Terms of Service

These Terms govern your use of L'AItelier (the “Service”), accessible at laitelier.com. By signing in or using any part of the Service, you agree to them. If you don't agree, don't use the Service.

You must be at least 18 years old, or the age of majority in your jurisdiction, to use the Service. If you're using it on behalf of an organisation, you represent that you have authority to bind that organisation to these Terms.

L'AItelier is an authentication tool for creative work. Specifically, the Service lets you:

• Upload a media file to our servers, where it is hashed (SHA-256), signed, and deleted — typically within seconds — so we retain a cryptographic fingerprint of your work, not the work itself.
• Embed an invisible forensic watermark (a “DNA Mark”) into still images, when that's supported by the file's format.
• Receive a signed C2PA manifest (for image and video) or our DNA Watermark envelope (for audio and PDF), binding the hash to your identity, your source declaration, and a timestamp.
• Retrieve and verify that manifest later by hashing any candidate file and looking it up. Verification at /validator runs entirely in your browser — nothing is uploaded.
• For video, download a transparent “cr” pin overlay sized to your frame, so you can composite it in your own editor without any quality loss to your master file.

The Service is an attestation tool, not a legal opinion, not a court ruling, and not a copyright registration. It produces evidence that a court, platform, or client can weigh — it doesn't decide outcomes.

You need an account to certify media. You're responsible for keeping your credentials secure and for all activity on your account. Sign-in is handled through industry-standard authentication with hashed credentials and short-lived session cookies. Notify us immediately if you suspect your account has been compromised so we can revoke active sessions.

You retain all rights to media you certify. L'AItelier never acquires a licence to publish, display, redistribute, train models on, or otherwise exploit your work. The only things we store on your behalf are:

• The SHA-256 hash of the original file (not the file).
• The SHA-256 hash of the watermarked file, if any.
• A perceptual hash of images, used only to detect near-duplicates at certification time.
• A signed C2PA manifest describing the file's dimensions, mime type, size, frameworks you claimed, your source declaration, and the cryptographic signature.
• Your email address and the certificate's audit trail.

We deliberately don't retain the raw media for privacy and GDPR-minimisation reasons. The file is deleted from our servers the instant the certificate is issued. If you lose the original, we can't give it back to you.

When you certify media you must declare its source honestly from three options: AI-generated, real-capture, or hybrid. That declaration is signed into the manifest and shown to anyone who verifies the file.

• Declaring AI output as real-capture to deceive viewers is a material breach of these Terms and grounds for immediate account termination.
• You agree to note AI assistance (upscaling, inpainting, sky-replacement, generative fill, voice cloning, etc.) in the “hybrid” note field when the AI contribution is more than incidental.

You agree not to use the Service to:

• Certify media you don't have the right to publish, or media depicting another person's likeness or voice without their consent.
• Create or legitimise non-consensual intimate imagery, deepfakes, face swaps, voice impersonations, or any media intended to deceive viewers about a real person.
• Claim material that was previously certified by another user, attempt to defeat duplicate detection, or launder AI-generated media as human-captured.
• Violate any law or the rights of any person (including intellectual-property, privacy, publicity, or data-protection rights).
• Reverse-engineer the signing service, attack the verification endpoint, harvest hashes in bulk, or probe the system for vulnerabilities without our written permission.
• Use the Service to harass, defame, or threaten any person, or to produce content depicting the sexual abuse of minors.

Before issuing a certificate we check whether the file — or a perceptually near-identical variant — has already been certified. If someone else got there first, your certification will be rejected with a redacted summary of the conflict. If it's your own prior certificate, we supersede it: the older record is deleted and the new certificate becomes the active one. Only one live certificate can exist per piece of media.

For image and video, each certificate is a detached C2PA manifest signed by our issuing key — verifiable with any compliant C2PA reader, including our own verifier at laitelier.com/validator and Adobe's Content Credentials verifier. For audio and PDF we embed a signed L'AItelier DNA Watermark envelope (an ID3v2 TXXX frame for audio, an unreferenced object after the trailing %%EOF for PDF), verifiable at our validator; as the C2PA ecosystem converges on audio and document support we'll ship C2PA manifests alongside the envelope. We may rotate our signing key for security reasons. Existing certificates remain valid because each record embeds the key identifier (and, for C2PA, the certificate chain) it was signed under at issuance time.

We aim for high availability but don't guarantee uninterrupted service. Scheduled maintenance and incident response may temporarily prevent new certifications; existing certificates are unaffected because they're self-contained cryptographic artefacts. We may change, add, or remove Service features; if a change materially reduces functionality you rely on, we'll give you reasonable notice.

Some features may be offered under paid plans. Prices, quotas, and renewal terms will be shown to you before purchase. Subscriptions renew automatically until cancelled in your account settings. Refunds are handled on a case-by-case basis for billing errors or failures attributable to us — contact billing@laitelier.com within 14 days of the charge. Certificates you've already issued remain valid even if your subscription ends.

The L'AItelier name, logo, the “DNA Mark” watermark scheme, the verifier, the signed-manifest format we emit, and the site's source code are our property. You may link to the site and display certificates you've issued; you may not clone the Service, re-brand it, or train AI models on our UI or documentation without written permission.

The Service is provided “as is” and“as available”. To the fullest extent permitted by law, we disclaim all warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that the Service will be error-free, that any particular platform or court will accept a certificate as dispositive evidence, or that invisible watermarks will survive every possible transcode or edit.

To the maximum extent permitted by law, L'AItelier will not be liable for indirect, incidental, consequential, special, or punitive damages, or for lost profits, revenue, data, or goodwill. Our aggregate liability for any claim arising out of or related to the Service is limited to the greater of the amount you paid us in the 12 months preceding the claim and USD 100. Some jurisdictions don't allow certain limits; in those jurisdictions our liability is limited to the greatest extent allowed.

You may delete your account at any time from your account settings. We may suspend or terminate your access if you materially breach these Terms, abuse the Service, or use it for unlawful purposes — with notice where practical. On termination, your certificates remain cryptographically valid and verifiable (they're detached, signed artefacts), but your ability to issue new ones will end.

These Terms are governed by the laws of France, without regard to conflict-of-law principles. Disputes will be brought exclusively in the competent courts of Paris, unless mandatory local consumer-protection law gives you the right to a different forum.

Nothing in §15 is intended to deprive a consumer of the mandatory protections available under the law of their place of residence. Where a mandatory provision of local consumer law conflicts with these Terms, the local provision prevails to the extent of the conflict, and a consumer may bring proceedings in the courts that local law gives them access to.

This applies in particular to (a) consumers resident in the European Union, the European Economic Area, the United Kingdom, or Switzerland, who retain the protections of their home jurisdiction's consumer-protection rules and the GDPR / UK GDPR rights set out in the Privacy Policy; and (b) consumers resident in Canada, who retain the protections of their province's consumer-protection legislation (including BC's Business Practices and Consumer Protection Act, Alberta's Consumer Protection Act, Ontario's Consumer Protection Act, 2002, and Quebec's Consumer Protection Act) plus their PIPEDA / provincial-PIPA / Quebec Law 25 rights.

For Quebec residents, the English and French versions of these Terms are equally binding; in case of conflict the version more favourable to the consumer prevails. Privacy contacts and our named Privacy Officer for Canada can be reached at privacy@laitelier.com.

Questions about these Terms: legal@laitelier.com. For security disclosures: security@laitelier.com.