Privacy Policy

AIOriginShield is operated by Ellan as a sole trader registered in England. When we say “we”, “us”, or “our” in this policy, we mean AIOriginShield. When we say “you” or “your”, we mean you as a user of our service.

If you have any questions about this policy or how we handle your data, you can contact us at: [your-email@example.com]

We collect the following information when you use AIOriginShield:

Account information: Your email address and, if you sign in with Google, your name and profile picture as provided by Google. If you create an account with a password, we store a securely hashed version of that password — we never store passwords in plain text.

Scan data: The YouTube video URLs you submit for scanning, the search keywords you enter, and the results generated by each scan (including match scores and analysis). We store this to show you your scan history and to enforce usage limits on your account tier.

Usage data: The number of scans you have run in the current billing period, your subscription tier, and basic interaction data such as when you last logged in.

Payment information: If you subscribe to a paid plan, payment is processed by Stripe. We do not store your card details — Stripe handles this securely. We receive only a confirmation of payment status and your Stripe customer ID.

Technical data: Standard server logs including your IP address, browser type, and the pages you visit. This is collected automatically by our hosting provider (Vercel) and our database provider (Supabase).

We use your data to:

Provide and operate the service — running scans, displaying results, managing your account and subscription tier. Enforce usage limits based on your plan. Process payments through Stripe for paid subscriptions. Send you essential service emails such as account confirmation, password resets, and important changes to the service or these terms. Improve the service by understanding how it is used in aggregate (we do not sell or share individual usage data).

We will never sell your personal data to third parties. We will never use your submitted video URLs or scan results for marketing purposes.

AIOriginShield uses the following third-party services to operate:

Supabase (database and authentication) — stores your account data and scan history. Based in the EU/US. Vercel (hosting) — serves the website and API routes. YouTube Data API (Google) — used to search for and retrieve public video metadata. We send your search keywords and video URLs to YouTube’s API. Anthropic Claude API — used to analyse video similarity. We send video titles, descriptions, tags, and transcript excerpts to Claude for comparison. Anthropic does not use this data to train their models. Stripe (payments) — processes paid subscriptions. Stripe’s privacy policy applies to payment data.

Each of these services has its own privacy policy, and we encourage you to review them.

Under UK data protection law, we process your data on the following bases:

Contract: Processing your account and scan data is necessary to provide you with the service you signed up for. Legitimate interest: Server logs and basic analytics help us keep the service secure and operational. Consent: If we ever send marketing emails (we currently do not), we will ask for your explicit consent first.

We retain your account data and scan history for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. Anonymised, aggregated data (such as total scan counts) may be retained indefinitely for service improvement.

Server logs are typically retained for up to 30 days by our hosting providers.

Under UK GDPR, you have the right to:

Access the personal data we hold about you. Rectify any inaccurate data. Erase your data (“right to be forgotten”). Restrict processing in certain circumstances. Port your data to another service. Object to processing based on legitimate interest.

To exercise any of these rights, contact us at [your-email@example.com]. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you believe your data has been mishandled.

AIOriginShield uses only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

AIOriginShield is not intended for use by anyone under 16 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Some of our third-party providers (Vercel, Supabase, Anthropic, Stripe) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions recognised by UK law.

We may update this privacy policy from time to time. If we make significant changes, we will notify you by email or by displaying a notice in the app. The “last updated” date at the top of this page will always reflect the most recent version.