Transparency Report
Q4 2025 (October - December 2025)
Published: December 31, 2025 | Next Report: March 31, 2026
Executive Summary
This is qwip's first quarterly transparency report. We publish these reports to maintain accountability and demonstrate our commitment to user privacy.
Key Highlights:
- ✅ Zero government data requests
- ✅ Zero data breaches
- ✅ Zero user privacy complaints
- ✅ Zero data sold or shared with third parties
1. Government Requests for Data
Summary
| Request Type | Count | Data Provided | Users Affected |
|---|---|---|---|
| Law Enforcement Requests | 0 | N/A | 0 |
| National Security Letters | 0 | N/A | 0 |
| Court Orders/Subpoenas | 0 | N/A | 0 |
| Foreign Government Requests | 0 | N/A | 0 |
Total: 0 requests in Q4 2025
Our Policy
If we receive a data request:
- Evaluate legality - Ensure request has proper legal basis
- Minimize disclosure - Only provide what's legally required
- Notify users - Unless legally prohibited (gag order)
- Challenge if necessary - Push back on overly broad requests
- Report publicly - Include in next transparency report
What data could we provide?
- Anonymous session IDs (not useful for identification)
- Image hashes (cannot reverse to images)
- Aggregate statistics (no individual data)
What we CANNOT provide:
- User identities (we don't have this)
- Images (never stored)
- Browsing history (never tracked)
- Personal information (never collected)
Commitment
We have never:
- Built backdoors into our service
- Weakened security at government request
- Provided bulk access to data
- Participated in mass surveillance programs
We will always:
- Require proper legal process
- Notify users unless gagged
- Report requests publicly
- Fight overly broad requests
2. Data Breaches
Summary
Q4 2025: 0 breaches
All Time: 0 breaches
What Counts as a Breach
We consider a breach any:
- Unauthorized access to our systems
- Data exfiltration (even anonymous data)
- Security vulnerability exploited
- Accidental data exposure
If a Breach Occurs
Our response plan:
Within 24 hours:
- Contain the breach
- Assess scope and impact
- Begin forensic investigation
Within 72 hours:
- Notify affected users (if any)
- Notify supervisory authorities (GDPR requirement)
- Publish public disclosure
Within 30 days:
- Complete investigation
- Publish detailed post-mortem
- Implement preventive measures
- Third-party security audit
What Would Be Compromised
In a worst-case server breach:
Attacker could get:
- Anonymous session IDs (random UUIDs)
- Image hashes (cryptographic, can't reverse to images)
- Detection results (AI/Real labels)
- Aggregate statistics
Attacker could NOT get:
- ❌ User identities (we don't have them)
- ❌ Images (never stored)
- ❌ Personal information (never collected)
- ❌ Anything that identifies specific users
Impact assessment: Very low (no personal data to leak)
3. User Rights Requests
Summary
| Request Type | Count | Average Response Time |
|---|---|---|
| Access Requests (GDPR Art. 15) | 0 | N/A |
| Deletion Requests (GDPR Art. 17) | 0 | N/A |
| Portability Requests (GDPR Art. 20) | 0 | N/A |
| Objection Requests (GDPR Art. 21) | 0 | N/A |
| CCPA Access Requests | 0 | N/A |
| CCPA Deletion Requests | 0 | N/A |
| General Privacy Inquiries | 0 | N/A |
Total: 0 requests in Q4 2025
Note: This is our launch quarter. Most users clear session data directly in settings (immediate, no request needed).
Our Commitment
Response times:
- GDPR requests: Maximum 30 days (target: 7 days)
- CCPA requests: Maximum 45 days (target: 15 days)
- General inquiries: Maximum 5 business days
We will:
- Honor all legitimate requests
- Provide clear explanations
- Never charge fees for basic requests
- Verify identity without collecting additional data
4. Third-Party Data Sharing
Summary
Q4 2025: Zero data shared
Service Providers:
| Provider | Purpose | Data Shared | Justification |
|---|---|---|---|
| None | N/A | N/A | N/A |
Our Policy
We do not:
- ❌ Sell data to anyone
- ❌ Share data with advertisers
- ❌ Provide data to data brokers
- ❌ Use third-party analytics (Google Analytics, etc.)
Future third-party services: If we add service providers (e.g., cloud hosting, CDN), we will:
- List them in this report
- Ensure strong data processing agreements
- Limit data access to minimum necessary
- Require GDPR/CCPA compliance
5. Privacy Complaints
Summary
Q4 2025: 0 formal complaints
Categories:
| Complaint Type | Count | Resolution |
|---|---|---|
| Data collection concerns | 0 | N/A |
| Tracking concerns | 0 | N/A |
| Deletion requests not honored | 0 | N/A |
| Other | 0 | N/A |
How to File a Complaint
Contact us: privacy@qwip.io
Or file with:
- EU: Your national Data Protection Authority
- UK: Information Commissioner's Office (ICO)
- California: Attorney General's office
6. Platform Statistics (Anonymous)
These statistics help demonstrate our platform's growth while protecting user privacy.
