide the same level of data protection as your home country.
Where we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the relevant supervisory authority.
8. Security
We implement technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These include encryption in transit and at rest, access controls, and regular security assessments.
No system is completely secure. While we strive to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at support@deepfend.com.
9. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal data:
Access — request a copy of the data we hold about you
Correction — request correction of inaccurate or incomplete data
Deletion — request deletion of your personal data (see Section 10)
Portability — receive your data in a structured, machine-readable format
Restriction — ask us to restrict processing of your data in certain circumstances
Objection — object to processing based on our legitimate interests
Withdraw consent — where processing is based on consent, withdraw it at any time
Residents of California (CCPA), the European Union / UK (GDPR), and other jurisdictions with applicable privacy laws may have additional rights. We will not discriminate against you for exercising any of your privacy rights.
To exercise any of these rights, please contact us at support@deepfend.com. We will respond within the timeframe required by applicable law (ordinarily 30 days).
10. Deleting Your Data
You can request deletion of your personal data at any time. To do so:
Email us at
support@deepfend.comwith the subject line "Data Deletion Request"Include the email address associated with your Deepfend account
We will process your request and delete (or permanently anonymise) your personal data within 30 days. We will confirm deletion by email once complete. Note that some data may be retained where required by law or for legitimate business purposes such as fraud prevention and dispute resolution.
Identity verification data held by our sub-processor Sumsub may be subject to separate deletion procedures. Please indicate in your request if you wish us to instruct Sumsub to delete your data as well.
11. Children's Privacy
The Service is not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at support@deepfend.com and we will delete it promptly.
12. Cookies and Tracking Technologies
Our mobile application does not use browser cookies. However, we and our third-party service providers may use similar tracking technologies (such as device identifiers and SDKs) to collect usage data as described in Section 2.3. You can limit ad tracking through your device's privacy settings.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via an in-app notification before the changes take effect. The "Effective Date" at the top of this page indicates when the policy was last revised. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact:
Deepfend Ltd
Email: support@deepfend.com
Website: https://deepfend.com
Subject line: "Privacy Enquiry"
If you are located in the EU or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
© 2025 Deepfend Ltd. All rights reserved.
