Done-for-you offer · Fractional CMO with AI Swarm · gbp-agent 4-skill bundle · gbp-agent
Per-location photo de-duplication audit for multi-unit franchise, multi-location service brand, multi-location retail, multi-location healthcare, and PE-sponsored portfolio operators — Detect + Classify + Remediate + Attest 4-skill bundle on the gbp-agent, under a 5-anchor compliance overlay anchored on Google Business Profile photo guidelines + per-platform image policy + image copyright + DMCA + per-stock-photo license, right of publicity + per-state photo subject consent + Tennessee ELVIS Act + model release + employee consent, ADA + WCAG alt-text + EU EAA, NIST AI RMF + EU AI Act Article 50 + state AI laws + AI photo training-data IP, and privacy + CCPA + GDPR + DSA + per-vendor zero-retention + state biometric (BIPA + CUBI)
You operate 50-1,500 service-brand locations × per- location photo libraries × per-platform (Google Business Profile + Bing Places + Apple Business Connect + Yelp + Meta Pages). Google Business Profile photo guidelines + Google Posts + Google Reviews photo policy govern per-platform photo posture. Image copyright 17 USC 102 + DMCA Section 512 takedown + per-stock-photo license terms (Getty Images + Shutterstock + Adobe Stock + Unsplash + Pexels) + per-photographer licensing + Creative Commons attribution govern per-photo licensing. Right of publicity state-by-state (California Civil Code 3344 + NY GBL 50-51 + Tennessee Personal Rights Protection Act + ELVIS Act effective July 1, 2024 + Indiana + Florida + Ohio + similar) governs photos depicting identifiable individuals. Tennessee ELVIS Act protects voice + likeness from unauthorized AI replication. Model release per- jurisdiction + employee photo consent state-by-state + minor consent (COPPA + California AADC + Connecticut SB 3 + Maryland AADC) govern subject consent. ADA Title III + WCAG 2.2 AA alt-text + Robles v Dominos + DOJ ADA Web Accessibility Final Rule (April 2024) + EU EAA (effective June 28, 2025) require image accessibility. EU AI Act (Regulation 2024/1689) Article 50 + state AI-generated content laws (California AB 2655 + AB 2839 + Texas SB 751 + Tennessee ELVIS Act) require marking AI-generated photos. Per-vendor AI photo training-data IP evolves through ongoing AI litigation (Andersen v Stability AI + Getty Images v Stability AI). State biometric privacy (Illinois BIPA + Texas CUBI + Washington biometric) applies when face recognition extracted. The GBP management, photo management, reverse image search, computer vision, AI photo, and brand-asset vendors below ship strong primitives. The orchestration above them is operator-side architecture. You keep all subscriptions, posture libraries, license registers, and audit trail. You keep the ability to in-house at any time.
Published September 24, 2026
The real ecosystem this sits above
GBP management + photo management + brand-asset
GBP: Yext, BirdEye, Podium, Chatmeter, Reputation.com, Uberall, Synup, Moz Local, BrightLocal, Whitespark, Vendasta, Rio SEO, SOCi. Photo management: Cloudinary, imgix, Cloudflare Images, Bynder, Frontify, Brandfolder, Widen, Acquia DAM. Each ships strong primitives. Per-platform photo policy + per-stock- photo license register + per-photographer licensing register + Creative Commons attribution library above them is operator-side architecture.
Reverse image search + perceptual hashing + computer vision + AI photo
Reverse image search: Google Reverse Image Search, TinEye, Yandex Image, Bing Visual Search, PicScout, Pixsy. Perceptual hashing: pHash, dHash, aHash, wHash, ImageMagick, OpenCV, ImageHash. Computer vision: AWS Rekognition, Google Cloud Vision, Azure Computer Vision, Clarifai. AI photo: Midjourney, DALL-E 3, Stable Diffusion, Adobe Firefly, Google Imagen, Ideogram. Each ships strong primitives. Right-of- publicity register + Tennessee ELVIS Act posture + model release library + employee consent + minor consent + EU AI Act Article 50 marking + state AI disclosure + per-vendor AI photo training-data IP register above them is operator-side architecture.
