Privacy Policy

1. Introduction

ScanTheFake ("we," "us," or "our") operates the website scanthefake.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and handling your data transparently.

2. Information We Collect

2.1 Files You Upload

When you use our scanning features, you may upload images, videos, text, or provide URLs. These files are processed in real-time to detect AI-generated content. We do not permanently store your uploaded files. Files are held in memory only during the scan process and are immediately discarded after analysis is complete.

2.2 Scan Metadata

We collect anonymized, non-identifying metadata about scans to improve our service and display aggregate statistics. This includes:

• Scan type (image, video, text, link)
• File size and file type (e.g., "image/png")
• Scan verdict and confidence score
• Timestamp of the scan

This metadata does not include file contents, file names, IP addresses, or any personally identifiable information.

2.3 Automatically Collected Information

Like most web services, we automatically collect certain technical information when you visit our site, including:

• Browser type and version
• Device type and operating system
• Pages visited and time spent
• Referring website

This information is collected through server logs and is used solely for security monitoring and service improvement.

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the scanning service
• Display aggregate scan statistics on our homepage
• Monitor and prevent abuse of the service
• Improve the accuracy and performance of our detection algorithms
• Enforce our rate limits and security measures
• Comply with legal obligations

4. Third-Party Services

To perform content analysis, we may send your uploaded content to the following third-party APIs for processing:

• Sightengine — for AI-generated image detection. Their privacy policy is available at sightengine.com/privacy
• Winston AI — for AI-generated text detection. Their privacy policy is available at gowinston.ai/privacy-policy

These services process your content solely for the purpose of analysis and are contractually obligated not to store or use your content for any other purpose.

5. Cookies and Session Data

We use a single essential session cookie (__stf_session) to maintain security during your visit. This cookie is:

• HttpOnly — cannot be accessed by JavaScript
• Secure — only sent over HTTPS
• SameSite=Strict — prevents cross-site request forgery
• Expires after 30 minutes of inactivity

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

6. Data Retention

• Uploaded files: Not stored. Processed in memory and immediately discarded.
• Scan metadata: Retained for up to 90 days, then automatically deleted.
• Aggregate statistics: Retained indefinitely (no personal data).
• Server logs: Retained for up to 30 days for security monitoring.

7. Data Security

We implement industry-standard security measures to protect your data, including:

• HTTPS encryption for all data in transit (TLS 1.2+)
• CSRF token protection with one-time-use nonces
• Proof-of-Work challenge to prevent automated abuse
• File type validation via magic byte inspection
• Per-IP rate limiting
• Content Security Policy (CSP) headers
• Strict Transport Security (HSTS)

8. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

9. Your Rights

Since we do not collect personally identifiable information, most data subject rights (access, rectification, deletion) are not applicable. However, if you believe we hold any data about you, you may contact us to request its deletion.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the new policy.

11. Contact

If you have questions about this Privacy Policy, please contact us at privacy@scanthefake.com