Privacy Policy

Last updated: May 2026

1. Introduction

ActorHub.ai ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital identity protection platform.

2. Information We Collect

Personal Information

  • Name and contact information
  • Account credentials
  • Payment information (processed securely via PayMe)
  • Biometric data (facial features for identity verification)

Usage Information

  • Log data and device information
  • Usage patterns and preferences
  • IP address and location data

3. How We Use Your Information

  • To provide and maintain our services
  • To detect unauthorized use of your digital identity
  • To process transactions and payments
  • To communicate with you about our services
  • To improve our platform and user experience
  • To notify AI providers of protected identities

4. Biometric Data Handling

We take special care with biometric data:

  • Facial features are converted to encrypted mathematical embeddings
  • Original images are processed and not stored in raw form
  • Embeddings cannot be reverse-engineered to recreate your face
  • You can request deletion of all biometric data at any time

5. Data Security

We implement bank-grade encryption and security measures to protect your data. Your biometric data is stored as encrypted mathematical signatures and is never shared in raw form. We maintain PCI-DSS compliance for payment processing.

6. Data Sharing

We may share your information with:

  • AI providers (protection notifications only, not raw data)
  • Payment processors (PayMe) for transactions
  • Law enforcement when required by law
  • Licensees (limited profile data for marketplace transactions)

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Opt-out of marketing communications

Contact us at to exercise these rights.admin@actorhub.ai

8. Cookies and Tracking

We use essential cookies for authentication and security. Analytics cookies are only used with your consent. You can manage cookie preferences in your browser settings.

9. Contact Us

If you have questions about this Privacy Policy, please contact us at:

admin@actorhub.ai

Microsoft Teams Verification Service — Biometric Data Disclosure

When you install the ActorHub Verify Teams app and use it inside a Microsoft Teams meeting, we process additional biometric data classes beyond the marketplace face embedding. This section discloses each class, the legal basis under GDPR Article 9(2) (explicit consent) and CCPA §1798.140 (sensitive personal information), the retention period, and your rights.

Data classes processed

  • Facial embeddings (512-D vectors) — used to match the live face against your registered identity. Computed locally on a Railway / RunPod GPU; raw frames are NEVER persisted, only the irreversible mathematical embedding is stored, and only when you explicitly bind a verification to your account.
  • rPPG cardiac signal (per-frame green-channel ROI samples) — used to confirm a real human is in front of the camera. Discarded immediately after analysis (within ~50 ms); no retention, no log line containing the raw vector. The server stores ONLY the boolean verdict (live / inconclusive / no_signal), the BPM, and the SNR — none of which can be reverse-engineered to identify a person.
  • WebAuthn passkey credentials (public key + AAGUID) — used to bind Consent Token issuance to a hardware-backed user gesture. The PRIVATE key never leaves your device's Secure Enclave. We store only the public key, an opaque credential identifier, and the device model AAGUID. No biometric template (fingerprint image, face template) is ever sent to our servers — the FIDO2 standard handles all biometrics on-device.
  • ACR Phase Lock observations (face-region brightness over time, ~2 seconds) — used to verify the camera lens is observing reflected screen light, not a recorded video. Discarded immediately after analysis. No retention.
  • Verification audit log (verdict, request_id, hashed key, timestamps, chain hash) — retained for 24 months per SOC 2 / SOX requirements your tenant admin may be subject to. Contains NO biometric data; only the metadata necessary to prove a verification happened. Tenant admins can request earlier deletion via admin@actorhub.ai.

Your Rights for Teams Bot Data

You may at any time: (a) revoke a registered passkey via Settings → Security; (b) request deletion of your facial embedding via the dashboard or admin@actorhub.ai; (c) export all metadata associated with your account in JSON via /api/v1/users/me/export; (d) withdraw consent for the Teams app, which immediately purges your tenant binding. We respond to all GDPR / CCPA requests within 30 days.

Compliance Posture

Microsoft Teams App Store: this disclosure satisfies the Microsoft Commercial Marketplace Privacy & Compliance requirements as of 2026-05. We are a C2PA Contributor Member (since April 2026); SOC 2 Type II audit is planned. Encryption at rest: authenticated encryption via Fernet (AES-128-CBC + HMAC-SHA256), keyed by a secret stored outside the data plane (Railway secret store). Encryption in transit: TLS 1.3 only. Biometric templates are stored as ISO/IEC 30136 cancelable transformations (MLP-Hash v2, 256-bit entropy seed) — mathematically irreversible to the source face.

    Cart (0)

    Your cart is empty

    Browse our marketplace to find actor packs

    Browse Marketplace
    Privacy Policy | ActorHub.ai