What Original Pictures records. What it doesn't.

Designed for data minimization. EU-only infrastructure. DPA template available.

What Original Pictures stores

Data class Where stored Notes
C2PA manifest Original Pictures (and optionally customer) No asset bytes in the manifest
Original asset bytes Customer — Original Pictures does not receive them by default Hash-only mode is default
Watermark IDs Original Pictures (opaque identifiers, not PII) 96-bit opaque, not readable by humans
Soft-binding index Original Pictures (perceptual hashes, not asset bytes) pHash, not the image
Signing private key AWS KMS eu-central-1 (or customer KMS in BYOK) Never on disk; HSM-backed
PII in manifests Avoided by design Creator field = org-level signer identity
Audit log Original Pictures append-only Postgres + S3 Exportable; deletion on DSAR request
Meter events (billing) Original Pictures + Stripe Operation type, timestamp, asset ID

Infrastructure data residency

  • Primary compute Hetzner FSN1 Nuremberg, Germany
  • Failover Hetzner HEL1 Helsinki, Finland
  • Both locations Within the EU/EEA
  • AWS KMS eu-central-1 (Frankfurt) only
  • Backup storage Wasabi (EU region)

GDPR & DSAR

Data Processing Agreement template is available for enterprise customers. Request via [email protected].

Data subject access requests (DSAR) must be submitted to [email protected]. We respond within 30 days. Manifest digest mappings are deleted on DSAR request; on-chain Merkle roots cannot be erased (opaque hash, no PII).

View sub-processors →

Retention defaults

Data type Default retention Configurable?
C2PA manifest 365 days (Developer), 2555 days (Enterprise) Yes, per recipe
Audit log 90 days after cancellation Yes, on Enterprise plans
Asset bytes (if stored) 30 days Yes, configurable TTL
Soft-binding index Lifetime of account No

GDPR-aligned by design.

EU infrastructure. Data minimization. DPA available. 30-day enterprise trial.