Privacy Policy

Privacy Policy for DeepXL API-First Anti-Fraud Detection

Privacy Policy

Last Updated: December 4, 2024

1. Introduction

DeepXL Corp ("we", "our", "us", or the "Controller") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our deepfake detection API and related services (collectively, the "Service").

DeepXL provides a business-to-business (B2B) service intended for professional and commercial use. While individuals may test the Service, they acknowledge that it is designed for business purposes, and any use of the Service is at the user's own risk and responsibility.

For users in Norway and the EU/EEA, DeepXL Corp acts as the data controller under the Norwegian Personal Data Act and the EU General Data Protection Regulation (GDPR). For users in the United States, this privacy policy is governed by US law.

2. Applicable Law and Jurisdiction

2.1 For Norwegian and EU/EEA Customers

This Privacy Policy is governed by Norwegian law, and any disputes shall be resolved by the Norwegian courts, with Oslo District Court as the agreed venue of first instance. However, a customer may also bring legal proceedings in the courts of your country of residence if required by mandatory consumer protection laws.

2.2 For US Customers

This Privacy Policy is governed by Delaware law, except where US state law mandates otherwise (such as the California Consumer Privacy Act for California residents). Any disputes shall be resolved in the state or federal courts of Delaware, except where local consumer protection laws require otherwise.

2.3 Business Service and User Responsibility

DeepXL's Service is designed and intended exclusively for business and professional use. While we recognize that individuals or businesses without a subscription plan and service level agreement may wish to test or explore the Service; such use is undertaken entirely at their own risk and responsibility. Any and all information submitted to the Service is provided at the user's sole discretion and responsibility, with the understanding that this is a business tool rather than a consumer service. Accordingly, consumer protection laws do not apply to the use of our Service as such.

Users bear complete responsibility for ensuring they have the proper rights and authority to submit any content or data to the Service. This includes obtaining all necessary consents and permissions before submitting any third-party information. The professional nature of our Service requires users to exercise appropriate judgment and due diligence in their use of the platform.

3. Information We Collect

For users in Norway and the EU/EEA, we process personal data based on the following legal grounds under Article 6 GDPR:

  • Consent (Art. 6(1)(a) GDPR): Where you have given explicit consent for specific purposes
  • Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to perform our contract with you
  • Legal Obligation (Art. 6(1)(c) GDPR): Processing necessary to comply with legal obligations
  • Legitimate Interests (Art. 6(1)(f) GDPR): Processing necessary for our legitimate interests, provided these interests are not overridden by your fundamental rights and freedoms

3.2 Information You Provide to Us

  • Account information (Legal basis: Contract Performance)
  • Technical support information (Legal basis: Legitimate Interests / Contract Performance)
  • User Content (Legal basis: Contract Performance)
  • Communication information (Legal basis: Legitimate Interests)

3.3 Information We Collect Automatically

  • Usage Information (Legal basis: Legitimate Interests)
  • Device Information (Legal basis: Legitimate Interests)
  • Log Information (Legal basis: Legitimate Interests)
  • API usage metrics

3.4 Information We Collect from Third Parties

We may collect information about you or your business’ customers from third parties based on legitimate interests or consent, as applicable.

4. Data Transfer and Storage

4.1 For Norwegian and EU/EEA Customers

Personal data is processed and stored in the EU/EEA or in countries with adequate data protection as determined by the European Commission. Any transfer of personal data outside the EU/EEA is conducted in accordance with Chapter V of the GDPR, using:

  • The EU-U.S. Data Privacy Framework and/or EU Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules, where applicable

4.2 For US Customers

Data is stored in US-based data centers.

Appropriate safeguards for data protection are implemented.

5. How We Share Your Information

We may share your information in the following situations:

  • With vendors, consultants, and other service providers who need access to such information to carry out work on our behalf
  • In response to a request for information if we believe disclosure is in accordance with any applicable law, regulation, or legal process
  • If we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property, and safety of DeepXL or others
  • In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company
  • Between and among DeepXL and our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership
  • With your consent or at your direction

6. Data Retention

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it.

7. Security

We implement robust security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: We use industry-standard encryption protocols (e.g., TLS) for data in transit and at rest.
  • Access Controls: We implement strict access controls and authentication procedures for our employees and contractors.
  • Regular Security Audits: We conduct regular security audits and vulnerability assessments of our systems.
  • Employee Training: Our staff undergoes regular privacy and security training.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

8. Consumers’ Rights and Choices

The Service is a business-to-business (B2B) service intended for professional and commercial use. While business customers handle requests from their customers (consumers), we still provide this information for consumers that may exercise their rights directly toward us.

8.1 Data Subject Requests

To exercise rights regarding personal information, please submit a request through our secure feedback form. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

8.2 California Privacy Rights

If the person in question is a California resident, specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) are applicable, including:

  • The right to know what personal information we collect about you and how we use and share it
  • The right to delete certain personal information we have collected
  • The right to correct inaccurate personal information
  • The right to opt-out of the sale of your personal information (note: DeepXL does not sell personal information as defined by the CCPA/CPRA)
  • The right to limit the use and disclosure of sensitive personal information

To exercise these rights, please use our data subject request process outlined above.

8.3 Do Not Track Signals

Some browsers offer a "Do Not Track" feature that signals to websites that you do not want to have your online activities tracked. Our Service does not currently respond to "Do Not Track" signals. However, you can usually choose to turn off online tracking through your browser settings.

9. Childrens’ Privacy

The Service is not directed to children under 18, and we do not knowingly collect personal information from children under 18. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information.

10. International Data Transfers

We are based in the United States and the EU, and the information we collect is governed by U.S. law, Norwegian law, EU/EEA law, and any other legally applicable law. By accessing or using the Service or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries, where you may not have the same rights as you do under local law.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (sent to the email address specified in your account) or by means of a notice on this website prior to the change becoming effective.

Our use of cookies and similar technologies is covered in our separate Cookie Policy.

Our Service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

14. Data Breach Notification

In the event of a data breach that affects personal information, we will notify the customer and the relevant supervisory authorities (where required) without undue delay. Our notification will include:

  • The nature of the personal data breach
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Contact information for our Data Protection Officer or other point of contact

We maintain a data breach response plan and regularly train our staff on breach detection and reporting procedures.

15. Additional Rights for Norwegian and EU/EEA Customers

Under Norwegian law and the EU/EEA GDPR regulation, consumers have the following additional rights:

  • Right to withdraw consent at any time
  • Right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet)
  • Right to object to processing based on legitimate interests
  • Right to restrict processing
  • Right to data portability

To exercise these rights, please contact our Data Protection Officer in the EU/EEA as outlined below.

16. Contact Us

For Norwegian and EU/EEA inquiries:

Klingenberggaten 7B 0161 Oslo Norway Email: eu-privacy@deepxl.ai

For US inquiries:

DeepXL Corp Data Protection Officer 1007 Orange St, Wilmington, DE 19801 United States Phone: +1 6506956860 Email: privacy@deepxl.ai

By using our Service, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.