Privacy Policy

How we handle your data — and everyone else's.

Effective Date: March 28, 2026 · Last Updated: March 28, 2026

  TL;DR: We collect minimal data. We don't sell your information. Face detection runs entirely in your browser — we never see it. All public data displayed comes from government and open-source feeds. We use cookies only for authentication.

1. Who We Are

Deep Seer ("we", "us", "our") operates the Deep Seer geospatial intelligence platform at deepseer.io. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Email address — for account identification and communication
Password — stored as a bcrypt hash (12 rounds); we never store plaintext passwords
Subscription tier — Free, Pro, or Enterprise

We do not collect your name, phone number, physical address, or government ID unless you voluntarily include it in investigation content.

2.2 Usage Data

We collect anonymous, cookieless usage analytics via navigator.sendBeacon:

Page views (which features are used)
Layer toggles (which data feeds are popular)
Workflow starts (investigation creation, analysis runs)

This data contains no personally identifiable information (PII), no IP addresses, and no third-party tracking pixels. We do not use Google Analytics, Facebook Pixel, or any advertising trackers.

2.3 Investigation Content

When you use the investigation workspace, we store:

Investigation names, notes, and annotations
Evidence records (text, URLs, metadata, file attachments)
Incident markers and timeline events
Pinned entity references

This data is stored in our PostgreSQL database and is accessible only to you (and team members you explicitly invite). We do not access, review, or analyze your investigation content except as necessary to provide the Service or comply with valid legal process.

2.4 AI Interactions

When you use AI features (chat, analysis, briefings, reports), your prompts and the AI's responses are:

Sent to Anthropic's Claude API for processing
Stored in our database for your session history and retrieval
Subject to Anthropic's Privacy Policy

Anthropic does not use your prompts to train their models when accessed via the API.

2.5 Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or bank account details. We receive only: Stripe customer ID, subscription status, and billing period dates. See Stripe's Privacy Policy.

3. Information We Do NOT Collect

  We explicitly do NOT collect:
  Facial recognition data (processed entirely in your browser)
Biometric data of any kind
Location tracking of your device (only your globe camera position)
Browsing history outside the Service
Contact lists or social graph data
Advertising identifiers

4. Face Detection & Biometric Data

Important: Face detection and matching features run entirely in your web browser using face-api.js. No facial images, embeddings, descriptors, or biometric data are ever transmitted to our servers. The reference gallery you build is stored only in your browser's memory and is cleared when you close the tab.

These features require explicit user consent via an ethics gate before activation. You are responsible for ensuring your use complies with applicable biometric privacy laws (BIPA, GDPR Article 9, CCPA, etc.).

5. Public Data Sources

Deep Seer aggregates data from 90+ publicly available sources. This data is not "collected" by us — we relay it from government agencies and open data providers. Key sources and their data policies:

Source	Data Type	License / Terms
USGS	Earthquakes, water data	Public domain (US Gov)
NOAA / NWS	Weather, climate	Public domain (US Gov)
NASA	Wildfires, nightlights, imagery	Public domain (US Gov)
EPA	Pollution, facilities, enforcement	Public domain (US Gov)
FEC	Campaign finance	Public domain (US Gov)
SEC	Corporate filings	Public domain (US Gov)
OpenSky Network	Commercial flights	Open data
adsb.lol	Military aircraft	ODbL license
AISStream.io	Maritime vessels	Free API with key
GDELT	Global news events	Open data
ACLED	Armed conflicts, protests	Free for research/media
ICIJ	Offshore leaks	Open data
OpenStreetMap	Buildings, infrastructure	ODbL license
CelesTrak	Satellite positions	Open data

For a full list of data sources, see our Features page.

6. How We Use Your Information

We use collected information to:

Provide and maintain the Service
Authenticate your account and manage subscriptions
Process AI requests via Anthropic's API
Store your investigations, evidence, and analysis results
Send transactional emails (account verification, password reset, payment receipts)
Improve the Service based on anonymous usage patterns
Comply with legal obligations

We do NOT use your information for advertising, profiling, or sale to third parties.

7. Data Sharing

We share your data only with:

Anthropic — AI prompts and responses (subject to their API data policy: no training on API data)
Stripe — Payment processing (Stripe handles all financial data)
Sentry — Error tracking (crash reports with no PII)
Render — Cloud hosting provider (data stored in US-West region)

We do not sell, rent, or trade your personal information to any third party.

8. Cookies

We use only essential cookies:

kokoro_refresh — HttpOnly, Secure, SameSite=Strict refresh token for authentication. Expires in 7 days.

We do not use tracking cookies, advertising cookies, or third-party cookie services. No cookie consent banner is required because we only use strictly necessary cookies.

9. Data Security

We implement industry-standard security measures:

Encryption in transit — TLS 1.3 for all connections
Password hashing — bcrypt with 12 salt rounds
Token security — Short-lived JWTs (15 min) with refresh token rotation and family-based revocation detection
CSP headers — Nonce-based Content Security Policy
Rate limiting — Per-user, per-endpoint rate limiting with tier-based quotas
Evidence integrity — SHA-256 hashing, HMAC-SHA256 signing, optional RFC 3161 timestamping
Source encryption — Pseudonymous source contacts encrypted with AES-256-GCM at rest

10. Data Retention

Account data — Retained while your account is active. Deleted within 30 days of account deletion request.
Investigation data — Retained while your account is active. You may export and delete at any time.
AI chat history — Retained for 90 days, then auto-deleted.
Usage analytics — Aggregated and anonymized; retained for 12 months.
Server logs — Retained for 30 days for operational purposes.

11. Your Rights

Depending on your jurisdiction, you may have the right to:

Access — Request a copy of your personal data
Rectification — Correct inaccurate personal data
Deletion — Request deletion of your personal data ("right to be forgotten")
Portability — Export your data in a machine-readable format (JSON)
Objection — Object to processing of your personal data
Restriction — Request restricted processing of your personal data

To exercise any of these rights, contact privacy@deepseer.io. We will respond within 30 days.

12. International Data Transfers

Our servers are located in the United States (Render, US-West). If you access the Service from outside the US, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) for transfers from the EU/EEA/UK.

13. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will promptly delete it.

14. California Privacy Rights (CCPA)

California residents have the right to: know what personal information we collect; request deletion; opt out of sale (we don't sell data); and non-discrimination for exercising privacy rights. Contact privacy@deepseer.io to exercise these rights.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. The "Last Updated" date at the top reflects the most recent revision.

16. Contact

For privacy-related inquiries:
Email: privacy@deepseer.io
Data Protection: For GDPR-related requests, contact our Data Protection representative at dpo@deepseer.io