Policy-as-code + WORM + legal research
Policy-as-code: OPA Rego, AWS Cedar, Casbin, Cerbos, Oso. WORM: AWS S3 Object Lock, GCS retention, Azure Blob immutable, Snowflake Time Travel. Legal: Westlaw, Lexis+, Bloomberg Law, Practical Law. Each ships strong primitives. The 5-anchor compliance gate is operator-side architecture.
Frequently asked
What does per-location photo de-duplication audit deliver, and how does the 4-skill bundle decompose?
An orchestration layer above the operator GBP management + photo management + reverse image search + perceptual hashing + computer vision + AI photo + brand-asset + policy-as-code + WORM-storage stack that audits per-location photo assets across 50-1,500 locations × per-platform (Google Business Profile + Bing Places + Apple Business Connect + Yelp + Meta Pages) for duplication, copyright infringement, right-of-publicity violations, AI-generated content without proper marking, accessibility failures, and per-platform photo policy violations — under operator-counsel-approved Google Business Profile photo guidelines + per-platform photo policy + image copyright + DMCA + per-stock-photo license + right of publicity + per-state photo subject consent + Tennessee ELVIS Act + model release + employee consent + ADA + WCAG alt-text + EU EAA + NIST AI RMF + EU AI Act Article 50 + state AI laws + AI photo training-data IP + privacy + DSA gates. Skill 1 — Detect: scan per-location photo assets across operator GBP listings + operator photo management (Cloudinary, imgix, Cloudflare Images, Bynder, Frontify, Brandfolder, Widen, Acquia DAM — operator chooses) + operator brand-asset, generate perceptual hashes (pHash + dHash + aHash + wHash) via ImageMagick + OpenCV + ImageHash, run reverse image search across operator-licensed reverse-image vendors (Google Reverse Image Search + TinEye + Yandex Image + Bing Visual Search + PicScout + Pixsy — operator chooses), identify duplicate clusters, near-duplicate clusters, cross-location photo reuse, and external-site appearance of operator photos. Skill 2 — Classify: classify each photo + duplicate cluster under operator-counsel-approved per-asset-class posture (cleared operator-owned + cleared per-stock-photo-license attestation + cleared per-photographer-licensing + cleared Creative Commons with proper attribution + AI-generated with Article 50 marking + AI-generated with per-state AI disclosure + right-of-publicity posture for identifiable individuals + minor-consent posture under COPPA + AADC + employee-consent state-by-state posture + copyright infringement requiring DMCA Section 512 takedown + per-platform-policy-violating requiring per-platform removal request + paused pending operator counsel review + prohibited from continued use). Classify uses operator-chosen computer vision (AWS Rekognition + Google Cloud Vision + Azure Computer Vision + Clarifai — operator chooses) for object detection + face detection + scene classification + landmark recognition + text extraction + adult-content + safety-content classification. Skill 3 — Remediate: execute per-asset-class remediation. For duplicate clusters, select canonical operator-counsel-approved master + deprecate duplicates per per-platform photo guidelines. For copyright-infringement-class photos detected on external sites, prepare per-DMCA Section 512(c)(3) takedown notice with required elements. For right-of-publicity violations (likeness + voice + name + signature used without consent), pause use + route to operator counsel for per-state right-of-publicity analysis. For AI-generated photos without Article 50 marking, apply machine-readable AI-content marking + explicit user-visible deepfake disclosure when required. For per-platform photo policy violations, submit per-platform removal request with documented evidence. For ADA + WCAG alt-text failures, generate operator-counsel-approved alt-text + per-state language access translation. Skill 4 — Attest: emit per-asset per-platform attestation (perceptual hash + reverse-image-search results + per-asset-class posture + remediation action + per-stock-photo-license evidence + right-of-publicity attestation + model-release evidence + AI-generated content marking + alt-text + per-state language access + counsel-policy-version) to the operator WORM audit trail.
Where does single-vendor photo management tooling stop compounding for per-location photo audit at multi-location-service-brand scale?
