Privacy framework

Mechanical Integrity by Design.

How C2PA Signer handles files, permissions and user data with local-first security.

Local-first by design

C2PA Signer processes supported media files directly in the local extension environment. Verification and signing workflows are designed to run locally, without uploading your files to a C2PA Signer backend.

No cloud uploads On-device processing

File handling

When you select or drop a file into the extension, the file is used only for the requested action: verify, inspect, or sign. C2PA Signer does not use your files for advertising, profiling, training, or unrelated analytics.

Extension permissions

C2PA Signer requests only the permissions needed to provide its core features:

  • File verification
  • Local signing
  • Page media scan
  • Context menu actions

Limited Use disclosure

The use of information received from extension permissions adheres to applicable store User Data Policy requirements, including Limited Use. User data is used only to provide and improve the extension's single purpose: local C2PA Content Credentials signing, verification and page media analysis.

Questions about privacy?

Our team is committed to transparency. Read more about our trust architecture or get in touch.