← AriTracePrivacy Policy
Last updated: April 16, 2026
1. Overview
AriTrace ("we", "our", "AriTrace") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding it.
2. Data We Collect
Account data: When you create an account we collect your email address and a hashed password (stored securely by Supabase Auth). We never see your plaintext password.
Usage data: We log the type of media analyzed (image, video, audio), your subscription tier, how many detection layers were used, and the estimated cost per request. We do not log the content of your media.
Result data: Numeric results (verdict, score, breakdown) are stored and linked to a randomly generated ID so you can share them. They are not linked to your account by default.
3. Data We Do NOT Collect
- We do not store the original media files you upload
- We do not train our models on your submitted content
- We do not sell your data to third parties
- We do not use advertising trackers
4. How We Use Your Data
- To authenticate you and enforce per-tier rate limits
- To provide and improve the detection service
- To send transactional emails (email confirmation, password reset)
- To monitor for abuse and enforce our Terms of Service
5. Third-Party Services
We use the following sub-processors:
- Supabase — authentication and database (EU/US data centers)
- HuggingFace — inference API for detection models
- Sightengine, BitMind, Modulate, Reality Defender — third-party detection APIs. Media is sent to these services only for analysis and is not retained by them beyond their standard processing windows.
- Vercel — hosting and edge compute
6. Cookies
We use a single session cookie to keep you signed in. We do not use advertising or analytics cookies.
7. Data Retention
Account data is retained while your account is active. Usage logs are retained for 90 days for rate-limiting and fraud-prevention purposes. You may request deletion at any time (see Section 9).
8. Security
Passwords are hashed using industry-standard algorithms. All traffic is encrypted via HTTPS/TLS. Access to production databases is restricted to authenticated service accounts.
9. Your Rights
Depending on your jurisdiction you may have rights to access, correct, or delete your personal data. To exercise these rights, email
privacy@aritrace.com and we will respond within 30 days.
10. Children
The Service is not directed at children under 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The "Last updated" date above reflects the most recent revision.