Introduction: AiVidect ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI video detection service.

1. Information We Collect

1.1 Account Information:

• Email Address: Required for account creation, authentication, and communications
• Username: Your chosen display name
• Password: Stored as a cryptographic hash using enterprise-grade encryption (Scrypt with salt)
• OAuth Data: If you sign in with Google, we receive your name, email, and profile ID

1.2 Usage Data:

• Analysis history and results
• Daily and total analysis counts
• Subscription tier and billing information
• API usage statistics (for Pro and Business users)
• Feature usage patterns

1.3 Uploaded Content:

• Videos: Temporarily processed for analysis, then deleted (see Section 4)
• URLs: Web links to videos you submit for analysis
• Analysis Results: AI predictions, confidence scores, and metadata

1.4 Technical Data:

• IP address
• Browser type and version
• Device information
• Operating system
• Session cookies and authentication tokens
• Page views and navigation paths

1.5 Payment Information:

• Stripe Customer ID: Generated by our payment processor
• Subscription Details: Plan type, billing cycle, status
• Note: We do NOT store credit card numbers or payment details. All payment processing is handled securely by Stripe.

2. How We Use Your Information

2.1 Service Provision:

• Process and analyze uploaded videos using AI/ML algorithms
• Provide analysis results and authenticity assessments
• Maintain your account and analysis history
• Enforce usage limits based on subscription tier
• Provide API access for Pro and Business users

2.2 Service Improvement:

• Improve AI model accuracy and performance
• Develop new features and capabilities
• Analyze usage patterns to optimize user experience
• Conduct research on AI-generated content detection

2.3 Communications:

• Send service-related emails (account verification, password reset)
• Notify you of subscription changes or renewals
• Respond to support inquiries
• Send important security or policy updates
• With your consent: Send marketing communications (you can opt out anytime)

2.4 Legal Compliance:

• Comply with legal obligations and law enforcement requests
• Enforce our Terms of Service
• Protect against fraud, abuse, and security threats
• Resolve disputes and prevent prohibited activities

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your data based on:

• Contractual Necessity: Processing is necessary to provide the Service under our Terms
• Legitimate Interests: Improving our service, security, and fraud prevention
• Consent: Marketing communications (you can withdraw consent anytime)
• Legal Obligation: Compliance with applicable laws

4. Data Retention

4.1 Video Files:

• Retention Period: Up to 30 days maximum
• Purpose: Temporary processing and caching for performance optimization
• Deletion: Automatically deleted after analysis or 30 days, whichever comes first
• Note: Videos downloaded from URLs are deleted immediately after analysis

4.2 Analysis Results:

• Retention Period: Retained indefinitely as part of your account history
• Content: SHA-256 hash, probability scores, decision, model version, timestamp
• Purpose: Provide analysis history and service continuity
• Deletion: Deleted when you delete your account or request data deletion

4.3 Account Data:

• Retention Period: Duration of your account plus 30 days
• Purpose: Account management, support, and legal compliance
• Deletion: 30 days after account deletion or data deletion request

4.4 Billing Data:

• Retention Period: 7 years from last transaction
• Purpose: Tax compliance, accounting, dispute resolution
• Legal Requirement: Required by financial regulations

5. Data Sharing and Disclosure

We do NOT sell your personal data. We only share data in the following limited circumstances:

5.1 Service Providers:

• Stripe: Payment processing and subscription management
• Google OAuth: Optional authentication service
• Cloud Hosting: Infrastructure providers (AWS, Wasabi S3)
• Email Services: Transactional email delivery (if configured)

5.2 Legal Requirements:

• Comply with valid legal processes (subpoenas, court orders)
• Enforce our Terms of Service
• Protect rights, property, and safety of AiVidect, users, and the public
• Prevent fraud, security threats, and illegal activity

5.3 Business Transfers:

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email and/or prominent notice on our website.

6. Data Security

We implement industry-standard security measures:

• Encryption: TLS/SSL for data in transit, encryption at rest for sensitive data
• Password Security: Scrypt hashing with per-user salts (N=32768, r=8, p=1)
• Authentication: Secure session management with httpOnly cookies
• Access Controls: Role-based access control (RBAC) for admin functions
• Monitoring: Automated security monitoring and logging
• Regular Updates: Security patches and dependency updates

Note: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Privacy Rights

7.1 All Users:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your account and data
• Portability: Receive your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing emails

7.2 EEA/UK/Swiss Users (GDPR Rights):

• Right to Object: Object to processing based on legitimate interests
• Right to Restrict: Request limited processing of your data
• Right to Withdraw Consent: Withdraw consent for marketing communications
• Right to Lodge Complaint: File a complaint with your data protection authority

7.3 California Users (CCPA Rights):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of sale (we do not sell data)
• Right to deletion
• Right to non-discrimination for exercising privacy rights

8. Data Subject Requests (DSR)

How to Exercise Your Rights:

1. Email Request: Send an email to privacy@aividect.com with subject "Data Subject Request"
2. Include: Your name, email address associated with your account, and specific request
3. Verification: We may request additional information to verify your identity
4. Response Time: We will respond within 30 days (45 days for complex requests)

Supported Request Types:

• Access Request: Receive a copy of your personal data in JSON format
• Deletion Request: Permanently delete your account and associated data
• Correction Request: Update incorrect account information
• Portability Request: Export your analysis history and account data
• Objection Request: Object to specific data processing activities

Processing Timeline:

• Account deletion: Immediate access revocation, data deleted within 30 days
• Data export: Provided within 14 days
• Correction: Updated immediately upon verification
• Billing data: Retained for 7 years due to legal requirements (cannot be deleted)

9. Cookies and Tracking

9.1 Essential Cookies:

• Session Cookies: Authentication and session management (required)
• Security Cookies: CSRF protection (required)
• Preference Cookies: Theme selection (dark/light mode)

9.2 Analytics Cookies:

• Google Analytics: Anonymous usage statistics (opt-out available)
• Purpose: Understand user behavior and improve the service
• Opt-Out: Use browser settings or Google Analytics opt-out extension

9.3 Third-Party Cookies:

• Stripe: Payment processing and fraud prevention
• Google OAuth: Third-party authentication

10. International Data Transfers

AiVidect is based in the United States. If you access our service from outside the US, your data may be transferred to and processed in the US.

EEA/UK/Swiss Users: We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequate security measures equivalent to GDPR requirements
• Data Processing Agreements with third-party processors

11. Children's Privacy

Our Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@aividect.com, and we will delete such information from our systems.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Updating the "Last Updated" date
• Posting the updated policy on our website
• Sending email notification for significant changes
• Requiring re-acceptance for substantial changes

Your continued use of the Service after changes indicates acceptance of the updated Privacy Policy.

13. Contact Information

For privacy-related questions, concerns, or requests:

• Email: privacy@aividect.com
• Data Subject Requests: dsr@aividect.com
• Support: support@aividect.com
• Website: Contact Form

Data Protection Officer (DPO): For GDPR-related inquiries, contact dpo@aividect.com

EU Representative (if applicable): Contact eu-rep@aividect.com