EU AI Act Article 50 enforcement deadline: August 2, 2026 — Is your AI content compliant?
OpenCorpo

Privacy Policy

Last updated: 30 March 2026

1. Who We Are

OpenCorpo is a product of Klart AI SAS, a company incorporated under French law and based in Paris, France. We are the data controller for personal data collected through opencorpo.com and the OpenCorpo API. Contact: hello@opencorpo.com

2. Data We Collect

We collect the following categories of data:

Account data

Email address, name, and organization name when you create an account.

API usage data

Logs of API calls including timestamps, operation types, and success/failure status. No image content is stored in logs.

Payment data

Payment is processed by Stripe. We store only a customer reference ID — no card numbers or bank details.

Images submitted for processing

Images you submit via the API are processed to add C2PA metadata, watermarks, and fingerprints. Images are stored temporarily (for the retention period of your plan) then deleted. A perceptual hash (fingerprint) is retained indefinitely for verification purposes.

Analytics

We use privacy-friendly, cookieless analytics (no cross-site tracking, no personal data sent to third parties). We do not use Google Analytics.

3. How We Process Images

Images submitted via POST /v1/sign are:

  • Transmitted over TLS to our servers in AWS Frankfurt (EU-WEST-1)
  • Processed to embed C2PA metadata, LSB watermark, and perceptual hash
  • Stored for the retention period of your plan (30 days / 1 year / 3 years)
  • Permanently deleted after the retention period
  • Never used to train machine learning models
  • Never shared with third parties except as required to operate the service (AWS infrastructure)

A perceptual hash (fingerprint) of each image is stored indefinitely in our registry to enable future verification requests.

4. Data Storage Location

All data is stored and processed within the European Union — specifically in AWS Frankfurt (EU-WEST-1). We do not transfer personal data outside the EU/EEA.

5. Third Parties

  • AWS — Cloud infrastructure (EU-WEST-1). Covered by AWS GDPR Data Processing Agreement.
  • Stripe — Payment processing. Stripe is PCI-DSS compliant. We share only the information necessary to process your payment.

6. Your GDPR Rights

Under GDPR, you have the following rights:

  • Right of access — request a copy of your personal data
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your data (subject to legal retention requirements)
  • Right to portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing for specific purposes
  • Right to restriction — request restriction of processing in certain circumstances

To exercise these rights, contact hello@opencorpo.com. We will respond within 30 days.

7. Cookies

We use only essential cookies required for the service to function (session management, authentication). We do not use advertising cookies, tracking cookies, or third-party analytics cookies. Our analytics are cookieless and privacy-friendly.

8. Data Processing Agreement

A Data Processing Agreement (DPA) is available upon request for Professional, Business, and Enterprise customers. Contact hello@opencorpo.com to request a DPA.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification. The “last updated” date at the top reflects the most recent revision.