Privacy Policy

To use some of our products and services, such as creating posts or using the AI Studio, you need to have an account. To create an account, you must provide us with certain information.

• Account Information: When you register, you must provide a unique username, an email address, a password (securely hashed and managed via AWS Cognito), your Date of Birth, and a public `@handle`. We collect your Date of Birth to ensure you meet our minimum age requirements and to tailor age-appropriate content and advertisements to you. Unlike your profile name and handle, your Date of Birth is kept strictly private.
• Profile Information: You may optionally provide additional information for your public profile, such as a display avatar, a banner image, a short biography, and a link to your personal website or portfolio. Your profile information is always public.
• User-Generated Content: We collect the content you create and post on Demotect. This includes the images or other files you upload, text captions, image labels, copyright attribution details, and any replies you leave on other users' posts.
• AI Studio Inputs: When using the AI Studio, we collect the base images you upload, the exact coordinates of any structural masks you draw over those images, and the text prompts you write to instruct the artificial intelligence models (provided by OpenAI).
• Geographic Data: You may choose to attach a location to your post. When you do, we collect the exact latitude and longitude, city, country code, and OpenStreetMap (OSM) identifier to pin your post to our Global Map. You may also provide geographic data when proposing a "Location Correction" for another user's post.
• Payment Information: If you upgrade to a Premium tier, you must provide payment information, including credit or debit card numbers, billing addresses, and expiration dates. Note: Demotect does not store your raw credit card numbers. All payments are processed and stored securely by our payment provider, Stripe.
• Communications: If you communicate with us directly, such as through email for customer support, we will collect information about the communication and its content.

When you use our services, we collect information about how you use our products. We use this information to provide our services, keep the platform secure, and make our algorithms more relevant to you.

• Usage and Interaction Data: We collect extensive data regarding your interactions with the platform. This includes posts you like, posts you bookmark, users you follow, and users you block or mute. It also includes your interactions with our unique UI elements, such as which side of an image you "Vote" for, how often you drag the interactive image sliders, and your clicks on map clusters.
• Dwell Time and Impressions: To measure the quality of content without relying solely on clicks, we utilize client-side tools to calculate "Dwell Time"—measuring exactly how many milliseconds a post is actively visible on your screen.
• Device and Log Data: We collect information from and about the devices you use to access Demotect. This includes your IP address, browser type, operating system, referring webpages, access times, pages visited, and device language.
• Analytics and Advertising Data: We use Google Analytics to collect data on how you navigate our platform, which helps us understand user trends and improve our services. Additionally, when you view or interact with advertisements served on our platform (via Google AdSense), we or our advertising partners may collect information about those views or interactions.
• Cookies and Local Storage: We use cookies, `localStorage`, and `sessionStorage` to operate our services. For example, we use `sessionStorage` to accurately count post views without deduplication errors, and `localStorage` to save your UI preferences (like Dark Mode, Language, or Map Warning toggles). You can learn more in our Cookie Policy.

We may receive information about you from third parties in the following scenarios:

• Third-Party Authentication (Single Sign-On): If you choose to register or log in using a third-party service like Google OAuth, we receive information from that service. This is strictly limited to your name, email address, and profile picture, which we use to securely provision your Demotect account.
• Payment Processors: When you subscribe to a Premium tier, our payment provider (Stripe) securely passes information back to us regarding your subscription status, billing history, and limited payment identifiers (like the last four digits of your card) so we can manage your account and grant you access to premium features.
• Ad Partners and Analytics: Our advertising and analytics partners (such as Google AdSense and Google Analytics) may share aggregated or hashed information with us—such as browser cookie IDs, mobile device IDs, and demographic or interest data—to help deliver more relevant advertising and measure the effectiveness of our services.

• Feed Algorithms: We use your interaction data (such as likes, bookmarks, voting preferences, slider interactions, and dwell time) to calculate engagement scores. This allows our ranking algorithms to personalize your "For You" feed and show you the most relevant visual transformations.
• Global Map: We use the geographic data attached to posts to render map pins and efficiently group nearby posts into colored clusters, allowing users to seamlessly explore content around the world.
• Platform Maintenance: We use log data to troubleshoot software bugs, monitor server uptime, and optimize the speed of our services.

• Automated Moderation: To ensure Demotect remains a safe environment, all uploaded images are automatically scanned by AWS Rekognition or OpenAI. This allows us to instantly detect, flag, or remove prohibited material (such as explicit nudity or graphic violence) in accordance with our Rules.
• Trust and Reputation: We analyze user behaviors (like accurate map placements vs. malicious map pinning) to calculate a "Cartographer Score" and an internal "Trust Score." This helps us demote spammers and reward users who contribute high-quality data to the community.
• Account Protection: We use your data to authenticate your sessions, prevent unauthorized access, and defend against fraudulent activity.

When you use the AI Studio to edit or generate imagery, we process the base images, masks, and text prompts you provide. This data is transmitted securely to our AI partners (such as OpenAI) via their Enterprise APIs specifically to fulfill your request and render the transformed output image.

Zero Training Policy: We do not allow our AI partners to use your personal images or text prompts to train, improve, or fine-tune their foundational AI models. Data transmitted for AI generation is securely deleted by our providers shortly after processing (typically within 30 days) and is strictly utilized for the sole purpose of providing the service to you.

