Privacy Policy

Effective date: March 21, 2026 · Last updated: March 22, 2026

ZeroFake ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how the ZeroFake iOS app collects, uses, and safeguards your information.

Device Permissions

ZeroFake requests the following iOS permissions to function. Granting these permissions does not transmit data to ZeroFake unless specifically noted below.

• Camera & audio — to capture photos and videos within the app.
• Location — you choose whether location coordinates are visible in your photo's Content Credentials. Regardless of this setting, your device records location at the time of capture and stores it locally as part of the photo's integrity evidence. Location data is never transmitted to ZeroFake. It is retained on your device to ensure compatibility with planned optional features, which will be fully disclosed and subject to separate consent at the time of release.
• Photo library — to save signed photos to your device and to retrieve ZeroFake-captured images for in-app gallery navigation.
• Face ID / biometric authentication — used for app access security. Biometric data is handled entirely by Apple's Secure Enclave and is never accessible to ZeroFake. For the purposes of GDPR Article 9, ZeroFake does not process biometric data — all biometric processing occurs on-device within Apple's hardware security module.

Data Stored on Your Device

The following data is created and stored locally on your iPhone. ZeroFake does not have access to this data on its servers.

• Photos and metadata — your photos, their C2PA Content Credentials, and cryptographic signatures are stored locally on your device.
• User identity (optional) — ZeroFake offers optional identity disclosure features that you control. You may choose open disclosure (your identity is included in photo metadata) or one-way verifiability (a salted hash of your identity is embedded, allowing verification without exposing your identity directly). These features are entirely opt-in and user-configurable. This data is embedded in your photo metadata on your device.

Data Received by ZeroFake

The following data is transmitted to and processed by ZeroFake's servers. This is the only data we receive.

• Cryptographic hash for signing — a hash of your photo's metadata packet is sent to our server for cryptographic signing. We cannot see or reconstruct the underlying data (photos, location, or any other metadata) from this hash.
• Device attestation — Apple App Attest is used to verify that photos are taken on a genuine iPhone. Our server receives and stores an attestation record (key ID, public key, counter). This does not identify you personally.
• App Store receipt validation — we validate your purchase receipt with Apple and store only the result (pass/fail), not the receipt itself.
• Anonymised usage data (Firebase Analytics) — anonymous, aggregated data about how the app is used (e.g. feature usage, session frequency, and general interaction patterns). This data cannot be used to identify you and is used solely to improve the app experience.

Information We Do Not Collect

• We do not require user accounts or email addresses.
• We do not collect personal identifiers. Optional identity features store data on your device only.
• We do not serve advertisements.
• We do not sell or share your personal information with third parties.
• We do not track you across other apps or websites.
• We do not use analytics that identify or track individual users.

How We Use Your Information

All data received by ZeroFake is used exclusively to deliver and improve the photo signing service, as described in the sections above.

Legal Basis for Processing

Where applicable under the Australian Privacy Act 1988, the EU General Data Protection Regulation (GDPR), or similar legislation, the legal bases for our processing are:

• Contractual necessity — processing the cryptographic hash of your metadata for signing, device attestation, and App Store receipt validation are necessary to deliver the service you have purchased.
• Consent — location embedding in photo metadata and optional identity disclosure features are enabled only with your explicit consent, which you can withdraw at any time through the app's settings.
• Legitimate interest — anonymised usage analytics are collected to improve the app. This data cannot identify individual users.

Data Retention

• Signing request data (claim hash) — not retained. Processed in-memory and discarded immediately after signing.
• Device attestation — the active authorisation record (key ID, public key, counter) is retained for the lifetime of your device's registration. Usage logs are retained for 90 days. Audit records are retained permanently for compliance purposes.
• Authentication challenges — one-time use, automatically deleted after 5 minutes.
• Analytics — retained for up to 14 months in accordance with Firebase Analytics defaults.
• App Store receipt validation — only the validation result (pass/fail) is stored, not the receipt itself. Retained permanently as part of the audit trail.
• Photos, metadata, and location data — stored on your device only. ZeroFake does not retain this data on its servers.

Data Storage and Security

We use ES256 (ECDSA P-256) signing with a production certificate from SSL.com to ensure the integrity of every signed photo. Signed photos remain under your control on your device.

Our servers are located in Australia. If you are accessing ZeroFake from outside Australia, your signing requests (containing only a cryptographic hash, not personal data) are transmitted to and processed in Australia.

Certain planned features may involve additional data being submitted to ZeroFake. These features and the data they require will be clearly disclosed to you at the point of use before any additional data is transmitted.

Third-Party Services

ZeroFake does not share your data with third parties. Signed photos conform to the C2PA open standard and can be independently verified by anyone using tools such as contentcredentials.org/verify. Verification is initiated by the user sharing their photo — we do not transmit photos on your behalf.

Your Rights

ZeroFake does not collect personal identifiers or maintain user accounts, so we hold very limited data that could be associated with you as an individual. Device attestation records are keyed to your device, not to your identity.

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data, to withdraw consent, to restrict or object to processing, and to lodge a complaint with a supervisory authority. To exercise any of these rights, contact us at support@zerofake.app. We will respond within 30 days.

Since most data (photos, metadata, location) is stored only on your device, you can delete it at any time by removing photos or uninstalling the app. For any server-side data (device attestation records, audit logs), we will action deletion requests where we are able to identify the relevant records.

For users in Australia, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). For users in the European Economic Area, you may lodge a complaint with your local data protection authority.

Children's Privacy

ZeroFake is not directed at children under 13 and does not knowingly collect information from children. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date.

Contact Us

If you have questions about this Privacy Policy, please contact us at support@zerofake.app.