Privacy Policy

FilmProcessor is a service operated by PSYCHÉ TROPES LIMITED (09356879), a company incorporated in England and Wales. We are registered with the Information Commissioner's Office (ICO) as a data controller (Registration No. CSN0999105).

We take your privacy seriously. This policy explains what personal data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have questions about this policy, contact us via our contact page

FilmProcessor is built around a principle we call Zero-Retention Processing (ZRP). This means:

• Your media files are processed in your browser or transiently in memory — we do not store your footage, audio, or project files on our servers.
• We do not sell your data. We never have and never will.
• We do not use advertising trackers or third-party surveillance tools.
• We collect the minimum personal data necessary to operate the service.

3.1 Account Data

When you create a FilmProcessor account, we collect:

• Email address (used for account authentication and service communications)
• A hashed password (we never store your password in plaintext)
• Account preferences and settings you configure

3.2 Usage Data

We may collect limited, non-identifying technical data to maintain and improve the service, including:

• Browser type and version
• General feature usage patterns (e.g. which tools are used most frequently)
• Error and crash reports

This data is collected in aggregate and is not linked to your identity.

3.3 Media Files

Media files you process through FilmProcessor (video, audio, image files, DCPs, and project data) are processed locally in your browser or transiently during server-side operations. In line with our Zero-Retention Processing architecture, these files are not stored on our infrastructure beyond the duration of a processing operation, and are deleted immediately upon completion.

3.4 Server-Side Processing and File Transfer

When you use server-side processing (Transcoder, DCP Studio) or file transfer (Fileshare), your files are encrypted in your browser using AES-256-GCM (Web Crypto API) before they are uploaded. The encryption key is generated in your browser and never transmitted to our servers. We cannot view, access, or decrypt your files. This is known as zero-knowledge encryption (ZKE).

For server-side processing, your files are decrypted on an ephemeral server instance solely for the duration of processing, then re-encrypted before being returned to you. The ephemeral instance is destroyed immediately after the job completes. No decrypted content is written to persistent storage at any point.

For file transfers via Fileshare, your files remain encrypted on our servers for the storage duration you select. Only a recipient with the full download link (which contains the encryption key in the URL fragment, never sent to the server) can decrypt the file.

3.5 Payment Data

If you use paid features (cloud processing or extended file storage), we accept payment via card or cryptocurrency:

• Card payments are processed by Stripe. We do not store your credit or debit card number or bank details. Stripe provides us with a transaction reference, the amount paid, and the last four digits of your card for receipt purposes only. For details on how Stripe handles your data, see Stripe’s Privacy Policy
• Cryptocurrency payments are accepted via Solana Pay (USDC stablecoin on the Solana blockchain). When you pay with cryptocurrency, we record the on-chain transaction signature, the amount in USDC, and the sending wallet address for the sole purpose of verifying payment. Blockchain transactions are publicly visible on the Solana ledger by design — we do not control or have the ability to remove on-chain transaction records. We do not store your private keys or seed phrases

Payment data (transaction references and amounts) is retained for accounting and legal compliance purposes. We do not use payment data for marketing or profiling.

3.6 Content Safety Scanning

When you use server-side processing (Transcoder, DCP Studio), an automated content safety check is performed as part of the processing pipeline, in compliance with our obligations under the UK Online Safety Act 2023. This section explains exactly what data is generated, what is shared, and what is not.

What data is generated: A perceptual hash fingerprint — a short mathematical representation of visual frames — is generated locally on the ephemeral processing instance. This is not a copy of your content. It is a non-reversible numerical signature that cannot be used to reconstruct, view, or reproduce your media in any form.

What is sent externally: Only the hash fingerprint is transmitted (via encrypted HTTPS connection) to the Internet Watch Foundation (IWF) Image Intercept API for comparison against their database of known illegal material. Your actual files, video frames, audio, metadata, filenames, project titles, or any information identifying you or your project are never transmitted to the IWF or any other third party as part of this check.

What is not sent: Your content is never viewed, copied, thumbnailed, or transmitted externally. The safety check is entirely automated — no human being at FilmProcessor, the IWF, or any third party sees your footage at any point during this process.