Single-vendor photo management is solved. Cloudinary + imgix + Cloudflare Images + Bynder + Frontify + Brandfolder + Widen + Acquia DAM ship strong managed photo management + DAM. Google Reverse Image Search + TinEye + Yandex Image + Bing Visual Search + PicScout + Pixsy ship strong reverse image search. AWS Rekognition + Google Cloud Vision + Azure Computer Vision + Clarifai ship strong computer vision. Midjourney + DALL-E 3 + Stable Diffusion + Adobe Firefly + Google Imagen + Ideogram ship strong AI photo generation. Yext + BirdEye + Podium + Chatmeter + Reputation.com + Uberall + Synup + Moz Local + BrightLocal + Whitespark + Vendasta + Rio SEO + SOCi ship strong GBP management. The compound case the gbp-agent has to handle is the one where (a) operator runs 50-1,500 locations × per-location photo libraries × per-platform (Google Business Profile + Bing Places + Apple Business Connect + Yelp + Meta Pages), (b) Google Business Profile photo guidelines + Google Posts photo policy + Google Reviews photo policy + Bing Places + Apple Business Connect + Yelp + Meta Pages photo policy continue to evolve — duplicate photo content + watermarked images + low-quality images + photos not depicting the business may be rejected or removed; impermissible content (graphic violence + sexual content) is removed, (c) image copyright 17 USC 102 + DMCA Section 512 takedown procedures + per-stock-photo license terms (Getty Images + Shutterstock + Adobe Stock + Unsplash + Pexels) + per-photographer licensing + Creative Commons attribution requirements continue to evolve — operators using stock photos without per-platform-permitted-use must verify per-stock-photo license includes per-platform redistribution scope; operators using photographer-shot photos must maintain per-photographer agreement; operators using Creative Commons photos must maintain proper attribution per CC license terms, (d) right of publicity state-by-state (California Civil Code 3344 + 3344.1 + NY GBL 50-51 + Tennessee Personal Rights Protection Act + ELVIS Act effective July 1, 2024 + Indiana + Florida + Ohio + similar per-state patchwork) applies when photos depict identifiable individuals including customers + employees + third parties; minor-consent under COPPA + California AADC + Connecticut SB 3 + Maryland AADC; per-state employee photo consent varies; model release per-jurisdiction varies; per-platform photo of person policies, (e) ADA Title III + WCAG 2.2 AA alt-text + image accessibility + Robles v Dominos (9th Cir 2019) + DOJ ADA Web Accessibility Final Rule (April 2024) + EU European Accessibility Act (effective June 28, 2025) + per-state language access apply to all photo alt-text + image descriptions, (f) AI-generated photo content marking compounds — EU AI Act (Regulation 2024/1689) Article 50 requires machine-readable marking + explicit user-visible deepfake disclosure for deepfake-class generated images; state AI-generated content laws including California AB 2655 + AB 2839 + Texas SB 751 + Tennessee ELVIS Act + similar state patchwork; per-vendor AI photo training-data IP evolves through ongoing AI litigation (Andersen v Stability AI + Getty Images v Stability AI + Concord Music v Anthropic + multiple class actions), (g) NIST AI RMF + ISO 42001, (h) privacy + per-vendor photo management + computer vision + AI photo zero-retention + CCPA cross-context + GDPR Article 28 + DSA Article 16 notice-and-action + Article 28 child protection + per-platform data-use. Without an orchestration layer above the GBP + photo management + reverse image search + perceptual hashing + computer vision + AI photo + brand-asset vendors, duplicate photos fragment GBP visual identity and trigger per-platform removal, copyright exposure compounds when stock-photo license scope unclear, right-of-publicity exposure compounds when photos depict identifiable individuals without consent, Tennessee ELVIS Act exposure compounds when AI replicates voice + likeness, COPPA + AADC exposure compounds when photos depict minors, ADA + WCAG alt-text goes unmaintained, EU AI Act Article 50 marking fragments on AI-generated photos, AI photo training-data IP exposure compounds, per-vendor zero-retention fragments, and the audit trail of "which photo + which license + which consent + which AI-source + which per-platform posture + which counsel-policy-version" fragments. The orchestration above the vendors is what holds the cross-location + cross-platform + cross-vertical + cross-jurisdiction + cross-AI-provider invariants.
How does Skill 2 Classify handle right of publicity + per-state photo subject consent + Tennessee ELVIS Act + model release + employee consent?
