Privacy Policy

At itsNotAI, we are committed to protecting your privacy and handling your data responsibly, transparently, and in full compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This Privacy Policy explains how we collect, use, store, and share your personal data when you use our services.

1. Who We Are

ItsNotAI is a service that provides labels to indicate that content has not been generated by artificial intelligence. We operate from Estonia and act as the data controller for any personal data we collect.

If you have questions or concerns, you can contact us at: contact@itsnotai.fyi

2. What Data We Collect

We collect and process the following types of personal data:

  • Contact details (e.g. name, email address) when you request verification or contact us
  • Submitted content and metadata, including drafts, timestamps, or links, for the purpose of verification
  • Label-related information, including the label code and emission time
  • Website usage data, including IP address and cookie identifiers (see our Cookie Policy)

3. Why We Process Your Data

We process your data for the following purposes:

  • To provide the label verification service
  • To display verified content or linked references for public label validation
  • To contact you about your verification status or related services
  • To comply with our legal obligations
  • To maintain and improve our website and services

4. Legal Basis for Processing

We process your personal data in accordance with the General Data Protection Regulation (GDPR) based on the following legal grounds:

  • Contractual necessity – When you request verification, we process your submitted data (e.g. content, contact details) to fulfill your request and issue a label. This is necessary for the performance of the service you’ve asked us to provide.
  • Legitimate interests – We store and display label information (such as author, link to the object of the label) to allow third parties to verify the authenticity of labels. This is essential to maintaining the transparency of the label system.
  • Legal obligation – In certain cases, we may be required to retain or disclose data to comply with applicable legal or regulatory obligations.
  • Consent – Where applicable (e.g. use of optional cookies or marketing communication, if any), we rely on your consent, which can be withdrawn at any time.

5. Data Retention

We retain data linked to verified labels for as long as the label remains active. This includes the content, metadata, and label-related information required for public verification.

If you request deletion of your data, the corresponding label will also be deleted, as verification can no longer be maintained without the underlying data.

6. Who We Share Data With

We do not sell your data. We may share data only with:

  • Service providers who assist in operating the platform (e.g., hosting or analytics tools).
  • Software providers solely for the purpose of evaluating the likelihood that the content was generated by AI. We require these providers to comply with data protection obligations under applicable laws.
  • Public visitors who view verification pages, limited to author name, content link, content description and date of verifcation.
  • Authorities or regulators, if required by law.

7. Your Rights Under the GDPR

You have the following rights regarding your personal data:

  • Right to access your data
  • Right to rectify inaccurate data
  • Right to erase your data (“right to be forgotten”)
  • Right to restrict processing
  • Right to object to processing
  • Right to data portability
  • Right to withdraw consent at any time

To exercise your rights, please contact us at contact@itsnotai.fyi

8. Data Security

We use appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. This includes secure data storage, encrypted communications, and restricted access.

9. International Transfers

If data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through our website. The latest version will always be available here.