Privacy Policy

1. Who this applies to

This policy applies to visitors of our website, registered users, and anyone who uses our APIs or dashboard. If you use TamperCheck on behalf of an organization, you confirm you are authorized to accept this policy for that organization.

2. Documents you submit for analysis

Core commitment. TamperCheck is built so that uploaded documents are analyzed in memory for the purpose of producing a result, and are not retained for training, marketing, or unrelated purposes. We do not use your documents to train public models. In typical operation, document bytes exist only for the duration of the analysis job in working memory; we do not operate a customer document archive for re-download, resale, or batch analytics.

Operational reality. Like any file upload service, transient storage, logs, backups, or infrastructure diagnostics outside our direct control could theoretically retain fragments for a short time. We apply technical and organizational measures to keep this window as small as practicable and to limit access. If you need contractual commitments for your industry, contact us.

3. Information we collect

• Account and identity. When you sign in (for example via our identity provider), we receive profile details such as email and name as needed to operate your account.
• API keys. We store API key records (including secure hashes or prefixes) so you can authenticate requests, rotate keys, and revoke access. Treat API keys like passwords: anyone with a key may use your quota and access features tied to your account.
• Usage and billing metadata. We process information needed to run the service: request timestamps, job identifiers, verdict summaries, error codes, wallet balance changes, and similar operational data. This helps with reliability, abuse prevention, and invoicing.
• Payment information. Payments are handled by our payment processor (for example Stripe). We do not store full payment card numbers on TamperCheck systems; payment data is subject to the processor’s privacy policy.
• Support and communications. If you email support or contact us, we keep those messages as needed to resolve your request.

4. AI providers and your credentials

Where analysis uses third-party AI models, usage may be processed by those providers according to their terms and privacy policies.

Without your own key. If you have not connected provider credentials, TamperCheck routes your document through its own managed AI configuration. Your document content is subject to the privacy practices of that provider, but TamperCheck does not share your account information or credentials with them.

Bring your own key (BYOK). If you connect your own provider credentials, those credentials are stored encrypted and used only to perform the analysis you request, in line with your configuration. The data sent to your chosen provider is governed by that provider's privacy policy.

5. How we use information

We use the categories above to:

• Provide, secure, and improve the service;
• Authenticate API requests and prevent abuse;
• Process payments and maintain billing records;
• Comply with law and respond to lawful requests;
• Communicate with you about the service, incidents, or policy updates.

6. Security

We implement administrative, technical, and physical safeguards appropriate to the nature of the data we process. No method of transmission or storage is 100% secure; we work to reduce risk and to respond quickly if something goes wrong.

7. Retention

We retain account, billing, and operational records for as long as your account is active and as needed for legal, tax, and dispute resolution purposes. Document content is not retained for model training as described in Section 2. Specific retention for other categories may vary by subsystem and legal requirement.

8. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or export personal data, or to object to certain processing. If you are in Singapore, the PDPA may give you specific rights in relation to your personal data. To exercise applicable rights, contact us at tina@tampercheck.ai. We may need to verify your request. You can also revoke API keys and close your account from the dashboard where available.

9. International transfers

Where the laws of Singapore apply (including the Personal Data Protection Act 2012 (PDPA) for individuals in Singapore), we aim to handle personal data in line with those requirements.

We may process data in Singapore and in other countries where we or our subprocessors operate. Where cross-border transfers are required, we use appropriate safeguards consistent with applicable law.

10. Children

The service is not directed at children under 16, and we do not knowingly collect personal information from them.

11. Changes

We may update this policy from time to time. We will post the revised version on this page and update the “Last updated" date. Material changes may be communicated by email or in-product notice where appropriate.

12. Contact

Questions about this policy: tina@tampercheck.ai