CertifEye - The Global Standard for AI Detection

Last Updated: December 31, 2025

1. Introduction & Purpose

This Privacy Policy applies to all users (visitors, registered users, guests) of the CertifEye platform. Its purpose is to transparently explain what data we collect, why we collect it, and how you can exercise your rights.

2. Data Controller

Legal Entity: PRISMAZE (RCI: 20P09679)
Registered Address: 3, Avenue des Citronniers, 98000 Monaco
Contact: privacy@certifeye.ai

3. Categories of Data Collected

3.1 Data Provided by You

Account Info: Email address, Display Name (or pseudonym), and hashed password.
Payment Info: Payments are processed securely by third-party providers (e.g. Checkout.com, PayPal). We DO NOT store credit card details.
Referrals: If you invited friends, we store the link between your account and theirs.

3.2 Uploaded Content (Media)

Images and Videos uploaded for analysis.
Technical metadata (EXIF, file structure) extracted from these files.
Analysis results, heatmaps, and certificates generated by our system.

Users retain full ownership of their uploaded content. CertifEye does not claim any ownership rights over images or videos submitted for analysis.

4. Automatic & Technical Data

For security and performance, we log: IP addresses, Browser type, OS, Timestamps of requests, and Login attempts. Technical logs are retained for a limited duration and used exclusively for security, debugging, and abuse prevention purposes.

5. Purpose of Data Processing

CertifEye processes only data that is strictly necessary to provide its verification services and does not collect excessive or unrelated personal information. We use your data solely to:

Provide the requested analysis service.
Generate Reports and Certificates.
Prevent fraud and abuse (e.g., duplicate accounts, illegal uploads).
Improve our AI Models (Essential service improvement, see Section 7).

WE NEVER SELL YOUR DATA for marketing or advertising purposes.

6. Legal Basis (GDPR)

Contract Execution: To deliver the service you bought. This includes the processing of uploaded images for providing the analysis and improving our detection systems, which is an essential and inseparable part of the CertifEye service.
Legitimate Interest: Security, fraud prevention, continuous system calibration, and defense against adversarial attacks.

7. Image Processing & AI Training

CertifEye is an image authenticity verification service whose core functionality relies on advanced automated detection systems.

By using the CertifEye platform, you expressly acknowledge and agree that:

Uploaded images are processed by automated detection pipelines, including machine learning systems.
These systems require continuous evaluation, calibration, and improvement to remain effective against evolving manipulation and AI generation techniques.
As a result, uploaded images may be analyzed, labeled, and used internally to improve the accuracy, robustness, and reliability of CertifEye’s detection technologies.

This processing is strictly limited to the technical purposes described above and is an essential component of the service provided.

Human Validation:

Where applicable, Human Experts or authorized operators may access uploaded content exclusively for:
(a) performing a requested human review, or
(b) validating or labeling data to improve detection accuracy.
All human reviewers are bound by strict confidentiality obligations.

Restrictions:

We DO NOT use uploaded content to reproduce images or generate derivative works.
We DO NOT use uploaded content to train generative models (e.g., image generators).
We DO NOT use uploaded content for commercial resale, advertising, or public datasets.
We DO NOT expose user content publicly unless explicitly shared via a public report link by the user.

Whenever technically feasible, data used for system improvement is anonymized and stripped of personal identifiers.

8. Data Retention Policy

We apply strict retention periods based on your service tier. After these periods, files are permanently deleted.

Service Tier	User Access (Dashboard)	System Retention (Backup)
Free Analysis	Not Saved (No Dashboard)	15 Days (System buffer only)
Standard Analysis	15 Days	+15 Days buffer
Premium Analysis	50 Days	+15 Days buffer
Video Analysis	10 Days	+5 Days buffer

* "System Retention" refers to an internal safety buffer before definitive hard deletion. During this period, files are not accessible to the user.

** These retention periods may be extended via paid add-ons or specific subscription options.

9. Data Sharing

We may share data with trusted technical service providers strictly necessary for service operation (Hosting: AWS/GCP, Payment: Checkout.com). We do not transfer data to commercial third parties.

10. International Transfers

Data may be processed on servers located outside the EU (e.g., USA). We ensure these providers adhere to GDPR-compliant standards (Standard Contractual Clauses).

11. Security Measures

We employ TLS encryption for data in transit, hashed passwords (bcrypt), regular security reviews, and strict access controls.

12. User Rights

Under GDPR/CCPA, you have the right to Access, Rectify, Delete, or Export your data. We aim to respond to verified requests within 30 days. You also have the right to lodge a complaint with the competent data protection authority if you believe that your personal data has been processed unlawfully.

Right to Withdraw AI Training Consent:

Because the processing of images for system improvement is intrinsic to the Service, withdrawal of this authorization requires discontinuation of the CertifEye service and deletion of your account. Certain processing activities are technically inseparable from the Service and cannot be selectively disabled without discontinuing use of the platform.

13. Account Deletion

You can request account deletion via your dashboard or email. This triggers the permanent removal of your personal data and uploaded files, barring legal exceptions.

14. Cookies

We use essential cookies for session management and security. We do not use intrusive advertising trackers.

15. Minors

CertifEye is not intended for users under 18 or the minimum legal age in their jurisdiction.

16. Policy Updates

We may update this policy. Significant changes will be notified via email or platform banner.

17. Contact

For privacy concerns: privacy@certifeye.ai

Supervisory Authority: Commission de Contrôle des Informations Nominatives (CCIN).