Privacy

Privacy

How C2PA Signer handles files, permissions and user data.

Local-first by design

C2PA Signer processes supported media files directly in the local extension environment. Verification and signing workflows are designed to run locally, without uploading your files to a C2PA Signer backend.

File handling

When you select or drop a file into the extension, the file is used only for the requested action: verify, inspect, or sign. C2PA Signer does not use your files for advertising, profiling, training, or unrelated analytics.

Extension permissions

C2PA Signer requests only the permissions needed to provide its core features: file verification, local signing, page media scan, context menu actions, download of signed files, and local settings.

Test certificates

A test certificate is useful for learning, demos and internal validation. It can show how a C2PA signing workflow works, but it does not mean the signature is publicly trusted.

Anonymous product analytics

The website may send limited product analytics events through a server-side endpoint to understand page usage and install interest. These events do not include files, file names, certificates, manifests, private keys, emails or full URLs.

Limited Use disclosure

The use of information received from extension permissions adheres to applicable store User Data Policy requirements, including Limited Use. User data is used only to provide and improve the extension's single purpose: local C2PA Content Credentials signing, verification and page media analysis.

Questions about privacy? Write to support@c2.pa or read the Security & Trust page.