Introduction: AiVidect ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI video detection service.

1. Information We Collect

1.1 Account Information:

• Email Address: Required for account creation, authentication, and communications
• Username: Your chosen display name
• Password: Stored as a cryptographic hash using enterprise-grade encryption (Scrypt with salt)
• OAuth Data: If you sign in with Google, we receive your name, email, and profile ID

1.2 Usage Data:

• Analysis history and results
• Daily and total analysis counts
• Subscription tier and billing information
• API usage statistics (for Pro and Business users)
• Feature usage patterns

1.3 Uploaded Content:

• Videos: Temporarily processed for analysis, with optional retention for model training (see Section 4)
• URLs: Web links to videos you submit for analysis
• Analysis Results: AI predictions, confidence scores, and metadata
• User Feedback: Corrections and disagreements with analysis results

1.4 Technical Data:

• IP address
• Browser type and version
• Device information
• Operating system
• Session cookies and authentication tokens
• Page views and navigation paths

1.5 Payment Information:

• Stripe Customer ID: Generated by our payment processor
• Subscription Details: Plan type, billing cycle, status
• Note: We do NOT store credit card numbers or payment details. All payment processing is handled securely by Stripe.

2. How We Use Your Information

2.1 Service Provision:

• Process and analyze uploaded videos using AI/ML algorithms
• Provide analysis results and authenticity assessments
• Maintain your account and analysis history
• Enforce usage limits based on subscription tier
• Provide API access for Pro and Business users

2.2 Service Improvement & Model Training:

• Improve AI model accuracy and performance through retraining
• Collect and store videos from user feedback to create training datasets
• Train and refine machine learning models using admin-verified feedback videos
• Develop new features and capabilities
• Analyze usage patterns to optimize user experience
• Conduct research on AI-generated content detection

Model Training: When you submit feedback indicating disagreement with our analysis results, we may temporarily retain your video for admin review. If our team verifies the feedback, the video may be added to our training dataset to improve model accuracy. Videos from feedback are stored securely and used exclusively for improving our AI detection capabilities.

2.3 Communications:

• Send service-related emails (account verification, password reset)
• Notify you of subscription changes or renewals
• Respond to support inquiries
• Send important security or policy updates
• With your consent: Send marketing communications (you can opt out anytime)

2.4 Legal Compliance:

• Comply with legal obligations and law enforcement requests
• Enforce our Terms of Service
• Protect against fraud, abuse, and security threats
• Resolve disputes and prevent prohibited activities

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your data based on:

• Contractual Necessity: Processing is necessary to provide the Service under our Terms
• Legitimate Interests: Improving our service, security, and fraud prevention
• Consent: Marketing communications (you can withdraw consent anytime)
• Legal Obligation: Compliance with applicable laws

4. Data Retention

4.1 Video Files:

• Standard Analysis: Videos are processed and immediately deleted after analysis is complete
• Feedback Submissions: When you submit feedback disagreeing with our results, videos are retained temporarily for admin review:
  • Temporary Storage: Up to 7 days in secure pending review storage
  • Admin Verification: Our team reviews the feedback and your video
  • Unverified Videos: Automatically deleted after 7 days if not reviewed
  • Verified Videos: Moved to permanent training dataset if feedback is confirmed
• Training Dataset: Admin-verified feedback videos are stored permanently and used to retrain and improve our AI models
• Security: All stored videos are encrypted and access-controlled
• Deletion Requests: You may request deletion of your videos at any time by contacting privacy@aividect.com

4.2 Analysis Results:

• Retention Period: Retained indefinitely as part of your account history
• Content: SHA-256 hash, probability scores, decision, model version, timestamp
• Purpose: Provide analysis history and service continuity
• Deletion: Deleted when you delete your account or request data deletion

4.3 Account Data:

• Retention Period: Duration of your account plus 30 days
• Purpose: Account management, support, and legal compliance
• Deletion: 30 days after account deletion or data deletion request

4.4 Billing Data:

• Retention Period: 7 years from last transaction
• Purpose: Tax compliance, accounting, dispute resolution
• Legal Requirement: Required by financial regulations

5. Data Sharing and Disclosure

We do NOT sell your personal data. We only share data in the following limited circumstances:

5.1 Service Providers:

• Stripe: Payment processing and subscription management
• Google OAuth: Optional authentication service
• Cloud Hosting: Infrastructure providers (AWS, Wasabi S3) for video storage and processing
• Email Services: Transactional email delivery (if configured)
• Research Partners: We do NOT share videos with third parties. All model training is conducted internally.

