Privacy
Policy

When you use DeepSight, we collect only what is necessary to provide and improve our service. This falls into a few categories:

Account Information -- If you create an account, we collect your email address and a display name. We do not require a real name. Payment information is processed by our third-party payment provider (Stripe) and is never stored on our servers.

Usage Data -- We collect anonymized analytics about how you interact with our service, including pages visited, features used, and general session duration. This helps us understand which parts of the product are working well and which need attention.

Device and Browser Data -- We automatically collect standard technical information such as your browser type, operating system, screen resolution, and IP address. IP addresses are anonymized within 24 hours of collection.

Images Submitted for Analysis -- When you upload an image to our detector, the image is transmitted to our servers for processing. Please see Section 02 for our detailed image handling practices.

Privacy is fundamental to how our image analysis pipeline works, not an afterthought. Here is what happens when you submit an image:

The image is uploaded via an encrypted HTTPS connection to our processing servers. Our detection engine analyzes the image in real time, examining it for synthetic patterns, frequency artifacts, and AI-generation signatures across 30+ known generators.

Once the analysis is complete and results are returned to you, the image is permanently deleted from our processing environment. No copy is retained. No thumbnail is generated. No metadata is extracted and stored separately.

We do retain the analysis result itself -- the verdict, confidence score, and detected generator -- in anonymized form. This aggregate data, which cannot be traced back to any specific image, helps us monitor accuracy and improve our models over time.

If you use our API, the same principles apply. Images sent via the API are processed and discarded with the same immediacy as images uploaded through the web interface.

We use a minimal set of cookies to keep the service functional and to understand broad usage patterns. We do not use cookies for advertising or cross-site tracking.

Essential Cookies -- These are required for the service to function properly. They handle things like session management, authentication state, and usage limits for free-tier users. You cannot opt out of these without losing access to core features.

Analytics Cookies -- We use privacy-focused analytics (Plausible) to understand how visitors use our site. This service does not use cookies that track individuals across websites and is fully GDPR-compliant by design.

We do not use any third-party advertising cookies. We do not participate in ad exchanges or sell any data to advertisers. Period.

We work with a small number of trusted third-party services to operate DeepSight. Each has been selected for their strong privacy practices:

Stripe -- Handles payment processing for Pro and API subscriptions. Stripe processes your payment information directly and is PCI-DSS Level 1 certified. We never see or store your full card number.

Plausible Analytics -- Provides privacy-focused website analytics. Plausible does not use cookies for tracking, does not collect personal data, and is fully compliant with GDPR, CCPA, and PECR.

Cloud Infrastructure (AWS) -- Our processing servers are hosted on Amazon Web Services in the United States and European Union. All data is encrypted in transit and at rest.

We do not share, sell, or rent your personal information to any third party for their own marketing or commercial purposes. Any data shared with the services listed above is limited to what is strictly necessary for them to perform their function.

We believe in keeping data only as long as it serves a clear purpose. Our retention practices reflect that:

Images -- Deleted immediately after analysis. Not retained under any circumstances.

Analysis Results -- Anonymized analysis metadata (verdict, confidence, generator type) is retained indefinitely in aggregate form for accuracy monitoring. No image data or user-identifying information is included.

Account Data -- Retained for the duration of your account. If you delete your account, all associated data is permanently removed within 30 days.

Usage Logs -- Server logs containing IP addresses are anonymized within 24 hours and deleted entirely after 90 days.

Payment Records -- Transaction records are retained for 7 years as required by applicable tax and financial regulations.

Depending on where you live, you may have specific legal rights regarding your personal data. We honor these rights regardless of your jurisdiction, because we believe they represent good practice:

Access -- You can request a copy of all personal data we hold about you. We will provide this within 30 days of your request.

Correction -- If any information we have about you is inaccurate, you can request that we correct it.

Deletion -- You can request that we delete all of your personal data. For account holders, this is as simple as deleting your account from the settings page.

Portability -- You can request your data in a structured, machine-readable format.

Objection -- You can object to our processing of your personal data in certain circumstances, including processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@deepsight.so. We will respond within 30 days, and we will never charge a fee for honoring these requests.

DeepSight is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@deepsight.so and we will promptly delete that information.

If we become aware that we have collected personal information from a child under 16 without verified parental consent, we will take immediate steps to remove that data from our systems.

We take the security of your data seriously and implement industry-standard measures to protect it:

All data transmitted between your browser and our servers is encrypted using TLS 1.3. Images uploaded for analysis are processed in isolated, ephemeral computing environments that are destroyed after each analysis.

Our infrastructure is hosted on SOC 2 Type II certified cloud providers. We conduct regular security audits and penetration testing. Access to production systems is restricted to a small number of authorized personnel and requires multi-factor authentication.

In the unlikely event of a data breach, we will notify affected users within 72 hours in compliance with GDPR requirements, and sooner where possible.

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will revise the "Last Updated" date at the top of this page.

For significant changes -- particularly those that affect how we handle your images or personal data -- we will provide prominent notice on our website and, where possible, notify you directly via email.

We encourage you to review this policy periodically. Your continued use of DeepSight after any changes indicates your acceptance of the updated policy.