Data retention: Hash fingerprints are generated transiently and discarded immediately after the safety check completes. They are not logged, stored, or retained by FilmProcessor. The IWF's own data retention policies govern any data received by their API.

Fileshare: Content transferred or stored via Fileshare is end-to-end encrypted using zero-knowledge encryption (see Section 3.4). Because the server never has access to decryption keys or raw content, content safety scanning cannot be performed on Fileshare transfers. This is an inherent limitation of zero-knowledge encryption architectures.

Lawful basis: This processing is carried out under our legal obligation to comply with the UK Online Safety Act 2023 and Ofcom's codes of practice for providers of file-sharing and file-storage services (Article 6(1)(c) UK GDPR — legal obligation).

3.7 Contact Communications (PGP Encryption)

Messages sent via our contact page are encrypted in your browser using PGP (Pretty Good Privacy) before they are transmitted. Specifically:

• Client-side encryption: Your message is encrypted on your device using FilmProcessor's public PGP key and the OpenPGP standard. The plaintext of your message never leaves your browser — only the PGP-encrypted ciphertext is transmitted over the network.
• No third-party servers: The encrypted message is sent directly to FilmProcessor's own API server. No third-party email services, messaging platforms, or external relay servers are involved in the delivery of your message.
• Decryption: Only FilmProcessor can decrypt your message using the corresponding private PGP key, which is held securely and never exposed to any third party.

Your email address is collected alongside the encrypted message solely for the purpose of responding to your enquiry. It is not added to any mailing list, shared with third parties, or used for marketing purposes.

We process your personal data on the following lawful bases:

• Contract performance — to provide you with the FilmProcessor service you have signed up for
• Legitimate interests — to maintain service security, prevent fraud, and improve reliability
• Legal obligation — where required by applicable law
• Consent — for any optional communications you opt into

FilmProcessor uses a single, strictly necessary cookie: a secure, HTTP-only session cookie used solely for authentication purposes. This cookie:

• Is set only when you log into your account
• Contains no personal information — only an encrypted session identifier
• Is deleted when you log out or your session expires
• Is never used for tracking or profiling

We use no advertising cookies, no analytics cookies, and no third-party tracking cookies. A cookie consent banner is not required for strictly necessary cookies under UK GDPR.

We do not sell, rent, or trade your personal data. We may share data with carefully selected service providers who assist us in operating the service (such as cloud infrastructure providers), subject to strict data processing agreements. All such providers are required to process your data only on our instructions and in accordance with UK GDPR.

As described in Section 3.6, perceptual hash fingerprints (not content, personal data, or metadata) are shared with the Internet Watch Foundation (IWF) via their Image Intercept API as part of our content safety obligations under the UK Online Safety Act 2023. No personal data, file content, filenames, or identifying information is transmitted to the IWF during this process.

We will disclose personal data if required to do so by law or in response to a valid legal request from a competent authority.

We retain account data for as long as your account is active. If you close your account, we will delete your personal data within 30 days, except where we are required by law to retain it for a longer period.

Media files processed through the service are not retained beyond the duration of the processing operation, as described in Section 3.3.

Under UK GDPR, you have the following rights:

• Right of access — to obtain a copy of the personal data we hold about you
• Right to rectification — to correct inaccurate data
• Right to erasure — to request deletion of your data in certain circumstances
• Right to restriction of processing
• Right to data portability
• Right to object to processing based on legitimate interests

To exercise any of these rights, contact us via our contact page. We will respond within one calendar month.

You also have the right to lodge a complaint with the ICO at ico.org.uk or by calling 0303 123 1113.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

• Zero-knowledge encryption (AES-256-GCM) for all file transfers and server-side processing — your encryption key never leaves your browser
• Encrypted connections (TLS) for all communications
• HTTP-only secure session cookies
• Ephemeral server instances for server-side processing — destroyed immediately after job completion, with no persistent storage of decrypted content
• Access controls limiting who within our organisation can access your data

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a prominent notice on the FilmProcessor interface. The date at the top of this document indicates when it was last revised.

PSYCHÉ TROPES LIMITED (09356879)
4th Floor, Silverstream House
45 Fitzroy Street, Fitzrovia
London, W1T 6EB
United Kingdom

Contact: contact page

For data protection enquiries, you may also write to us at the above address marked for the attention of: Data Protection.