▸ LEGAL DOCUMENT

Privacy Policy

EFFECTIVE DATE: 21 MAY 2026 | LAST UPDATED: 21 MAY 2026 | VERSION: 1.0

PLAIN SUMMARY: We collect only what is necessary to run the platform. We do not sell your data. We do not store camera imagery. Your email (if provided) is used only for authentication. You can request deletion of your data at any time.

1. Who We Are

World Informant is an open-source intelligence (OSINT) aggregation platform operated by Dyne Research ("we", "us", "our"). We are the data controller for personal information collected through the platform at worldinformant.com.

For privacy-related inquiries, contact us at: privacy@dyneresearch.com

2. What Data We Collect

We collect the minimum personal data necessary to operate the platform. The following table describes all categories of data we collect:

Data Category	What We Collect	Why We Collect It	Legal Basis (GDPR)
Authentication Data	Email address (if you sign in via email magic link or Google OAuth)	To create and manage your account and grant access to camera feeds	Contract performance / Legitimate interest
Usage Analytics	Page views, session duration, device type, general geographic region (country-level). No IP addresses are stored by us directly.	To understand how the platform is used and improve the service	Legitimate interest
Performance Data	Core Web Vitals, load times, error events — collected by Vercel Speed Insights	To identify and resolve performance issues	Legitimate interest
Session Tokens	Short-lived cryptographic tokens stored in browser memory (not persistent cookies) to authenticate camera stream access	Security — to prevent unauthorized access to camera feeds	Legitimate interest / Contract performance

What we do NOT collect: We do not collect your name, phone number, location, payment information, IP address (directly), browsing history outside our platform, or any biometric data. We do not store, capture, or cache any images or video from CCTV or camera feeds.

3. How We Use Your Data

We use your data exclusively for the following purposes:

Authentication: Your email address is used to create and manage your account via Supabase Auth. We do not use your email for marketing unless you have explicitly opted in.
Service access control: Authenticated sessions are used to determine access to gated platform features (e.g., live camera streams).
Platform improvement: Aggregated, anonymized analytics are used to understand usage patterns and improve the platform experience.
Security: We may log authentication events (login, logout, failed attempts) for fraud prevention and platform security.
Legal compliance: We may retain certain records to comply with applicable legal obligations or respond to lawful requests from government authorities.

We do not use your data for advertising, profiling, automated decision-making, or any purpose not listed above.

4. Data We Do Not Collect — Camera Feeds

World Informant displays live feeds from publicly accessible third-party cameras. We want to be unambiguous about our role:

We do not operate, own, or control any of the cameras displayed on the platform.
We do not store, record, save, or cache any images or video frames from any camera feed.
We act solely as a display proxy — forwarding live bytes from public third-party servers to authenticated users in real time, without retention.
Any privacy concerns related to what is captured within a specific camera feed should be directed to the operator of that camera (the relevant government, municipality, or transport authority).

5. Third-Party Services

We use the following third-party services to operate the platform. Each service processes data according to its own privacy policy:

Service	Purpose	Data Shared	Privacy Policy
Supabase	Authentication and database	Email address, session tokens, auth events	supabase.com/privacy
Vercel	Hosting, CDN, serverless functions	Request metadata (anonymized), performance metrics	vercel.com/legal/privacy-policy
Vercel Analytics	Usage analytics	Anonymized page view data, no PII	vercel.com/legal/privacy-policy
Cloudflare R2	Data storage for aggregated intelligence feeds	No personal data — only cached public intelligence datasets	cloudflare.com/privacypolicy
Google OAuth	Optional sign-in with Google	Email address and Google profile (if you choose Google sign-in)	policies.google.com/privacy
Google Fonts	Typography	Your IP address is sent to Google's servers to load fonts	policies.google.com/privacy

6. Cookies and Local Storage

World Informant uses the following browser storage mechanisms:

Supabase auth session cookie: A secure, HttpOnly cookie set by Supabase to maintain your login session. This is strictly necessary for authentication and cannot be disabled if you choose to sign in.
In-memory tokens: Short-lived cryptographic tokens are held in browser memory (not stored in localStorage or cookies) to authenticate camera stream requests. These are discarded when the browser tab is closed.

We do not use advertising cookies, third-party tracking cookies, or persistent analytics cookies.

7. Data Retention

Data Type	Retention Period
Account data (email, auth records)	Until you request deletion or your account is terminated
Authentication logs (login events)	90 days, then automatically purged
Anonymized usage analytics	24 months in aggregated form
Camera feed imagery	Not retained — zero retention (live proxy only)
Session tokens	5 minutes maximum (HMAC token expiry), then invalidated

8. Your Rights Under GDPR (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

Right of Access: You may request a copy of all personal data we hold about you.
Right to Rectification: You may request correction of inaccurate personal data.
Right to Erasure ("Right to Be Forgotten"): You may request deletion of your personal data. We will comply within 30 days, subject to legal retention obligations.
Right to Restriction: You may request that we restrict processing of your data in certain circumstances.
Right to Data Portability: You may request a machine-readable export of your personal data.
Right to Object: You may object to processing based on legitimate interest.
Right to Lodge a Complaint: You have the right to lodge a complaint with your national Data Protection Authority.

To exercise any of these rights, contact us at privacy@dyneresearch.com. We will respond within 30 days.

9. Your Rights Under CCPA (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
Right to Delete: You may request deletion of personal information we hold about you.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
Right to Opt-Out of Sale: We do not sell personal information. There is nothing to opt out of.

10. Data Security

We implement industry-standard security measures to protect your data:

All data is transmitted over HTTPS/TLS encryption.
Authentication is handled by Supabase, which implements bcrypt password hashing, JWT token rotation, and Row Level Security.
Camera stream access requires a cryptographically signed, time-limited HMAC token validated server-side.
The Supabase service role key (which has admin database access) is stored exclusively in Vercel server-side environment variables and is never exposed to the browser or client-side code.
No payment data is processed or stored on our platform.

Despite these measures, no system is 100% secure. We cannot guarantee the absolute security of your data. In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by applicable law.

11. International Data Transfers

World Informant is operated from India. By using the Service, you consent to the transfer of your data to India and to other countries where our service providers (Supabase, Vercel, Cloudflare) operate their infrastructure, including the United States and the European Union.

Where data is transferred outside the EEA, we rely on our service providers' Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms as required by GDPR.

12. Children's Privacy (COPPA)

World Informant is not directed at children under the age of 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child under the applicable age, we will delete it immediately. If you believe a child has provided us with personal information, contact us at privacy@dyneresearch.com.

13. Do Not Track

Some browsers send "Do Not Track" (DNT) signals. We respect DNT signals. When a DNT signal is detected, we do not enable behavioural analytics for that session.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will indicate the date of the last update at the top of this page. For material changes, we will notify registered users by email. Continued use of the Service after any change constitutes acceptance of the updated policy.

15. Contact and Data Requests

For any privacy-related questions, data access requests, deletion requests, or complaints:

Email: privacy@dyneresearch.com
Response time: Within 30 days
Operator: Dyne Research
Website: dyneresearch.com