Privacy Policy for Ext.Systems

Powered by Defcon Systems, LLC

Last updated: 2025-06-07

1. Introduction

Welcome to Ext.Systems. This Privacy Policy explains how Defcon Systems, LLC ("we", "us", or "our") collects, uses, and protects your personal information when you use our website, applications, or AI content generation services (collectively, the "Services"). We are committed to protecting your privacy and ensuring the security of your personal data while maintaining the integrity and safety of our AI-powered platform. This policy applies to all users of our Services, regardless of their location, and covers our AI content generation tools, custom models, chatbots, and related features. By using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Information You Provide to Us:

  • Account Information: Name, email address, username, and password
  • Payment Information: Credit card details, billing address, and transaction history
  • Content and Prompts: Text prompts, uploaded images, generated content, and any files you submit to our Services
  • Communication Data: Messages sent through our support channels or chat features
  • Profile Information: Any additional information you choose to add to your profile
  • Identity Verification Data: Documentation required for account verification, age verification, or compliance purposes

2.2 Information We Automatically Collect:

  • Usage Data: How you interact with our Services, including features used, time spent, and user actions
  • Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution
  • Browser Fingerprinting Data: Unique browser configurations, installed fonts, plugins, and technical specifications used for security and fraud prevention
  • Location Data: General geographic location derived from your IP address
  • Generation Logs: Detailed records of AI content generation including text prompts, date/time, user ID, IP address, and AI model used
  • Session Data: Authentication tokens, session identifiers, and activity timestamps for security monitoring

2.3 Invisible Watermarks and Content Tracking:

  • To ensure responsible AI use and protect against misuse, we embed invisible tamper-resistant watermarks in all generated media content. These watermarks are linked in our database to user information and generation data, allowing us to trace content back to its source for legal compliance, safety investigations, and preventing misuse such as deepfakes, misinformation, or harmful content distribution.

2.4 Data Subject Safeguards for AI Outputs:

To respect the rights of individuals whose identity or likeness may be implicated in user-generated content, we implement:

  • Prompt and output monitoring for impersonation, harassment, or misuse
  • Generation watermarks linked to user sessions for accountability
  • A process for individuals to request takedown or investigation of AI content involving them

3. How We Use Your Information

3.1 Service Provision and Improvement:

  • Providing AI content generation services and maintaining platform functionality
  • Processing your requests and delivering generated content
  • Personalizing your experience and improving our AI models
  • Developing new features and enhancing existing services
  • Training and fine-tuning AI models to improve accuracy and safety

3.2 Security and Safety:

  • Content Traceability: Using watermarks and generation logs to track content origins for safety investigations
  • Fraud Prevention: Analyzing browser fingerprints and usage patterns to detect suspicious activity
  • Platform Integrity: Monitoring for policy violations, harmful content generation, or misuse of our Services
  • Legal Compliance: Maintaining records to comply with legal obligations and respond to law enforcement requests
  • AI Misuse Prevention: Detecting and preventing attempts to generate synthetic content that impersonates real individuals or violates applicable laws

3.3 Communication and Support:

  • Responding to your inquiries and providing customer support
  • Sending service-related notifications and updates
  • Communicating about account status, billing, or important policy changes

3.4 Legal and Regulatory Compliance:

  • Complying with applicable laws, regulations, and legal processes
  • Protecting our rights, property, and safety, as well as that of our users and the public
  • Investigating potential violations of our Terms of Service
  • Responding to takedown requests and rights holder complaints

3.5 Legal Bases for Processing:

We process your personal information based on the following legal grounds:

  • Performance of a contract: To deliver Services you request and fulfill our contractual obligations
  • Legitimate interests: For fraud prevention, product improvement, security monitoring, and business operations
  • Legal obligations: For recordkeeping, tax compliance, safety reporting, and regulatory requirements
  • Consent: For optional data processing, marketing communications, or enhanced features where applicable
  • Vital interests: To protect the safety and well-being of individuals or prevent harm

4. Data Storage and Security

4.1 Security Measures:

We implement robust technical, physical, and administrative security measures to protect your personal information, including:

  • Encryption of data in transit and at rest using industry-standard protocols
  • Regular security assessments and monitoring
  • Access controls and authentication protocols
  • Secure data centers with appropriate physical safeguards

Note: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

4.2 Data Retention:

We retain personal information for different periods based on the type of data and business need:

  • Account Information: Retained while your account is active and for up to 2 years after closure
  • Generation Logs and Watermark Data: Retained for up to 7 years for safety, legal compliance, and content traceability purposes
  • Payment Information: Retained for up to 7 years for tax and accounting purposes
  • Content Files: Unless otherwise specified, we may retain user-generated content and files for as long as necessary to provide services, maintain business operations, comply with legal obligations, or resolve disputes. You may request deletion at any time, and we will honor such requests in accordance with applicable law, except where retention is required for safety, fraud prevention, or legal defense.
  • Security Logs: Retained for up to 7 years for fraud prevention and legal compliance

Important Note: Due to safety and legal compliance requirements, certain data — including generation logs, prompt metadata, and embedded watermark identifiers — may be retained indefinitely. This data is critical for detecting misuse, investigating harmful content, enforcing platform policy, and responding to legal requests. It is not used for marketing or profiling.

