Compliance
Provenance & AI disclosure
Every image output carries layered AI-generated-content disclosure, for EU AI Act Article 50:
- IPTC metadata — the IPTC Digital Source Type field records how the image was produced (AI-generated or AI-edited) and is readable by standard photo tools.
- C2PA Content Credentials — an embedded, signed provenance manifest recording the processing actions. Tools that read C2PA can see the asset was AI-processed and trace its origin.
- Invisible watermark — an imperceptible, pixel-level mark that survives re-encoding and screenshots, so the disclosure persists even if the metadata is stripped.
Audio watermarking
Generated and cloned speech is watermarked by default (apply_watermark: true on
the speech and voice-clone endpoints). Keep
it enabled unless you have a specific, compliant reason not to.
Ephemeral processing & data retention
ImagePipeline processes media ephemerally, it acts as a data processor, not a data controller. Your inputs and outputs are never stored long-term.
- Faces are never stored. Identity profiles reference your own storage via a pointer; the API never accesses it and never holds your encryption key.
- Results are temporary.
result_urlis a pre-signed link that expires within 24 hours, download and store outputs in your own storage.
tip
Because results are ephemeral, treat your own storage as the system of record. Persist the downloaded file (and any provenance you need) at the moment a job completes.