Local-first by design
C2PA Signer processes supported media files directly in the local extension environment. Verification and signing workflows are designed to run locally, without uploading your files to a C2PA Signer backend.
Privacy
How C2PA Signer handles files, permissions and user data.
C2PA Signer processes supported media files directly in the local extension environment. Verification and signing workflows are designed to run locally, without uploading your files to a C2PA Signer backend.
When you select or drop a file into the extension, the file is used only for the requested action: verify, inspect, or sign. C2PA Signer does not use your files for advertising, profiling, training, or unrelated analytics.
C2PA Signer requests only the permissions needed to provide its core features: file verification, local signing, page media scan, context menu actions, download of signed files, and local settings.
A test certificate is useful for learning, demos and internal validation. It can show how a C2PA signing workflow works, but it does not mean the signature is publicly trusted.
The website may send limited product analytics events through a server-side endpoint to understand page usage and install interest. These events do not include files, file names, certificates, manifests, private keys, emails or full URLs.
The use of information received from extension permissions adheres to applicable store User Data Policy requirements, including Limited Use. User data is used only to provide and improve the extension's single purpose: local C2PA Content Credentials signing, verification and page media analysis.
Questions about privacy? Write to support@c2.pa or read the Security & Trust page.