Compliance & Privacy
What Verbitas records. What it doesn't.
Designed for data minimization. EU-only infrastructure. DPA template available.
What Verbitas stores
| Data class | Where stored | Notes |
|---|---|---|
| C2PA manifest | Verbitas (and optionally customer) | No asset bytes in the manifest |
| Original asset bytes | Customer — Verbitas does not receive them by default | Hash-only mode is default |
| Watermark IDs | Verbitas (opaque identifiers, not PII) | 96-bit opaque, not readable by humans |
| Soft-binding index | Verbitas (perceptual hashes, not asset bytes) | pHash, not the image |
| Signing private key | AWS KMS eu-central-1 (or customer KMS in BYOK) | Never on disk; HSM-backed |
| PII in manifests | Avoided by design | Creator field = org-level signer identity |
| Audit log | Verbitas append-only Postgres + S3 | Exportable; deletion on DSAR request |
| Meter events (billing) | Verbitas + Stripe | Operation type, timestamp, asset ID |
Infrastructure data residency
- Primary compute Hetzner FSN1 — Nuremberg, Germany
- Failover Hetzner HEL1 — Helsinki, Finland
- Both locations Within the EU/EEA
- AWS KMS eu-central-1 (Frankfurt) only
- Backup storage Wasabi (EU region)
GDPR & DSAR
Data Processing Agreement template is available for enterprise customers. Request via [email protected].
Data subject access requests (DSAR) must be submitted to [email protected]. We respond within 30 days. Manifest digest mappings are deleted on DSAR request; on-chain Merkle roots cannot be erased (opaque hash, no PII).
View sub-processors →Retention defaults
| Data type | Default retention | Configurable? |
|---|---|---|
| C2PA manifest | 365 days (Developer), 2555 days (Enterprise) | Yes, per recipe |
| Audit log | 90 days after cancellation | Yes, on Enterprise plans |
| Asset bytes (if stored) | 30 days | Yes, configurable TTL |
| Soft-binding index | Lifetime of account | No |
GDPR-aligned by design.
EU infrastructure. Data minimization. DPA available. 30-day enterprise trial.