5. Information Sharing and Disclosure

5.1 Third-Party Service Providers:

We may share information with trusted service providers who assist us in:

  • Payment processing and billing
  • Cloud hosting and data storage
  • Customer support and communication
  • Analytics and performance monitoring
  • AI model training and content moderation services

All service providers are bound by confidentiality agreements and are required to protect your information according to this Privacy Policy.

5.2 Legal Requirements:

We may disclose your information when required by law or in response to:

  • Valid legal processes, subpoenas, or court orders
  • Government investigations or regulatory requests
  • Protecting against fraud, security threats, or illegal activity
  • Enforcing our Terms of Service or protecting our legal rights
  • National security or public safety investigations where legally required

5.3 Content Safety and Traceability:

When necessary for safety investigations or legal compliance, we may:

  • Use watermark data to trace generated content to its source
  • Share generation logs with law enforcement when legally required
  • Cooperate with investigations related to harmful or illegal content
  • Provide content attribution data to affected individuals or rights holders

5.4 AI Misuse and Synthetic Content:

We proactively monitor for abuse of our AI tools, including attempts to generate synthetic content that impersonates real individuals, public figures, or violates any applicable laws. If such activity is detected or reported, we reserve the right to:

  • Retain, investigate, and share relevant data with enforcement agencies or affected parties as permitted by law
  • Suspend or terminate accounts involved in misuse
  • Preserve evidence for legal proceedings
  • Cooperate with law enforcement investigations

All generated content may contain tamper-resistant watermarking to support identification and enforcement.

We do not sell your personal information to third parties for marketing purposes.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

6.1 Access and Portability:

  • Right to access and receive a copy of your personal information
  • Right to data portability in a structured, machine-readable format
  • Right to obtain information about the sources of your data

6.2 Correction and Deletion:

  • Right to correct inaccurate personal information
  • Right to request deletion of your personal information (subject to legal retention requirements)
  • Right to request restriction of processing in specific circumstances

6.3 Processing Control:

  • Right to object to certain processing activities
  • Right to restrict processing in specific circumstances
  • Right to withdraw consent where processing is based on consent
  • Right to opt-out of automated decision-making and profiling

6.4 Content Rights:

  • Right to request takedown of AI-generated content that impersonates you
  • Right to dispute unauthorized use of your likeness in generated content
  • Right to receive information about content generation involving your data

6.5 Exercising Your Rights:

To exercise these rights, please contact us at Privacy Contact. We will respond to your request within the timeframe required by applicable law (typically 30 days, or up to 90 days for complex requests).

Important Note: Due to safety and legal requirements, some data such as generation logs and watermark information may not be deletable even upon account closure, as this data may be necessary for ongoing investigations, legal compliance, or protecting the rights of third parties.

7. International Data Transfers

As we operate globally, your information may be transferred to, stored, and processed in countries other than your residence. When transferring personal data internationally, we rely on appropriate legal mechanisms such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • User consent where appropriate and legally compliant
  • Binding Corporate Rules for intra-group transfers

We ensure equivalent protection through technical and organizational safeguards, including encryption, access controls, and contractual obligations for all recipients of your data.

8. Age Restrictions

You must be at least 18 years old or have reached the legal age of majority in your country of residence (whichever is higher) to use our Services. By using our Services, you represent that you meet these age requirements and have the legal capacity to enter into a binding contract. We do not knowingly collect personal information from individuals who do not meet these age requirements. If you believe we have collected information from someone who does not meet these requirements, please contact us immediately at Privacy Contact.

We may implement additional age verification measures and will delete any accounts found to belong to users under the required age.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, Services, or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending email notifications for significant changes to this Privacy Policy

Your continued use of our Services after the effective date of any changes constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you should discontinue use of our Services.

10. Regional Privacy Rights

10.1 European Economic Area (EEA), United Kingdom, and Switzerland:

Under the General Data Protection Regulation (GDPR), you have additional rights including:

  • Legal basis for processing: We process your data based on contract performance, legitimate interests, legal obligations, and consent
  • Right to lodge complaints with supervisory authorities
  • Enhanced rights regarding automated decision-making
  • Right to appoint a representative for data protection matters
  • Right to compensation for damages caused by GDPR violations

10.2 California Residents:

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have additional rights including:

  • Right to know what personal information is collected and how it's used
  • Right to delete personal information (subject to exceptions)
  • Right to opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to non-discrimination for exercising privacy rights
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information

10.3 Other Jurisdictions:

We also comply with privacy laws in other jurisdictions where we operate, including:

  • Canada (PIPEDA): Right to access and correct personal information, and file complaints with the Privacy Commissioner
  • Brazil (LGPD): Rights similar to GDPR, including access, correction, deletion, and data portability
  • Australia (Privacy Act): Right to access and correct personal information, and lodge complaints with the Privacy Commissioner
  • Japan (APPI): Rights to request disclosure, correction, and deletion of personal data

11. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Defcon Systems, LLC 113 West G Street, #549 San Diego, CA 92101 USA

Privacy Email: Privacy Contact

Data Protection Officer: Data Protection Officer

For privacy-related inquiries, please include "Privacy Policy" in your subject line. We will respond to all inquiries within 30 days.

Emergency Contact: For urgent privacy or security matters, including suspected data breaches or unauthorized access, contact us immediately at Security Contact

Legal Notice:

By using Ext.Systems, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service. This Privacy Policy is governed by the laws of the jurisdiction where Defcon Systems, LLC is incorporated, without regard to conflict of law principles. Any disputes arising under this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in that jurisdiction.