Per-photo subject-consent posture is operator-counsel-approved per-asset-class. Right of publicity state-by-state — California Civil Code 3344 (living-person right of publicity, statutory damages + injunctive relief + attorney fees) + 3344.1 (deceased-person right of publicity, 70-year postmortem term) + NY Right of Publicity Law (GBL 50 + 51 + post-mortem amendments effective 2021 with 40-year postmortem term for performers + commercial value) + Tennessee Personal Rights Protection Act + ELVIS Act (Ensuring Likeness, Voice, and Image Security Act, effective July 1, 2024) protecting voice + likeness from unauthorized AI replication with civil + criminal remedies + Indiana right of publicity (with 100-year postmortem) + Florida + Ohio + similar per-state patchwork. Model release per-jurisdiction varies — operator-counsel-and-marketing-team-approved per-state model-release template required when photographing identifiable individuals for commercial use; living-individual release vs deceased-individual release vs minor-release vs employee-release vary per jurisdiction. Employee photo consent state-by-state — some states require explicit employee written consent for commercial use of likeness; California AB 1455 + per-state similar. Minor consent under COPPA + California AADC + Connecticut SB 3 + Maryland AADC — when photo depicts minor, parent + guardian consent required + age-appropriate use restrictions. The orchestration assigns each photo depicting identifiable individuals an operator-counsel-approved per-subject posture (cleared with model release on file + cleared as recognizable employee with employment-context consent + cleared as deceased-individual outside postmortem term + cleared as public-figure under newsworthiness exception + cleared as Creative Commons with proper attribution + paused pending consent verification + paused pending operator counsel right-of-publicity analysis + prohibited from continued use). When AI replicates voice + likeness, Tennessee ELVIS Act + per-state right of publicity attestation required. When photo depicts minor, COPPA + AADC + per-state minor-consent posture required. Per-photo subject-consent posture + model-release evidence + per-state right-of-publicity attestation + Tennessee ELVIS Act posture + minor-consent posture attestation writes to WORM audit trail with rule-citation evidence + counsel-policy-version.
What compliance does the orchestration enforce, and how does it map to GBP photo guidelines + image copyright + DMCA + right of publicity + ADA + WCAG + EU EAA + NIST AI RMF + EU AI Act + AI photo IP + privacy?
Five anchors. Anchor 1 — Google Business Profile photo guidelines + per-platform image policy + image copyright + DMCA + per-stock-photo license. Google Business Profile photo guidelines + Google Posts photo policy + Google Reviews photo policy + Bing Places photo guidelines + Apple Business Connect + Yelp photo guidelines + Meta Pages photo policy + per-platform impermissible content + per-platform watermark + low-quality + not-depicting-business removal procedures. Image copyright 17 USC 102 + DMCA Section 512(c)(3) takedown elements (signature + identification of copyrighted work + identification of infringing material + contact information + good-faith statement + accuracy statement under penalty of perjury) + per-stock-photo license terms (Getty Images + Shutterstock + Adobe Stock + Unsplash + Pexels + Pixabay) + per-photographer licensing agreements + Creative Commons attribution requirements (BY + SA + NC + ND with proper attribution chain). Lanham Act 15 USC 1125(a) when photos misrepresent source. Anchor 2 — Right of publicity + per-state photo subject consent + Tennessee ELVIS Act + model release + employee consent. Right of publicity state-by-state (CA Civ Code 3344 + 3344.1 + NY GBL 50-51 + Tennessee PRPA + ELVIS Act effective July 1, 2024 + Indiana + Florida + Ohio + similar). Tennessee ELVIS Act for AI-replicated likeness + voice. Model release per-jurisdiction. Employee photo consent state-by-state. Minor consent under COPPA + California AADC + Connecticut SB 3 + Maryland AADC. Per-platform photo-of-person policies. Anchor 3 — ADA Title III + WCAG + EU EAA + per-state language access. ADA Title III + 2010 ADA Standards + WCAG 2.2 AA alt-text + image accessibility + decorative image marking + complex image long descriptions + Robles v Dominos (9th Cir 2019) + DOJ ADA Web Accessibility Final Rule (April 2024) + per-state