Privacy Policy
Last Updated: April 2, 2026
At CopySight AI, we take your privacy seriously. This Privacy Policy explains what information we collect, how we use it, and what rights you have. We've written it in plain language because we believe privacy policies should actually be readable.
This policy applies to all users of the CopySight AI platform, website, and related services, including enterprise clients and their authorized users.
1. Who We Are
CopySight AI, Inc. is an AI-powered intellectual property protection platform that helps creative professionals and organizations verify originality, detect infringement, and establish proof of authorship.
For GDPR purposes, CopySight AI acts as a Data Processor when handling content submitted by enterprise clients, and as a Data Controller for data collected directly through our website and product.
Contact us at: privacy@copysight.ai
2. What Information We Collect
2.1 Information You Provide
- Account information: name, email address, company name, job title
- Payment and billing information (processed by our payment provider)
- Content submitted for analysis: documents, images, and other creative works
- Communications with our support team
2.2 Information Collected Automatically
- Usage data: features used, actions taken, timestamps
- Technical metadata: IP address, browser type, device type
- Transaction IDs, performance metrics, and system logs
We do not collect or retain the content of your AI prompts or model outputs beyond what is required to deliver the service in real time. We enforce a Zero-Retention Policy on all AI inputs and outputs.
2.3 Information We Do Not Collect
- We do not use your content to train or fine-tune any AI model
- We do not sell your personal information
- We do not use your data for advertising purposes
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the CopySight AI platform
- Process transactions and manage your account
- Monitor system performance and ensure security
- Respond to your requests and provide customer support
- Meet our legal and compliance obligations
- Send service-related communications (not marketing, unless you opt in)
We process your data only for the purposes described above. We do not use your content for any purpose outside of delivering our core services.
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and UK, we process personal data on the following legal bases:
- Contract performance: to deliver the services you have signed up for
- Legitimate interests: security monitoring, fraud prevention, and service improvement
- Legal obligation: compliance with applicable laws and regulations
- Consent: where you have explicitly opted in (e.g., marketing communications)
5. How We Share Your Information
We do not sell, rent, or share your personal information with third parties for their own marketing purposes. We may share data only in the following limited circumstances:
- Service providers: trusted vendors who help us operate our platform (cloud infrastructure, payment processing), bound by strict data processing agreements
- AI model providers: frontier model providers (OpenAI, Anthropic, Google Gemini) used for inference, each configured with zero-retention settings. See Section 6 for details.
- Legal requirements: when required by law, court order, or to protect the rights and safety of CopySight AI, our users, or the public
- Business transfers: in connection with a merger or acquisition, with appropriate privacy protections
6. AI Model Providers and Your Data
CopySight AI connects users to frontier AI models (OpenAI, Anthropic, Google Gemini) for certain features. When you use these features:
- We implement the most secure, zero-retention configuration available with each provider
- Your inputs and outputs are not used by these providers to train their models under our enterprise agreements
- All inference processing is performed on servers located within the United States
For reference, the data policies of our current AI providers are available at:
- Anthropic: privacy.claude.com
- Google Gemini: ai.google.dev/gemini-api/docs/zdr
- OpenAI: developers.openai.com/api/docs/guides/your-data
We will notify clients and obtain approval before adding any new AI model provider to our stack.
7. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy:
- Account data: retained for the duration of your account, plus up to 3 years after termination for legal and compliance purposes
- Technical logs and metadata: retained for up to 1 year
- AI inputs and outputs: not retained beyond real-time processing (Zero-Retention Policy)
- PII: deleted or de-identified as soon as it no longer serves a legitimate business purpose
You may request deletion of your data at any time (see Section 9 for your rights).
8. Data Security
We apply industry-standard security measures to protect your data, including:
- Encryption at rest (AES-256) and in transit (TLS 1.2+)
- Role-based access control and multi-factor authentication
- Regular vulnerability scanning and annual penetration testing
- Formal incident response procedures with breach notification obligations
All infrastructure is hosted on Google Cloud Platform within the United States, in private subnets with strict access controls.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
For Everyone
- Access: request a copy of the personal data we hold about you
- Correction: ask us to correct inaccurate or incomplete data
- Deletion: request that we delete your personal data
- Opt-out: unsubscribe from marketing communications at any time
For EEA/UK Residents (GDPR)
- Restriction: ask us to limit how we process your data
- Portability: receive your data in a structured, machine-readable format
- Objection: object to processing based on legitimate interests
- Withdraw consent: where processing is based on consent
For California Residents (CCPA/CPRA)
- Know: the categories of personal information collected and how it is used
- Delete: request deletion of your personal information
- Opt-out of sale: we do not sell personal information
- Limit sensitive data use: see our Your Privacy Choices page
- Non-discrimination: we will not discriminate against you for exercising your privacy rights
To exercise any of these rights, contact us at privacy@copysight.ai. We will respond within 30 days (or as required by applicable law).
10. Cookies and Tracking
Our website uses cookies and similar technologies to:
- Keep you logged in and remember your preferences (essential cookies)
- Understand how visitors use our site (analytics cookies, with your consent)
You can manage cookies preferences through your browser settings, or via cookie preferences link in the homepage footer. Disabling essential cookies may affect platform functionality.
11. International Data Transfers
CopySight AI is based in the United States. If you are located in the EEA, UK, or another jurisdiction with data transfer restrictions, please note:
- All AI inference and data processing occurs within the United States
- Where required, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms for data transfers from the EEA/UK
Enterprise clients who require specific data transfer agreements should contact us at privacy@copysight.ai.
12. Children's Privacy
CopySight AI is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or through a prominent notice on our platform at least 30 days before the changes take effect. The current version is always available at /legal/privacy-policy.
14. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy, please reach out:
- Email: privacy@copysight.ai
- Website: /legal/privacy-policy
For unresolved privacy concerns, EEA/UK residents have the right to lodge a complaint with their local data protection authority.