Usage Statistics
| Metric | Q4 2025 | Notes |
|---|---|---|
| Total Installations | [To be added] | Chrome Web Store data |
| Active Users (DAU avg) | [To be added] | Anonymous session count |
| Images Analyzed | [To be added] | Aggregate count |
| AI Detection Rate | [To be added] | % flagged as AI |
Note: First quarter launch data. Will populate in future reports.
Geographic Distribution
We do NOT track:
- IP addresses
- Location data
- Country of origin
We CAN estimate (from aggregate data):
- Approximate region (if users enable server queries)
- Time zone distribution (from query timestamps)
Q4 2025: Data not yet available (initial launch period)
7. Security Incidents
Summary
Q4 2025: 0 security incidents
What Counts
We report:
- Security vulnerability discoveries
- Attempted intrusions (even if unsuccessful)
- DDoS attacks
- Service outages due to security issues
Vulnerability Disclosures
Responsible disclosure policy:
If you discover a vulnerability:
- Email: security@qwip.io
- We'll acknowledge within 48 hours
- We'll fix critical issues within 7 days
- We'll credit researchers (with permission)
Q4 2025: No vulnerabilities reported
8. Policy Updates
Changes to Privacy Practices
Q4 2025: No changes
Initial documentation published:
- Privacy Overview
- Data Collection Practices
- Security Practices
- Compliance (GDPR/CCPA/COPPA)
- User Rights
- This Transparency Report
Notification of Changes
We will notify users if we change:
- What data we collect
- How we use data
- Data retention periods
- Third-party sharing
Notification methods:
- Extension update notification
- Updated documentation (with changelog)
- This transparency report
9. Regulatory Compliance
Compliance Status
| Regulation | Status | Last Reviewed |
|---|---|---|
| GDPR (EU) | ✅ Compliant | December 2025 |
| UK GDPR | ✅ Compliant | December 2025 |
| CCPA (California) | ✅ Compliant | December 2025 |
| COPPA (USA) | ✅ Compliant | December 2025 |
| PIPEDA (Canada) | ✅ Compliant | December 2025 |
| LGPD (Brazil) | ✅ Compliant | December 2025 |
Regulatory Inquiries
Q4 2025: 0 inquiries from regulators
If we receive inquiries:
- We'll respond within required timeframes
- We'll cooperate fully
- We'll report outcomes publicly (unless prohibited)
10. Open Source & Audits
Code Transparency
GitHub Repository: https://github.com/yourorg/qwip
Q4 2025 Activity:
- ✅ Full codebase published
- ✅ Privacy documentation added
- ✅ Security audit (internal)
- 🚧 Third-party audit (planned Q1 2026)
Community contributions welcome:
- Security reviews
- Privacy audits
- Code improvements
Security Audits
Planned:
- Q1 2026: Professional third-party audit
- Q2 2026: Penetration testing
- 2026: SOC 2 Type II preparation
11. Metrics & Accountability
Privacy-First Metrics
We measure success by privacy protection, not data collection:
| Metric | Target | Q4 2025 |
|---|---|---|
| Data breaches | 0 | ✅ 0 |
| Government requests | 0 | ✅ 0 |
| User complaints | <10 | ✅ 0 |
| Response time (requests) | <7 days | N/A |
| Code audit frequency | Quarterly | ✅ Q4 |
Improvement Goals
Q1 2026:
- Complete third-party security audit
- Implement certificate pinning
- Add per-install API keys
- Launch bug bounty program
12. Contact Information
Questions about this report: privacy@qwip.io
Security concerns: security@qwip.io
General inquiries: hello@qwip.io
Supervisory authority complaints:
- EU/EEA: Your national DPA
- UK: ICO
- California: Attorney General
Commitment to Transparency
We publish these reports quarterly to maintain accountability.
Next Report: Q1 2026 (January - March 2026)
- Publication date: March 31, 2026
- Will include comparison to Q4 2025
Historical Reports:
- Q4 2025 (this report)
- Q1 2026 (March 2026)
- Q2 2026 (June 2026)
- Q3 2026 (September 2026)
Certification
This transparency report accurately reflects qwip's data practices for Q4 2025 to the best of our knowledge.
Signed:
[Signature space for team lead/CEO when applicable]
Date: December 31, 2025
Published under: Creative Commons Attribution 4.0 (CC BY 4.0) Archived at: https://github.com/yourorg/qwip/transparency-reports/
Transparency is not just disclosure - it's accountability.