similar (Unruh Civil Rights Act California + NY State Civil Rights Law) + EU European Accessibility Act 2019/882 (effective June 28, 2025) + per-state language access (California Translation Act Health and Safety Code 1259 healthcare + per-state similar). Anchor 4 — NIST AI RMF + ISO 42001 + EU AI Act Article 50 + state AI laws + AI photo training-data IP. NIST AI RMF (NIST AI 100-1) Map + Measure + Manage + ISO/IEC 42001 Clause 8 + EU AI Act (Regulation 2024/1689) Article 50 generative-content marking when AI-generated photo + Article 13 + Article 14 + Article 26 + state AI-generated content laws (California AB 2655 + AB 2839 + Texas SB 751 + Minnesota + Washington election deepfake + Tennessee ELVIS Act + similar) + per-vendor AI photo training-data IP (Andersen v Stability AI + Getty Images v Stability AI + Concord Music v Anthropic + multiple class actions). Anchor 5 — Privacy + per-platform + DSA + per-vendor photo management + computer vision + AI photo zero-retention + COPPA + AADC. CCPA Section 1798.140(ae) cross-context + state-comprehensive-privacy + GDPR Articles 5 + 6 + 9 (biometric data including face recognition) + 22 + 25 + 26 + 28 + 30 + 32 + 35 DPIA + ePrivacy + UK GDPR + EU DSA Article 16 notice-and-action + Article 28 child protection + COPPA + California AADC + Connecticut SB 3 + Maryland AADC. Per-vendor photo management + computer vision + AI photo data-retention attestation. Per-platform data-use (Meta CAPI + Google Enhanced Conversions + Apple SKAdNetwork + LiveRamp). State biometric privacy (Illinois BIPA 740 ILCS 14 + Texas CUBI + Washington biometric + similar state patchwork) when face recognition or biometric features extracted. Broader gate enforced via policy-as-code. WORM audit trail with per-statute retention (DMCA + copyright SOL variable + state right-of-publicity SOL variable + Tennessee ELVIS Act variable + COPPA 1yr + GDPR 6yr + CCPA 3yr + BIPA 5yr + state biometric variable + IRS 7yr + EU AI Act 10yr + EU EAA variable) per operator counsel policy.
What does the engagement look like across Tier 1 → Tier 2 → Tier 3, and what does the Tier 3 reporting cycle commit to?
Tier 1 AI Readiness Assessment ($10k, 2-3 weeks): audits the operator current per-location photo de-duplication posture against the 4-skill bundle + 5-anchor compliance overlay; gap-pack identifies which per-location photo libraries have duplicate clusters, which per-platform photo posture is unmaintained, which photos lack per-stock-photo-license attestation, which photos lack per-photographer-licensing, which Creative Commons photos lack proper attribution, which photos depicting identifiable individuals lack model-release evidence + per-state right-of-publicity posture + Tennessee ELVIS Act posture + employee consent + minor consent, which AI-generated photos lack EU AI Act Article 50 marking + state AI disclosure, which photos lack ADA + WCAG alt-text + per-state language access, whether per-vendor photo management + computer vision + AI photo zero-retention attestation chain is maintained, whether biometric privacy (Illinois BIPA + Texas CUBI + Washington biometric + state similar) is wired when face recognition used, whether CCPA + GDPR + DSA + COPPA + AADC posture is wired. Tier 2 AI Swarm Setup Sprint ($25-50k, 4-8 weeks): builds the 4-skill bundle on the gbp-agent, wires GBP + photo management + reverse image search + perceptual hashing + computer vision + AI photo + brand-asset + policy-as-code + WORM-storage (operator-chosen subset), configures the operator-counsel-approved per-platform photo policy library + image copyright + DMCA Section 512 takedown library + per-stock-photo license register + per-photographer licensing register + Creative Commons attribution library + per-state right-of-publicity register + Tennessee ELVIS Act posture + model release library + employee consent library + minor consent (COPPA + AADC) library + ADA + WCAG alt-text + per-state language access library + EU AI Act Article 50 marking flow + state AI disclosure library + per-vendor AI photo training-data IP register + per-vendor zero-retention attestation chain + biometric privacy (BIPA + CUBI + state biometric) library + CCPA + GDPR + DSA + per-platform data-use, runs 30-day shadow + canary with Remediate in paused-mode before flipping to enforce-mode. Tier 3 Fractional CMO with AI Swarm ($15-25k/month, 6-month minimum): continues with continuous Detect + Classify + Remediate + Attest. Tier 3 