Privacy Policy

Effective Date: 3 June 2025

1. Introduction

Deepfend Ltd ("Deepfend", "we", "our", or "us") operates the Deepfend application and associated services (the "Service"). Deepfend is a security and threat-detection platform that helps users verify the authenticity of digital content and identities, including the detection of deepfakes and manipulated media.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, who we share it with, and what rights you have over your data. Please read this policy carefully before using the Service.

By using Deepfend you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please discontinue use of the Service.


2. Data We Collect

2.1 Account and Contact Information

When you register for an account we collect:

  • Full name

  • Email address

  • Password (stored in hashed form — we never store your plaintext password)

2.2 Identity Verification Data

To verify your identity we use a third-party sub-processor, Sumsub (see Section 6). The following data is collected and processed by Sumsub on our behalf; it is not stored on Deepfend's own servers:

  • Government-issued identity documents (e.g. passport, national ID, driving licence)

  • Facial biometric data (face scan and/or liveness check)

  • Phone number (for SMS verification)

  • Selfie or other user-submitted photograph

Sumsub's handling of this data is governed by their own privacy policy and data processing agreement. We recommend reviewing Sumsub's documentation before completing identity verification.

2.3 Usage and Analytics Data

We automatically collect certain technical and usage data when you interact with the Service, including:

  • Device type, operating system, and app version

  • IP address and approximate location derived from it

  • Feature interactions, screen views, and session duration

  • Crash reports and diagnostic information

This data is collected via third-party analytics providers (see Section 6) and used in aggregated, anonymised form where possible.

2.4 Data You Provide Directly

You may also provide data when you:

  • Contact our support team

  • Submit feedback or report content

  • Participate in surveys or research


3. How We Use Your Data

We use the data we collect for the following purposes:

  • To create and manage your account

  • To verify your identity and prevent fraud

  • To provide and improve the Deepfend threat-detection and content-verification features

  • To communicate with you about your account, security alerts, and service updates

  • To respond to support enquiries

  • To analyse usage patterns and improve the Service

  • To comply with legal obligations

  • To enforce our Terms of Service

We process your data on the following legal bases (as applicable under GDPR and equivalent laws): (a) performance of a contract with you; (b) our legitimate interests in operating and improving the Service; (c) compliance with legal obligations; and (d) your consent, where we have requested it.


4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law or for the resolution of disputes.

Identity verification records held by Sumsub are subject to Sumsub's own retention policy, which may reflect regulatory requirements.

Usage and analytics data that has been aggregated and anonymised is not subject to deletion requests, as it can no longer be linked to you.


5. Data Sharing

We do not sell your personal data. We share data only in the circumstances described below.

5.1 Sub-processors and Service Providers

We work with carefully selected third-party companies who process data on our behalf. These companies are contractually bound to process data only on our instructions and to maintain appropriate security measures. They include:

  • Identity verification: Sumsub — handles government ID, biometrics, phone number, and selfie data

  • Cloud infrastructure and hosting: third-party cloud providers who store and process Service data

  • Analytics: providers who help us understand how the Service is used

5.2 Legal Requirements

We may disclose your data if required to do so by law, regulation, or valid legal process (e.g. court order or government request), or if we believe disclosure is necessary to protect the rights, property, or safety of Deepfend, our users, or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our assets, your data may be transferred to the successor entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.


6. Third-Party Services

The following third-party services may process your data as part of the Service:

  • Sumsub — identity verification sub-processor. Processes government ID documents, biometrics, selfies, and phone numbers.

  • AWS — store and process account data, content, and Service-related data on our behalf.

  • Amplitude — collect usage and diagnostic data to help us improve the Service.

Each of these providers operates under their own privacy documentation and is bound by a data processing agreement with Deepfend.


7. International Data Transfers

Deepfend operates globally and your data may be transferred to, stored in, or processed in countries outside your country of residence, including countries that may not provide the same level of data protection as your home country.

Where we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the relevant supervisory authority.


8. Security

We implement technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These include encryption in transit and at rest, access controls, and regular security assessments.

No system is completely secure. While we strive to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at support@deepfend.com.


9. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you

  • Correction — request correction of inaccurate or incomplete data

  • Deletion — request deletion of your personal data (see Section 10)

  • Portability — receive your data in a structured, machine-readable format

  • Restriction — ask us to restrict processing of your data in certain circumstances

  • Objection — object to processing based on our legitimate interests

  • Withdraw consent — where processing is based on consent, withdraw it at any time

Residents of California (CCPA), the European Union / UK (GDPR), and other jurisdictions with applicable privacy laws may have additional rights. We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, please contact us at support@deepfend.com. We will respond within the timeframe required by applicable law (ordinarily 30 days).


10. Deleting Your Data

You can request deletion of your personal data at any time. To do so:

  • Email us at support@deepfend.com with the subject line "Data Deletion Request"

  • Include the email address associated with your Deepfend account

We will process your request and delete (or permanently anonymise) your personal data within 30 days. We will confirm deletion by email once complete. Note that some data may be retained where required by law or for legitimate business purposes such as fraud prevention and dispute resolution.

Identity verification data held by our sub-processor Sumsub may be subject to separate deletion procedures. Please indicate in your request if you wish us to instruct Sumsub to delete your data as well.


11. Children's Privacy

The Service is not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at support@deepfend.com and we will delete it promptly.


12. Cookies and Tracking Technologies

Our mobile application does not use browser cookies. However, we and our third-party service providers may use similar tracking technologies (such as device identifiers and SDKs) to collect usage data as described in Section 2.3. You can limit ad tracking through your device's privacy settings.


13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via an in-app notification before the changes take effect. The "Effective Date" at the top of this page indicates when the policy was last revised. Continued use of the Service after the effective date constitutes acceptance of the updated policy.


14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact:

Deepfend Ltd
Email: support@deepfend.com
Website: https://deepfend.com
Subject line: "Privacy Enquiry"

If you are located in the EU or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.


© 2025 Deepfend Ltd. All rights reserved.

Join the Movement

Find out how you can get involved

© 2026 Deepfend Ltd. All Rights Reserved.

Join the Movement

Find out how you can get involved

© 2025 Deepfend.ai. All Rights Reserved.

Join the Movement

Find out how you can get involved

© 2026 Deepfend Ltd. All Rights Reserved.