API OnlineSign In

Privacy Policy

Last updated: April 2026

AITrustLens respects your privacy. This policy describes what data we collect, why we collect it, how we store it, who we share it with, and your rights under the General Data Protection Regulation (GDPR). We are committed to data minimisation and transparency.

1. What data we collect

  • Account data: email address, display name, encrypted password (via Supabase Auth)
  • Usage data: analyses you request (URLs, text, images you submit for analysis), AI detection scores, token consumption, timestamps
  • Technical data: IP address, browser user-agent (via Vercel logs, retained 30 days)
  • Payment data: processed by our payment provider (not stored on our servers)

We do not collect biometric data, location data, or any special-category data (Article 9 GDPR).

2. Legal basis for processing

  • Contract performance (Art. 6.1.b): to provide the analysis service you signed up for
  • Legitimate interest (Art. 6.1.f): fraud prevention, service security, product improvement
  • Consent (Art. 6.1.a): for optional analytics cookies (which you can refuse)
  • Legal obligation (Art. 6.1.c): billing records retained per French fiscal law

3. Where your data is stored

Your account and analysis history are stored in a Supabase Cloud PostgreSQL database hosted in the European Union (Frankfurt, AWS eu-central-1). Supabase is SOC 2 Type 2 certified.

The application is served by Vercel (SOC 2 Type 2) with edge caching worldwide. AI inference runs on Modal.com GPU workers. Transactional emails are sent via Resend.

Third-country transfers are covered by Standard Contractual Clauses (SCCs) as published by the European Commission.

4. Sub-processors we share data with

We use the following processors. Each has signed a Data Processing Agreement (DPA).

  • Supabase Inc. (US, EU region) — database, authentication
  • Vercel Inc. (US, EU edge) — application hosting
  • Modal Labs Inc. (US) — GPU inference for AI detection models
  • Resend Inc. (US) — transactional email delivery
  • xAI Corp. (US) — contextual analysis via Grok API (article text sent)
  • Perplexity AI Inc. (US) — fact-checking via Perplexity API (article text sent)
  • GitHub Inc. (US) — source code and CI/CD (SOC 2)

We never sell your data to advertisers or data brokers.

5. Cookies

We use two categories of cookies:

  • Strictly necessary: Supabase session cookie for authentication. Cannot be disabled.
  • Preferences: language and theme preferences (localStorage). Not shared.

We do not use third-party tracking cookies.

6. How long we keep your data

  • Account data: until you delete your account
  • Analysis history: until you delete it manually or delete your account
  • Billing records: 10 years (French fiscal obligation)
  • Technical logs: 30 days (Vercel default)

7. Your rights under GDPR

You have the right to:

  • Access your data — request a copy anytime
  • Rectify inaccurate data via your account settings
  • Erase your data — delete your account and all associated records
  • Port your data — export it in JSON format (Article 20)
  • Object to processing based on legitimate interest
  • Restrict processing temporarily
  • Lodge a complaint with the CNIL (www.cnil.fr)

Exercise any of these rights instantly on the Manage my data page, or by emailing privacy@aitrustlens.com.

8. Security measures

We protect your data with:

  • TLS 1.2+ encryption for all traffic
  • At-rest encryption on all Supabase databases (AES-256)
  • Row-Level Security (RLS) policies enforcing per-user data isolation
  • Short-lived auth tokens via Supabase Auth
  • Access logs and automatic anomaly detection

9. Contact

Data controller: AITrustLens
Contact: privacy@aitrustlens.com

We will respond to any GDPR request within 30 days as required by law.