reporting is a 6-workstream pre-engagement-baseline reporting cycle (per-platform photo policy pass-rate + per-stock-photo + per-photographer license freshness + right-of-publicity + Tennessee ELVIS Act posture freshness + ADA + WCAG alt-text + per-state language access posture freshness + EU AI Act Article 50 marking completeness + biometric privacy posture freshness + WORM audit-trail completeness) measured against the operator’s pre-engagement baseline. Reporting carries explicit caveats: vendor SLA + per-platform photo policy amendments + Google Business Profile photo guideline amendments + Bing Places + Apple Business Connect + Yelp + Meta amendments + image copyright case-law evolution + DMCA Section 512 reform + per-stock-photo license amendments + Creative Commons license amendments + per-state right-of-publicity case-law + Tennessee ELVIS Act progeny + COPPA + AADC amendments + ADA + WCAG version updates + DOJ Final Rule progeny + EU EAA implementing measures + per-state language access amendments + EU AI Act Article 50 implementing acts + state AI-generated content law progeny + per-vendor AI photo training-data IP case-law evolution + NIST AI RMF + ISO 42001 amendments + DSA implementing guidance + CCPA + state-comprehensive-privacy implementing rules + Illinois BIPA + Texas CUBI + state biometric amendments sit outside Completions control. Attorney-client privilege preservation across operator-counsel-approved rulesets.
Who owns the photo stack, the per-stock-photo licenses, the right-of-publicity register, the model release library, and the audit trail?
Operator owns every artifact. GBP management subscription (Yext + BirdEye + Podium + Chatmeter + Reputation.com + Uberall + Synup + Moz Local + BrightLocal + Whitespark + Vendasta + Rio SEO + SOCi — operator chooses) runs under operator billing. Photo management (Cloudinary + imgix + Cloudflare Images + Bynder + Frontify + Brandfolder + Widen + Acquia DAM — operator chooses) runs under operator billing. Reverse image search vendor (Google + TinEye + Yandex + Bing Visual Search + PicScout + Pixsy — operator chooses) runs under operator account. Computer vision vendor (AWS Rekognition + Google Cloud Vision + Azure Computer Vision + Clarifai — operator chooses) runs under operator account with operator-counsel-approved DPAs + zero-retention attestation + biometric-privacy attestation when face recognition. AI photo vendor (Midjourney + DALL-E 3 + Stable Diffusion + Adobe Firefly + Google Imagen + Ideogram — operator chooses) runs under operator account with operator-counsel-approved DPAs + zero-retention + training-data licensing + right-of-publicity attestation. Brand-asset management runs under operator billing. The operator-counsel-approved per-platform photo policy library + image copyright + DMCA Section 512 takedown library + per-stock-photo license register + per-photographer licensing register + Creative Commons attribution library + per-state right-of-publicity register + Tennessee ELVIS Act posture + model release library + employee consent library + minor consent library + ADA + WCAG alt-text + per-state language access library + EU AI Act Article 50 marking flow + state AI disclosure library + per-vendor AI photo training-data IP register + per-vendor zero-retention attestation chain + biometric privacy library + CCPA + GDPR + DSA records all live in operator counsel + marketing + HR + CISO + AI-governance repo. The Detect + Classify + Remediate + Attest skill code lives in operator code repo. The policy-as-code policies live in operator code repo, counsel-aligned. The WORM audit trail lives on operator-controlled cloud storage with per-statute retention enforcement. Completions owns the orchestration knowledge and transfers it under the Tier 3 transition path (30-60 days at engagement end). Completions credentials revoke on engagement-end.
Engage Completions
Start with the AI Readiness Assessment (Tier 1, 2-3 weeks, $10k). Hand off to Tier 2 AI Swarm Setup Sprint ($25-50k, 4-8 weeks). Continue under Tier 3 Fractional CMO with AI Swarm ($15-25k/mo, 6-month minimum, 1-2 days/wk embedded).
Related reading
- Done-for-you post-crisis GBP repair (the GBP repair workflow that operates on the same listing surfaces this photo audit cleans)
- AI agent governance (the broader governance posture this photo de-duplication skill operates within)
- Fractional CMO with AI Swarm (Tier 3 engagement that operates the photo audit cycle)