CopySight

Privacy Policy

Last Updated: April 2, 2026

At CopySight AI, we take your privacy seriously. This Privacy Policy explains what information we collect, how we use it, and what rights you have. We've written it in plain language because we believe privacy policies should actually be readable.

This policy applies to all users of the CopySight AI platform, website, and related services, including enterprise clients and their authorized users.

1. Who We Are

CopySight AI, Inc. is an AI-powered intellectual property protection platform that helps creative professionals and organizations verify originality, detect infringement, and establish proof of authorship.

For GDPR purposes, CopySight AI acts as a Data Processor when handling content submitted by enterprise clients, and as a Data Controller for data collected directly through our website and product.

Contact us at: privacy@copysight.ai

2. What Information We Collect

2.1 Information You Provide

  • Account information: name, email address, company name, job title
  • Payment and billing information (processed by our payment provider)
  • Content submitted for analysis: documents, images, and other creative works
  • Communications with our support team

2.2 Information Collected Automatically

  • Usage data: features used, actions taken, timestamps
  • Technical metadata: IP address, browser type, device type
  • Transaction IDs, performance metrics, and system logs

We do not collect or retain the content of your AI prompts or model outputs beyond what is required to deliver the service in real time. We enforce a Zero-Retention Policy on all AI inputs and outputs.

2.3 Information We Do Not Collect

  • We do not use your content to train or fine-tune any AI model
  • We do not sell your personal information
  • We do not use your data for advertising purposes

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the CopySight AI platform
  • Process transactions and manage your account
  • Monitor system performance and ensure security
  • Respond to your requests and provide customer support
  • Meet our legal and compliance obligations
  • Send service-related communications (not marketing, unless you opt in)

We process your data only for the purposes described above. We do not use your content for any purpose outside of delivering our core services.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and UK, we process personal data on the following legal bases:

  • Contract performance: to deliver the services you have signed up for
  • Legitimate interests: security monitoring, fraud prevention, and service improvement
  • Legal obligation: compliance with applicable laws and regulations
  • Consent: where you have explicitly opted in (e.g., marketing communications)

5. How We Share Your Information

We do not sell, rent, or share your personal information with third parties for their own marketing purposes. We may share data only in the following limited circumstances:

  • Service providers: trusted vendors who help us operate our platform (cloud infrastructure, payment processing), bound by strict data processing agreements
  • AI model providers: frontier model providers (OpenAI, Anthropic, Google Gemini) used for inference, each configured with zero-retention settings. See Section 6 for details.
  • Legal requirements: when required by law, court order, or to protect the rights and safety of CopySight AI, our users, or the public
  • Business transfers: in connection with a merger or acquisition, with appropriate privacy protections

6. AI Model Providers and Your Data

CopySight AI connects users to frontier AI models (OpenAI, Anthropic, Google Gemini) for certain features. When you use these features:

  • We implement the most secure, zero-retention configuration available with each provider
  • Your inputs and outputs are not used by these providers to train their models under our enterprise agreements
  • All inference processing is performed on servers located within the United States

For reference, the data policies of our current AI providers are available at:

We will notify clients and obtain approval before adding any new AI model provider to our stack.

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Account data: retained for the duration of your account, plus up to 3 years after termination for legal and compliance purposes
  • Technical logs and metadata: retained for up to 1 year
  • AI inputs and outputs: not retained beyond real-time processing (Zero-Retention Policy)
  • PII: deleted or de-identified as soon as it no longer serves a legitimate business purpose

You may request deletion of your data at any time (see Section 9 for your rights).

8. Data Security

We apply industry-standard security measures to protect your data, including:

  • Encryption at rest (AES-256) and in transit (TLS 1.2+)
  • Role-based access control and multi-factor authentication
  • Regular vulnerability scanning and annual penetration testing
  • Formal incident response procedures with breach notification obligations

All infrastructure is hosted on Google Cloud Platform within the United States, in private subnets with strict access controls.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

For Everyone

  • Access: request a copy of the personal data we hold about you
  • Correction: ask us to correct inaccurate or incomplete data
  • Deletion: request that we delete your personal data
  • Opt-out: unsubscribe from marketing communications at any time

For EEA/UK Residents (GDPR)

  • Restriction: ask us to limit how we process your data
  • Portability: receive your data in a structured, machine-readable format
  • Objection: object to processing based on legitimate interests
  • Withdraw consent: where processing is based on consent

For California Residents (CCPA/CPRA)

  • Know: the categories of personal information collected and how it is used
  • Delete: request deletion of your personal information
  • Opt-out of sale: we do not sell personal information
  • Limit sensitive data use: see our Your Privacy Choices page
  • Non-discrimination: we will not discriminate against you for exercising your privacy rights

To exercise any of these rights, contact us at privacy@copysight.ai. We will respond within 30 days (or as required by applicable law).

10. Cookies and Tracking

Our website uses cookies and similar technologies to:

  • Keep you logged in and remember your preferences (essential cookies)
  • Understand how visitors use our site (analytics cookies, with your consent)

You can manage cookies preferences through your browser settings, or via cookie preferences link in the homepage footer. Disabling essential cookies may affect platform functionality.

11. International Data Transfers

CopySight AI is based in the United States. If you are located in the EEA, UK, or another jurisdiction with data transfer restrictions, please note:

  • All AI inference and data processing occurs within the United States
  • Where required, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms for data transfers from the EEA/UK

Enterprise clients who require specific data transfer agreements should contact us at privacy@copysight.ai.

12. Children's Privacy

CopySight AI is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or through a prominent notice on our platform at least 30 days before the changes take effect. The current version is always available at /legal/privacy-policy.

14. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please reach out:

For unresolved privacy concerns, EEA/UK residents have the right to lodge a complaint with their local data protection authority.