GDPR Compliance

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives individuals control over their personal data. AI Image Detector is fully compliant with GDPR requirements:

• We process data lawfully, fairly, and transparently

• We collect data only for specified, explicit, and legitimate purposes

• We minimize data collection to what is necessary

• We maintain accurate and up-to-date data

• We store data only as long as necessary

• We ensure data security through technical and organizational measures

We process your personal data under the following legal bases:

• Consent: When you explicitly agree to our processing activities

• Contract: When processing is necessary to fulfill our service agreement

• Legal Obligation: When required by law to process certain data

• Legitimate Interest: When processing benefits both parties without overriding your rights

You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

As a data subject, you have the following rights:

• Right to Access: Request copies of your personal data

• Right to Rectification: Request correction of inaccurate data

• Right to Erasure: Request deletion of your data ('right to be forgotten')

• Right to Restrict Processing: Request limitation of processing activities

• Right to Data Portability: Receive your data in a structured, machine-readable format

• Right to Object: Object to processing based on legitimate interests

• Right to Withdraw Consent: Withdraw previously given consent

• Right to Lodge a Complaint: File a complaint with supervisory authorities

To exercise any of your GDPR rights:

1. Send an email to gdpr@deep3d.ai

2. Include 'GDPR Request' in the subject line

3. Provide sufficient information to identify your account

4. Specify which right(s) you wish to exercise

5. We will respond within 30 days (extended to 60 days for complex requests)

6. We may request additional information to verify your identity

There is no fee for exercising your rights unless requests are manifestly unfounded or excessive.

Under GDPR, we are transparent about data collection:

• Personal Information: Email address, name (if provided)

• Technical Data: IP address, browser type, device information

• Usage Data: How you interact with our service

• Image Metadata: File size, format, dimensions (not the actual image)

• Payment Information: Processed by third-party payment processors (we do not store card details)

We do NOT collect sensitive personal data (racial/ethnic origin, political opinions, religious beliefs, biometric data for identification, health data, sexual orientation)

We process data for the following purposes:

• Service Delivery: To provide AI image detection functionality

• Account Management: To maintain your user account and preferences

• Communication: To respond to inquiries and provide support

• Improvement: To enhance our algorithms and user experience

• Security: To detect and prevent fraud, abuse, and security incidents

• Legal Compliance: To comply with applicable laws and regulations

• Analytics: To understand usage patterns (anonymized data)

All processing is limited to what is necessary for these purposes.

We retain data only as long as necessary:

• Uploaded Images: Deleted immediately after processing (real-time deletion)

• Account Information: Retained while your account is active

• Deleted Accounts: Data erased within 30 days of account deletion

• Logs and Analytics: Retained for 90 days, then anonymized or deleted

• Legal Requirements: Some data may be retained longer if required by law

• Backups: Deleted data is removed from backups within 90 days

You can request earlier deletion by contacting our GDPR team.

We implement appropriate technical and organizational measures:

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest

• Access Control: Role-based access, multi-factor authentication

• Pseudonymization: Where possible, we pseudonymize personal data

• Regular Testing: Security audits, penetration testing, vulnerability assessments

• Employee Training: All staff trained on data protection principles

• Incident Response: Procedures for data breach detection and notification

• Data Protection by Design: Privacy considerations integrated into system design

Data may be transferred outside the European Economic Area (EEA):

• We use Standard Contractual Clauses (SCCs) approved by the European Commission

• All recipients are required to provide adequate protection

• Transfers are documented and monitored for compliance

• We conduct transfer impact assessments where necessary

• You have the right to request information about safeguards in place

Primary data processing occurs within the EEA whenever possible.

You can contact our Data Protection Officer (DPO):

• Email: dpo@deep3d.ai

• Subject Line: 'Attention: Data Protection Officer'

• Our DPO monitors GDPR compliance and handles data protection queries

• The DPO is available to assist with exercising your rights

• Response time: Within 48-72 hours for initial acknowledgment

• Full response within 30 days as required by GDPR

Regarding automated decision-making and profiling:

• Our AI analyzes images to detect AI-generation (this is the core service)

• This analysis does not constitute 'profiling' under GDPR as it does not evaluate personal aspects

• We do not make automated decisions that produce legal effects or similarly significantly affect you

• You have the right to request human intervention if you believe automated processing affects you unfairly

• Results are probabilistic and should not be used as sole basis for critical decisions

GDPR provides enhanced protection for children:

• Our service is not directed at children under 13

• Users aged 13-16 may need parental consent depending on their country

• We do not knowingly collect data from children without proper consent

• If we learn of such collection, we will delete the data immediately

• Parents/guardians can contact us to exercise rights on behalf of children

In the event of a data breach:

• We will notify the relevant supervisory authority within 72 hours

• Affected individuals will be notified without undue delay if there is high risk

• Notifications will include nature of breach, likely consequences, and measures taken

• We maintain a breach register documenting all security incidents

• Our incident response team is available 24/7

• We continuously improve security to prevent future breaches

You have the right to lodge a complaint with a supervisory authority:

• Complaints should be made to the authority in your country of residence, workplace, or where the alleged infringement occurred

• In the EU, you can find your national authority at: edpb.europa.eu

• We encourage you to contact us first so we can address your concerns

• However, this does not affect your right to lodge a complaint

• You also have the right to an effective judicial remedy