iOS Privacy Policy
Last updated: July 18, 2026.
Introduction
Inverity ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our media optimization platform.
By using Inverity, you agree to the collection and use of information in accordance with this policy.
Information We Collect
Account Information. When you create an account, we collect your name, email address, company name, and the connection details for the systems you integrate.
Asset Data. We process media files you upload or optimize through Inverity, including image and video content, associated metadata, and optimization results. Source assets are handled on the retention schedule described in "Data Retention" below.
Usage Data. We collect information about how you use Inverity, including job history, asset processing metrics, API requests, and feature usage patterns. Usage data describes how the service is used and does not contain the content of your media.
How We Use Your Information
- Provide and maintain our media optimization service.
- Process, optimize, and verify your media assets.
- Sync optimized assets back to your connected system.
- Send you service-related notifications and updates.
- Improve our service using aggregate usage metadata. We do not train, fine-tune, or evaluate our models on customer media.
- Screen uploaded files for malware, and screen media against known-CSAM databases as described in "Child Safety."
- Detect and prevent fraud or abuse.
- Comply with legal obligations.
Our Models Are Not Trained on Your Media
We do not train, fine-tune, or evaluate our models on customer media. Ever. Our models are trained exclusively on licensed and open datasets curated by us. This is the default for every plan tier, including the free one. Further detail is on our Trust page.
Data Storage and Security
Your assets are stored in encrypted storage with access restricted to authorized Inverity services. We use industry-standard encryption in transit (TLS 1.2 or higher) and at rest (AES-256).
All API requests are authenticated and authorized via role-based access control. Audit logs track access to your data. Uploaded files are scanned for malware before processing.
Integrations
Inverity connects to your content system via OAuth 2.0. We access only the permissions necessary to read, optimize, and replace media assets. You can revoke this access at any time from your connected system's settings.
We do not access or store contact data, forms, or other content from your connected systems beyond the media files you optimize.
Data Retention
Source assets and intermediate artifacts are retained only as long as needed to complete processing and verification, and are deleted no later than 30 days after processing. In practice, most are removed shortly after delivery.
Optimized outputs and the metadata needed to support versioning and rollback are retained while your account is active so that rollback functions as intended. Processing metadata (file sizes, codec selections, quality scores, usage) is retained for billing, debugging, and account reporting, and contains no media content.
Upon account deletion, we delete associated assets, job history, and personal data within 30 days, except where retention is required by law. The one category exempt from these schedules is material we are legally required to preserve, including in connection with apparent CSAM as described in "Child Safety."
Child Safety
Media processed through Inverity is screened against known-CSAM hash databases. This screening is limited to matching against known illegal material and is not a general review of your content. If we identify apparent CSAM, we preserve the relevant material as required by law, report it to the National Center for Missing and Exploited Children (NCMEC) and other authorities as required, terminate the account, and cooperate with law enforcement. Material we are legally required to preserve is exempt from our standard deletion schedule.
Third-Party Services
Inverity relies on the following third-party providers:
- Amazon Web Services: infrastructure, asset storage, and delivery. AWS is our only infrastructure subprocessor for media.
- Stripe: payment processing (Pro and Enterprise plans).
- HubSpot: OAuth connection and asset sync, where you use that integration.
We do not send your media to third-party AI providers for processing. Inference runs on infrastructure we control.
Cookies and Tracking
We use cookies and similar technologies to operate the site, remember your preferences, and understand how the service is used. You can manage non-essential cookies through the cookie preferences control on our website. Where required by law, we obtain consent before setting non-essential cookies.
Your Rights
You have the right to:
- Access and download your data.
- Correct inaccurate data.
- Request deletion of your data.
- Object to or restrict processing of your data.
- Export your data in a portable format.
- Withdraw consent where processing is based on consent.
To exercise these rights, contact us at privacy@inverity.ai. We will respond within the timeframe required by applicable law.
GDPR (European Economic Area, UK, and Switzerland)
For users in the EEA, UK, and Switzerland, Inverity processes personal data in accordance with the GDPR and equivalent laws. We are the data controller for account and usage data, and a data processor for the assets you upload, which we process on your behalf under our Terms of Service and, where applicable, a Data Processing Agreement.
Lawful bases. We rely on the following lawful bases: performance of a contract (to provide the service), legitimate interests (to secure, maintain, and improve the service using usage metadata, and to prevent fraud and abuse), legal obligation (including child-safety and malware screening and financial record-keeping), and consent (for non-essential cookies and certain communications).
International transfers. We are based in the United States and process data there. Where personal data is transferred out of the EEA, UK, or Switzerland, we rely on an appropriate transfer mechanism, such as the Standard Contractual Clauses, together with additional safeguards where required.
Your additional rights. You have the right to lodge a complaint with your local data protection supervisory authority. We do not use your personal data for automated decision-making that produces legal or similarly significant effects.
US State Privacy Rights
Depending on your state of residence, you may have rights to know what personal information we collect, to access and delete it, to correct it, and to opt out of its sale or sharing. We do not sell or share your personal information or your media, and we do not use them for cross-context behavioral advertising. To exercise applicable rights, contact us at privacy@inverity.ai. We will not discriminate against you for exercising them.
Children's Privacy
Inverity is not directed to individuals under 18, and account holders must be at least 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us personal information, contact us and we will delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Inverity dashboard, and update the "Last updated" date above.
Contact Us
If you have questions about this Privacy Policy, or to exercise your privacy rights, contact us at:
Email: privacy@inverity.ai