At ItsNotAI, we are committed to protecting your privacy and processing personal data in a responsible, transparent, and lawful manner. This Privacy Policy explains how we collect, use, store, and disclose personal data in connection with our services, in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable data protection laws.

1. Who We Are

ItsNotAI provides a verification and labeling service designed to indicate that specific content was created by a human author and not generated by artificial intelligence.

For the purposes of the GDPR, ItsNotAI acts as the data controller with respect to the personal data described in this Privacy Policy.

If you have any questions or concerns, please contact us at: info@itsnotai.org.

2. What Data We Process

Depending on how you interact with our services, we may collect and process the following categories of personal data:

  • Identification and contact information
    (e.g., name, email address), when you contact us or request a verification label.
  • Submitted content and associated metadata
    including drafts, timestamps, URLs, or other contextual information necessary to assess and verify authorship.
  • Label-related data
    such as unique label identifiers, issuance timestamps, and verification status.
  • Technical and usage data
    including IP address, device information, and cookie identifiers, as further described in our Cookie Policy.

We do not intentionally collect special categories of personal data as defined under Article 9 GDPR.

3. Why We Process Your Data

We process personal data solely for the following legitimate and specified purposes:

  • To provide, operate, and administer the ItsNotAI verification and labeling service
  • To enable public verification of labeled content through dedicated verification pages
  • To communicate with you regarding verification status, service updates, or support requests
  • To comply with applicable legal and regulatory obligations
  • To ensure the security, integrity, and continuous improvement of our platform and services
4. Legal Bases for Processing

Our processing activities are based on the following legal grounds under Article 6 GDPR:

  • Performance of a contract (Art. 6(1)(b)) – When you request verification, we process submitted content and contact details to perform the service you have requested.
  • Legitimate interests (Art. 6(1)(f)) – We process and display limited label-related information to enable third parties to independently verify the authenticity and validity of issued labels. This is essential to the transparency, credibility, and integrity of the verification system. Our legitimate interests are carefully balanced against your rights and freedoms.
  • Legal obligation (Art. 6(1)(c)) – Where processing is required to comply with applicable legal or regulatory requirements.
  • Consent (Art. 6(1)(a)) – Where required (e.g., optional cookies or non-essential communications), processing is based on your consent, which may be withdrawn at any time without affecting the lawfulness of prior processing.
5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy.

  • Data associated with active verification labels is retained for the duration of the label’s validity to allow ongoing public verification.
  • If you request deletion of your personal data, the corresponding label and verification record will be permanently removed, as verification cannot be maintained without the underlying data.

Retention periods may be extended where required by law.

6. Data Sharing and Disclosure

We do not sell personal data.

Personal data may be shared only with the following categories of recipients, strictly on a need-to-know basis:

  • Technical and infrastructure service providers (e.g., hosting, security, or analytics providers), subject to contractual data protection obligations.
  • Software and analysis providers, used exclusively to assess the likelihood that submitted content was generated by AI. These providers act under appropriate safeguards and data protection agreements.
  • Public users accessing verification pages, limited to non-excessive information such as author name, content reference, verification date, and label status.
  • Public authorities or regulators, where disclosure is required by applicable law.
7. Your Rights Under the GDPR

You have the following rights in relation to your personal data:

  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability
  • Right to withdraw consent at any time

To exercise any of these rights, please contact us at: info@itsnotai.org. You also have the right to lodge a complaint with a competent supervisory authority.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include access controls, encrypted communications, and secure data storage practices.

9. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure that such transfers are subject to appropriate safeguards, including standard contractual clauses or adequacy decisions in accordance with Chapter V GDPR.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational developments. The most current version will always be published on our website. Material changes will be communicated in an appropriate manner.