5.2 Legal Requirements:

• Comply with valid legal processes (subpoenas, court orders)
• Enforce our Terms of Service
• Protect rights, property, and safety of AiVidect, users, and the public
• Prevent fraud, security threats, and illegal activity

5.3 Business Transfers:

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email and/or prominent notice on our website.

6. Data Security

We implement industry-standard security measures:

• Encryption: TLS/SSL for data in transit, encryption at rest for sensitive data
• Password Security: Scrypt hashing with per-user salts (N=32768, r=8, p=1)
• Authentication: Secure session management with httpOnly cookies
• Access Controls: Role-based access control (RBAC) for admin functions
• Monitoring: Automated security monitoring and logging
• Regular Updates: Security patches and dependency updates

Note: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Privacy Rights

7.1 All Users:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your account and data
• Portability: Receive your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing emails

7.2 EEA/UK/Swiss Users (GDPR Rights):

• Right to Object: Object to processing based on legitimate interests
• Right to Restrict: Request limited processing of your data
• Right to Withdraw Consent: Withdraw consent for marketing communications
• Right to Lodge Complaint: File a complaint with your data protection authority

7.3 California Users (CCPA Rights):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of sale (we do not sell data)
• Right to deletion
• Right to non-discrimination for exercising privacy rights

8. Data Subject Requests (DSR)

How to Exercise Your Rights:

1. Email Request: Send an email to privacy@aividect.com with subject "Data Subject Request"
2. Include: Your name, email address associated with your account, and specific request
3. Verification: We may request additional information to verify your identity
4. Response Time: We will respond within 30 days (45 days for complex requests)

Supported Request Types:

• Access Request: Receive a copy of your personal data in JSON format
• Deletion Request: Permanently delete your account and associated data
• Correction Request: Update incorrect account information
• Portability Request: Export your analysis history and account data
• Objection Request: Object to specific data processing activities

Processing Timeline:

• Account deletion: Immediate access revocation, data deleted within 30 days
• Data export: Provided within 14 days
• Correction: Updated immediately upon verification
• Billing data: Retained for 7 years due to legal requirements (cannot be deleted)

9. Cookies and Tracking

9.1 Essential Cookies:

• Session Cookies: Authentication and session management (required)
• Security Cookies: CSRF protection (required)
• Preference Cookies: Theme selection (dark/light mode)

9.2 Analytics Cookies:

• Google Analytics: Anonymous usage statistics (opt-out available)
• Purpose: Understand user behavior and improve the service
• Opt-Out: Use browser settings or Google Analytics opt-out extension

9.3 Third-Party Cookies:

• Stripe: Payment processing and fraud prevention
• Google OAuth: Third-party authentication

10. International Data Transfers

AiVidect is based in the United States. If you access our service from outside the US, your data may be transferred to and processed in the US.

EEA/UK/Swiss Users: We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequate security measures equivalent to GDPR requirements
• Data Processing Agreements with third-party processors

11. Children's Privacy

Our Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@aividect.com, and we will delete such information from our systems.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Updating the "Last Updated" date
• Posting the updated policy on our website
• Sending email notification for significant changes
• Requiring re-acceptance for substantial changes

Your continued use of the Service after changes indicates acceptance of the updated Privacy Policy.

13. Contact Information

For privacy-related questions, concerns, or requests:

• Email: privacy@aividect.com
• Data Subject Requests: dsr@aividect.com
• Support: support@aividect.com
• Website: Contact Form

Data Protection Officer (DPO): For GDPR-related inquiries, contact dpo@aividect.com

EU Representative (if applicable): Contact eu-rep@aividect.com