← Back to Home

Data Processing Agreement

Last Updated: January 19, 2026

GDPR Compliance: This Data Processing Agreement ("DPA") is designed to meet the requirements of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and supplements our Terms and Conditions and Privacy Policy.

This DPA applies when AI Detective processes personal data on behalf of a Controller (you) in connection with our Services.

1. Definitions and Interpretation

"Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

"Processor" means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller.

"Data Subject" means an identified or identifiable natural person whose personal data is processed.

"Personal Data" means any information relating to an identified or identifiable natural person.

"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

"Processing" means any operation or set of operations performed on personal data, whether or not by automated means.

"Sub-processor" means any Processor engaged by AI Detective to process personal data on behalf of the Controller.

2. Scope and Roles

2.1 When you use AI Detective Services and we process personal data on your behalf, this DPA applies.

2.2 In most cases:

You (the Customer) are the Data Controller
AI Detective is the Data Processor

2.3 For certain processing activities where we determine the purposes and means (e.g., analytics, security), AI Detective acts as an independent Controller, as described in our Privacy Policy.

3. Details of Processing

3.1 Subject Matter

Processing of personal data necessary to provide AI Detective Services, including:

AI content detection (text, image, voice, video)
Profile verification and Proof of Human analysis
Website and link safety scanning
User account management and authentication

3.2 Duration

Processing will continue for the duration of the Service Agreement plus any retention period required by law or specified in our Privacy Policy.

3.3 Nature and Purpose

Processing Activity	Purpose	Legal Basis
Content Analysis	Detecting AI-generated content	Contract performance
Profile Scanning	Verifying profile authenticity	Contract performance
Account Data	User authentication and service delivery	Contract performance
Usage Analytics	Service improvement and security	Legitimate interest

3.4 Categories of Data Subjects

Users of AI Detective Services
Individuals whose profiles or content are analyzed (at user request)

3.5 Types of Personal Data

Account information (email, username, hashed passwords)
Wallet addresses (for token holders)
Content submitted for analysis
Profile data from public social media sources
Usage logs and analytics data

4. Processor Obligations

AI Detective, as Processor, shall:

4.1 Process on Instructions: Process personal data only on documented instructions from the Controller, unless required by applicable law.

4.2 Confidentiality: Ensure that persons authorized to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

4.3 Security Measures: Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Encryption of personal data in transit and at rest
Access controls and authentication
Regular security testing and vulnerability assessments
Incident response procedures
Regular backups and disaster recovery

4.4 Sub-processing: Not engage another Processor without prior written authorization from the Controller. See Section 5 for sub-processor requirements.

4.5 Data Subject Rights: Assist the Controller in responding to requests from Data Subjects exercising their rights under GDPR (access, rectification, erasure, portability, objection).

4.6 Security Assistance: Assist the Controller in ensuring compliance with security obligations, breach notification, data protection impact assessments, and prior consultations.

4.7 Deletion or Return: At the Controller's choice, delete or return all personal data to the Controller after the end of the provision of Services, and delete existing copies unless storage is required by law.

4.8 Audit Rights: Make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller.

5. Sub-processors

5.1 The Controller provides general authorization for AI Detective to engage sub-processors, subject to the requirements in this Section.

5.2 Current sub-processors include:

Sub-processor	Purpose	Location
Google Cloud Platform	Cloud infrastructure, APIs (Vision, NLP, Safe Browsing)	USA (with EU data center options)
Stripe	Payment processing	USA
Amazon Web Services	Cloud storage and compute	USA/EU
Solana Network	Blockchain transactions (wallet verification)	Decentralized

5.3 AI Detective will inform the Controller of any intended changes concerning the addition or replacement of sub-processors, giving the Controller the opportunity to object to such changes.

5.4 AI Detective will impose data protection obligations on sub-processors equivalent to those set out in this DPA.

6. International Data Transfers

6.1 Personal data may be transferred outside the European Economic Area (EEA) only where:

The destination country has an adequacy decision from the European Commission; or
Appropriate safeguards are in place (Standard Contractual Clauses); or
A derogation applies under Article 49 GDPR

6.2 For transfers to the United States, we rely on EU-US Data Privacy Framework certification where applicable, or Standard Contractual Clauses (2021/914).

7. Personal Data Breach

7.1 AI Detective shall notify the Controller without undue delay after becoming aware of a Personal Data Breach affecting Controller's personal data.

7.2 Notification shall include:

Description of the nature of the breach
Categories and approximate number of data subjects affected
Categories and approximate number of personal data records concerned
Name and contact details of AI Detective's data protection contact
Likely consequences of the breach
Measures taken or proposed to address the breach

7.3 AI Detective shall cooperate with the Controller and take reasonable commercial steps to assist in the investigation, mitigation, and remediation of each Personal Data Breach.

8. Data Protection Officer

For questions about this DPA or our data protection practices:

Data Protection Contact: dpo@aidetector.app

9. Liability

9.1 Each party's liability under this DPA is subject to the limitations and exclusions of liability set out in the main Terms and Conditions.

9.2 Nothing in this DPA excludes or limits liability for breaches that cannot be limited under applicable law.

10. Term and Termination

10.1 This DPA shall remain in effect for as long as AI Detective processes personal data on behalf of the Controller.

10.2 Upon termination, AI Detective will comply with Section 4.7 (deletion or return of data).

11. Governing Law

This DPA shall be governed by and construed in accordance with the laws specified in our main Terms and Conditions. For EEA data subjects, GDPR and applicable member state law shall apply to data protection matters.

12. Contact

For questions about this Data Processing Agreement:

Email: legal@aidetector.app

Data Protection: dpo@aidetector.app

Expert Sources: This Data Processing Agreement follows the template and requirements established by GDPR.eu (Horizon 2020 / Proton AG), EU Standard Contractual Clauses (2021/914), and UK Information Commissioner's Office guidance.