Privacy Policy

Effective date: 1 May 2026. Last updated: 10 May 2026.

Who we are

Original Pictures is a product of Original Pictures Technologies, Inc. ("Original Pictures", "we", "our", "us"), incorporated in the United States.

We operate originalpictures.com and related subdomains (the "Service"). This Privacy Policy explains how we collect, use, and protect information when you use the Service.

Questions? Email us at [email protected].

What we collect

Account and contact information

When you sign up or join the waitlist we collect your email address, and optionally your name and company. We use this to communicate with you about the Service and to provision your account.

Usage data

We collect standard server logs: IP address, browser user-agent, pages visited, and API request timestamps. We use Google Tag Manager / Google Analytics for page analytics, and a business-visitor identification service (see the Cookies & tracking section) to recognize companies and contacts visiting our site.

Content you submit for signing or verification

When you submit a file to the Original Pictures API we compute a cryptographic hash of the file and attach a C2PA manifest. We do not store the raw bytes of your assets beyond the time needed to process the request. Manifest digests anchored to the Bitcoin blockchain contain only 32-byte Merkle roots; no personally identifiable information is anchored.

What we do not collect

We do not collect payment card numbers. Payments are processed by Stripe, which has its own Privacy Policy. We receive a Stripe customer ID and subscription status only. We do not store generation prompts or AI model parameters that may contain personal information.

How we use your information

  • To provide, operate, and improve the Service
  • To send transactional emails (account creation, API key delivery, billing receipts)
  • To send the optional monthly newsletter if you subscribed (one email per month; unsubscribe any time)
  • To detect and prevent abuse and security incidents
  • To meet legal obligations

We do not sell your data. We may use limited business-contact data for B2B marketing as described in the Cookies & tracking section below; you can opt out at any time.

Legal basis (GDPR)

If you are in the European Economic Area, our legal bases for processing are:

  • Contract: processing necessary to deliver the Service you signed up for
  • Legitimate interests: security monitoring, abuse prevention, aggregate analytics
  • Consent: newsletter subscription (you may withdraw at any time)
  • Legal obligation: where required by applicable law

Data retention

We retain account data for as long as your account is active. If you close your account we delete your personal data within 30 days, except where retention is required by law. Server logs are retained for 90 days. Blockchain-anchored Merkle roots are permanent by the nature of the Bitcoin blockchain but contain no personal data.

Sub-processors and data transfers

We use a limited number of third-party processors. The full list is at /sub-processors. Key processors:

Where data is transferred outside the EEA we rely on Standard Contractual Clauses or equivalent transfer mechanisms.

Your rights

Depending on your location you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Restrict or object to certain processing
  • Receive your data in a portable format
  • Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights email [email protected]. We will respond within 30 days.

Cookies & tracking

We use technically necessary cookies for authentication (session management via Clerk), analytics cookies (Google Tag Manager / Analytics), and a business-visitor identification service to recognize companies and contacts visiting our site. A cookie notice is shown on first visit.

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these email addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout. You also have the option to opt out of the collection of your personal data in compliance with GDPR by visiting https://www.rb2b.com/rb2b-gdpr-opt-out.

Security

We encrypt data in transit (TLS 1.3) and at rest. Signing keys are managed via AWS KMS and are never stored in application code. We run regular security scans and have a responsible disclosure policy at /security.

Children

The Service is not directed at children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately at [email protected].

Changes to this policy

We may update this policy from time to time. We will notify active users of material changes by email at least 14 days before they take effect. The effective date at the top of this page indicates when the current version was published.

Contact

Original Pictures Technologies, Inc.
Privacy inquiries: [email protected]
General contact: /contact
Website: originalpictures.com