Privacy Policy for SerenAlign™

1. Our Commitment

SerenAlign™ is committed to protecting your privacy and operating in accordance with the Data Protection Act of Trinidad and Tobago (Chap. 22:04). We treat your biometric data as a temporary trust, not a permanent record.

2. Information We Collect

We only collect data necessary to format your identification documents:

• Biometric Images: Portrait photos and digital signatures for document formatting
• Technical Data: Basic browser information to ensure service compatibility
• Transaction Records: Payment details (processed securely through third-party payment gateways)
• Recovery Codes: Optional 6-digit recovery codes generated to allow document re-download within 60 minutes
• Email: Used solely for document recovery and transaction record keeping, where required to fulfill legal business obligations.

2.5 Explicit Consent

By uploading a photo or signature to SerenAlign™, you provide your explicit consent for Savane Digital Solutions to process your biometric data solely for the purpose of formatting your documents, in accordance with this Privacy Policy.

If you do not agree to this processing, please do not upload any files.

3. The "1-Hour Vault" Policy

4. Security & Encryption

We implement industry-leading security measures:

• Encryption in Transit: All data is protected by TLS 1.3/SSL encryption
• Portrait Processing: Background removal for portrait photos is processed securely via a third-party AI image processing API, using encrypted transmission. Raw images are not retained by the provider beyond the processing request.
• Signature Processing: When your device supports modern browser processing capabilities, signature background removal is processed entirely on your device — your raw signature image is never transmitted to our servers. On older or unsupported devices, we use a secure, sandboxed cloud processing environment.
• Temporary Storage: Formatted documents are stored in an encrypted third-party database (Supabase) solely to enable the 1-hour recovery window.
• Secure Infrastructure: We utilize Supabase for encrypted data storage and reputable third-party providers for image processing, all operating under SOC2-compliant or equivalent security standards. These providers do not have permission to access or use your data for any other purpose.

5. International Data Storage

• Server Location: Data is temporarily stored on servers located in the United States
• Service Providers: We use Vercel (hosting), Supabase (encrypted database storage), and other reputable third-party processing providers, which maintain US-based or EU-based data centers with high-security compliance standards
• Safeguards: These providers adhere to security standards comparable to those required under Trinidad & Tobago law
• Your Protection: Despite international storage, our 1-Hour Vault policy applies — all data is purged within 60 minutes regardless of location.
• We do not sell, lease, or commercially exploit any data stored internationally.

6. Your Rights Under Trinidad & Tobago Law

Under the Data Protection Act (Chap. 22:04), you have:

• Right to Consent: We only process data with your explicit permission
• Right to Erasure: Built into our system — automatic deletion within 1 hour
• Right to Access: Contact us within the 1-hour window to request information about your data. Requests may be subject to identity verification to protect user privacy.
• Right to Withdraw Consent: You may choose not to upload files at any time

7. Children's Privacy

• Parental Consent Required: SerenAlign™ is intended for use by adults (18+) or by parents/legal guardians on behalf of minors
• School ID Documents: We recognize that parents may upload photos of children for school identification purposes
• Same Protections Apply: Children's biometric data receives the same security protections and 1-hour automatic deletion as adult data
• Parental Responsibility: By uploading a child's photo, you confirm that you are the parent or legal guardian with authority to provide this information
• No Profiling: We do not create profiles, track behavior, or use children's data for any purpose beyond document formatting
• Under 13: We do not knowingly collect data from children under 13 without verified parental consent. If you believe we have inadvertently collected such data, please contact us immediately for deletion

8. Payment Processing

• Third-Party Gateway: Payments are processed through WiPay, a PCI-DSS compliant payment processor
• Data We Receive: We only receive transaction confirmation — your credit card details are never stored on our servers
• Payment Records: Transaction IDs are retained for accounting and refund purposes only

9. Cookies & Tracking

• Local Storage: We use browser local storage solely to temporarily hold references to your formatted documents for download.
• Session Storage: Recovery codes are stored temporarily in your browser session for convenience
• Privacy-Friendly Analytics: We use basic, privacy-focused analytics provided by our hosting platform to understand general usage patterns and improve performance. This data is collected in aggregate form and does not identify individual users.
• No Third-Party Cookies: We do not share data with advertising networks

10. How We Use Your Data

We use your information solely to:

• Format your photos and signatures to official specifications
• Process your payment securely
• Provide you with a recovery code for document re-download
• Comply with legal obligations (tax records, transaction logs)

We never:

• Sell your data to third parties
• Use your images for advertising or marketing
• Share your biometric data with other companies
• Retain your images beyond the 1-hour window

11. Data Retention

• Formatted Documents: Deleted automatically after 60 minutes
• Recovery Codes: Expire after 1 hour and become unusable
• Transaction Records: Retained for 7 years for tax compliance purposes (amount, date, email, transaction ID only — no biometric data)
• Redo Coupons: Valid for 7 days, then automatically invalidated

12. Changes to This Policy

We will notify users of any material changes by updating the "Effective Date" at the top of this policy. Continued use of SerenAlign™ after changes constitutes acceptance of the updated policy.

13. Contact Us