Privacy Policy

How Image Trust Protocol handles data for integrators and the requests they send.

Effective: May 2, 2026. Operator: Skydata.1 LLC, Colorado, USA.

Who this covers

Image Trust Protocol ("the Service") is a business-to-business verification API. Our direct users are integrators (AI agent developers, browser extension publishers, content-provenance vendors, fact-check platforms) who consume the API on behalf of their own end users. We do not operate end-user accounts. We do not collect personal information from the public.

Integrator accounts and API keys are issued by sapph1re's MCP Billing Gateway, which acts as our authentication and billing layer. References to "you" in this policy mean the integrator organization or the individual signing up on its behalf.

What we collect

From integrators

Account identifiers issued by sapph1re's MCP Billing Gateway (an integrator ID and an API key). We do not see your billing details; sapph1re handles those.
Per-call telemetry on each API request: endpoint called, perceptual hash of the queried image, match quality, response status code, request duration, and timestamp. This telemetry is associated with your integrator ID and retained for 90 days.

From requests

Image bytes. When you send an image to /v1/lookup/image, we compute a 64-bit perceptual hash and discard the original bytes. We do not store, cache, or forward original image content.
Claim text. When you query /v1/lookup/claim, the text is run against our fact-check corpus. The text itself is not stored beyond the standard 90-day request log.
Source URLs. URLs published in our public corpus (links to fact-check articles, source pages) are stored indefinitely as part of the corpus, because they are public records authored by the originating publishers.

What we do not collect

We do not store original image bytes.
We do not maintain end-user accounts, profiles, or identifiers.
We do not set tracking cookies on the marketing site (imagetrustprotocol.world). The marketing site is static and does not use analytics scripts.
We do not collect biometric data, location data, or device identifiers from end users.

How we use what we collect

Operate the service. Per-call telemetry lets us debug failures, monitor pipeline health, and answer integrator support questions about specific request IDs.
Bill for usage. Sapph1re's MCP Billing Gateway meters calls per integrator and processes payment. We share aggregated counts with sapph1re for that purpose.
Maintain corpus integrity. Source URLs and publisher metadata in the corpus are kept so that every verdict we return carries attribution back to the original fact-check article.

We do not use request data to train models. We do not sell or rent data to anyone.

Who we share data with

The Service runs on a small set of vendors. Each one receives only the data it needs to perform its function.

Vendor	Purpose	Data they see
Sapph1re (MCP Billing Gateway)	API key issuance, authentication, metering, payment processing	Integrator account info, per-call counts, your billing details
Stripe	Card payment processing (sub-processed via sapph1re)	Card data, billing address (handled directly by Stripe under their privacy terms)
Coinbase Base network	USDC stablecoin payments via the x402 protocol	On-chain transaction data (public by nature of the blockchain)
Anthropic	LLM-based translation of foreign-language claim text in our corpus	Claim text being translated (processed under Anthropic's API terms; not used by Anthropic for training per their commercial terms)
Google Fact Check Tools API	Real-time fallback when a claim is not in our cached corpus	The claim text being looked up
Neon	Managed Postgres database (AWS us-east-1)	Corpus records, integrator accounts, request logs
Railway	API hosting	Request and response data in transit
Vercel	Marketing site hosting (imagetrustprotocol.world)	Standard web request metadata for the static site

We do not share data with advertisers, data brokers, or third-party analytics services. We do not sell data.

About the public corpus

Our verification corpus aggregates public fact-check records from sources including Data Commons (operated by Google), MediaVault (stewarded by Maldita and Full Fact), and the Google Fact Check Tools API. The records are authored by IFCN signatories and other credentialed fact-check organizations. We aggregate them with the original publisher attribution preserved on every API response.

If you are a publisher whose record appears in the corpus and you want a correction or removal, contact us at the address below. We forward correction requests to the original aggregating source where appropriate.

How long we keep data

Per-call request logs: 90 days, then deleted.
Integrator account records: kept while your account is active and for the period sapph1re's billing terms require for invoice and tax records.
Corpus records: kept indefinitely, because they consist of public information published by fact-check organizations.
Original image bytes: not retained at any stage.

Security

All API traffic uses TLS in transit.
The database is encrypted at rest by Neon (AWS-managed).
API keys are issued and validated by sapph1re's gateway. Our backend additionally requires a shared-secret header from the gateway, validated via constant-time comparison.
The API server is not directly internet-reachable; only sapph1re's gateway can call it.
No secrets, keys, or credentials are exposed in client-readable surfaces (the marketing site, the agent setup instructions, llms.txt).

No system is perfectly secure. If you believe you have found a vulnerability, please contact us at the address below.

Your rights

Integrators may request access to or deletion of the data associated with their integrator account by contacting us. Account-related data held by sapph1re (billing records, payment information) should be requested directly through sapph1re.

If you are in the European Union or United Kingdom

Under the GDPR and UK GDPR, you have rights of access, rectification, erasure, restriction, portability, and objection regarding personal data we hold about you. Because we operate a B2B API and do not knowingly process end-user personal data, the practical scope of these rights for our Service relates to integrator-account records.

If you are in California

Under the California Consumer Privacy Act (as amended by the CPRA), California residents have rights to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell personal information and do not share it for cross-context behavioral advertising.

If you are in Colorado

Under the Colorado Privacy Act, Colorado residents have rights similar to those in the GDPR and CCPA. Requests can be sent to the contact address below.

Children

The Service is a B2B API directed at integrators, not at children. It is not intended for use by anyone under 13, and we do not knowingly collect information from children.

International transfers

Our database is hosted in AWS us-east-1 (Virginia, USA). Vendors used by the Service may process data in other regions per their own infrastructure. By using the Service, integrators acknowledge that data may be transferred to and processed in the United States.

Updates to this policy

We may update this policy as the Service evolves. The effective date at the top of the page reflects the last revision. Material changes will be communicated to active integrators through the contact channel on file with sapph1re.

Contact

Privacy questions, data requests, and security reports: info@skydata.one.

Operator: Skydata.1 LLC, Colorado, USA.