Privacy Policy

1. Data Controller

Is It AI? ("we", "us", "our") is the data controller responsible for your personal data.

Contact: hello@isitai.co.uk

2. Information We Collect

2.1 Information You Provide

• Account Data: Email address and password (encrypted) when you create an account
• Content for Analysis: Text or URLs you submit for AI detection. We store a preview (first 200 characters) of your submitted content along with the detection result and timestamp. This data helps us improve our service and understand usage patterns. Full content is not retained.
• Contact Information: Name, email, and message content if you contact us through our contact form
• Payment Information: Processed securely by Stripe. We do not store your full card details

2.2 Automatically Collected Information

• Usage Data: Scan timestamps, feature usage, and aggregate statistics
• IP Address: Hashed for rate limiting (free users). Full IP is not stored
• Device Information: Browser type, operating system (for compatibility and analytics)
• Cookies: Essential cookies for authentication and optional analytics cookies (with your consent)

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract Performance (Article 6(1)(b)): Processing necessary to provide our AI detection service to you
• Legitimate Interests (Article 6(1)(f)): Rate limiting, fraud prevention, service improvement, and security
• Consent (Article 6(1)(a)): Analytics cookies and marketing communications (where applicable)
• Legal Obligation (Article 6(1)(c)): Tax records and compliance with legal requirements

4. How We Use Your Information

• To perform AI detection analysis on your submitted content
• To create and manage your account
• To process payments and manage subscriptions
• To enforce rate limits and prevent abuse
• To improve our detection algorithms and service quality
• To send account-related notifications (password resets, billing)
• To respond to your support requests
• To comply with legal obligations

5. Data Sharing and Third Parties

We share data with the following categories of recipients:

5.1 AI Detection Providers

Your submitted content is sent to third-party AI detection APIs (Sapling, Copyleaks) solely for analysis. These providers process content under their own privacy policies. Content is transmitted securely and not retained by these providers beyond the analysis request.

5.2 Service Providers

• Stripe: Payment processing (PCI-DSS compliant)
• Vercel: Hosting and infrastructure
• Prisma/PostgreSQL: Database services

5.3 We Do Not

• Sell your personal data to advertisers or data brokers
• Share your data for marketing purposes without consent
• Store the full content you submit for analysis (only a 200-character preview)
• Share your submitted content with any third parties for purposes other than AI detection

6. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with all third-party providers
• Encryption of data in transit and at rest

7. Data Retention

8. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of Access (Article 15): Request a copy of your personal data. You can export your data from your dashboard.
• Right to Rectification (Article 16): Request correction of inaccurate data
• Right to Erasure (Article 17): Request deletion of your data. You can delete your account from your dashboard.
• Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format (JSON export available)
• Right to Restrict Processing (Article 18): Request limitation of processing in certain circumstances
• Right to Object (Article 21): Object to processing based on legitimate interests
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time

To exercise these rights, email hello@isitai.co.uk or use the self-service options in your dashboard.

9. Cookies

We use the following types of cookies:

• Essential Cookies: Required for authentication and security. Cannot be disabled.
• Analytics Cookies: Help us understand how visitors use our site. Only set with your consent.

You can manage cookie preferences through our cookie consent banner or your browser settings.

10. Security

We implement appropriate technical and organizational measures to protect your data:

• 256-bit TLS/SSL encryption for all data in transit
• Encrypted database storage
• Passwords hashed using bcrypt
• Regular security audits
• Access controls and authentication for all systems

11. Children's Privacy

Is It AI? is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email (if you have an account) and by posting a notice on our website. The "Last updated" date at the top shows when this policy was last revised.

13. Complaints

If you have concerns about how we handle your data, you have the right to lodge a complaint with your local data protection authority. In the UK, this is:

14. Contact Us

For privacy inquiries or to exercise your rights:
Email: hello@isitai.co.uk