• Age-Appropriate Advertising: We use your Date of Birth to ensure that age-restricted advertisements (such as those for financial services) are not shown to minors, and to help our advertising partners deliver more relevant ad campaigns.
• Google Analytics: We use Google Analytics to measure how users interact with our website, which features are most popular, and where we can improve the user experience.
• Google AdSense & Third-Party Advertising: To keep our basic services free, we use Google AdSense and its network of certified third-party Ad Technology Providers to serve native, in-feed advertisements. Please be aware that as a result of ad serving on our platform, Google and other third-party ad vendors may place and read cookies on your browser, or use web beacons and collect IP addresses to gather information. These tracking technologies enable Google and its partners to evaluate ad performance and serve personalized advertisements based on your prior visits to Demotect and other websites across the internet.
  
  For detailed information regarding Google’s data practices, please review the following resource: How Google uses information from sites or apps that use their services.

We use your contact information to send you essential administrative messages, such as password reset emails, security alerts, and updates to our Terms of Service.

Demotect is a public platform. When you share content, you are directing us to disclose that information as broadly as possible.

• Profiles and Content: Your profile information (name, handle, avatar), the posts you publish, image labels, and captions are visible to the general public. They do not need to be signed in to view this content, and it may be indexed by external search engines (like Google).
• Map Pins: If you attach a location to your post, that exact location becomes publicly visible on our Global Map.
• Interactions: Your follower and following lists are public. However, your individual "Votes" on sliders, your bookmarks, and the users you block or mute are strictly private and are not visible to other users.

We share information with trusted third-party service providers that perform functions on our behalf. We ensure they maintain the same high standards of data protection that we do.

• Cloud & Hosting: Amazon Web Services (AWS) hosts our databases, stores your uploaded images securely in S3 buckets, and provides the Rekognition API for automated safety moderation.
• AI Providers: OpenAI receives the images and prompts you submit in the AI Studio to generate your visual transformations.
• Mapping Infrastructure: We use Mapbox to render the interactive 3D map interface, and Komoot Photon to process location searches and coordinate geocoding.
• Payment Processing: Stripe securely processes and manages all billing and subscription data for our Premium users.
• Advertising & Analytics: Google AdSense and Google Analytics process certain usage and device data to deliver ads and measure platform performance.

We may preserve, use, share, or disclose your information if we believe it is reasonably necessary to:
• Comply with a law, regulation, legal process, or governmental request.
• Protect the safety of any person or the integrity of our platform.
• Address fraud, security, or technical issues.
• Protect our rights or property, or the rights and property of those who use our services.

If Demotect is involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your personal information may be sold or transferred as part of that transaction. This Privacy Policy will continue to apply to your information after it is transferred to the new entity.

• Account Data: We keep your profile information, AI chat messages, and posts for the duration of your active account.
• Logs and Analytics: Server logs and analytics data are typically retained for up to 12-18 months before being aggregated or deleted.
• Billing Data: Transaction records may be retained longer to comply with applicable tax and accounting laws.

You have the right to delete your account at any time via your Account Settings. Because your account contains valuable data, we have implemented a strict security feature to protect you against malicious account hijacking.

• Immediate Deactivation: When you initiate deletion, your profile, including all posts, are immediately deactivated and hidden from the public platform. Your account enters a "Scheduled for Deletion" phase.
• The 30-Day Window: During the next 30 days, your data remains safely frozen. If your account was deleted by a hacker, or if you simply change your mind, you can log back into your account at any time and click "Reactivate" to instantly abort the deletion process.
• Permanent Wipe: Once the 30-day grace period expires, our automated systems permanently and irreversibly wipe your account, posts, interactions, and images from our PostgreSQL databases and Amazon S3 storage servers.

Even after permanent deletion, we may retain a strictly limited set of anonymized data to comply with global privacy laws (such as the CCPA or GDPR). For example, when an account is permanently wiped, we may retain a cryptographic, one-way hash of your email address alongside a timestamp to legally prove that your deletion request was fulfilled. This audit log cannot be used to identify you or reconstruct your email address, and it is automatically purged when the legal retention requirement expires.

We process your information when it is necessary to fulfill our contractual obligations to you under our Terms of Service. This includes creating and maintaining your account, publishing your visual transformations, pinning posts to the map, and processing your prompts and images in the AI Studio.

We process your information when it is reasonably necessary to achieve our legitimate business interests, provided those interests do not outweigh your fundamental rights. For example, we rely on legitimate interests to:
• Automatically scan uploaded imagery (via AWS Rekognition) to detect illegal or harmful content.
• Analyze user engagement (such as dwell time and slider interactions) to improve our recommendation algorithms.
• Secure our platform against fraud, spam, and unauthorized access.

We rely on your explicit, revocable consent to deploy non-essential tracking cookies for analytics (Google Analytics) and personalized advertising (Google AdSense). You can withdraw this consent at any time via our Cookie Settings.

We process your data to fulfill legal obligations. This includes:
• Age Verification: Processing your Date of Birth to ensure compliance with laws protecting children's privacy, such as GDPR Article 8 and the US COPPA.
• Compliance: Cooperating with law enforcement, resolving disputes, or retaining transaction records for tax and accounting purposes.

Demotect participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. We use the Consent Management Platform operated by Google LLC, with the identification number 300.

You can review the specific purposes, features, and third-party vendors we partner with, and manage your granular consent preferences at any time by accessing our Privacy & Cookie Settings.

You can access and edit most of your personal data directly through your profile and account settings. If you wish to receive a full export of the personal data we hold about you in a machine-readable format, please contact us at privacy@demotect.com. We will provide this archive within the timeframe required by your local laws.

You can initiate the deletion of your account at any time via your account settings. As detailed in Section 4, this triggers a 30-day grace period to protect you from malicious account hijacking, after which your data is permanently wiped.

You can opt out of non-essential cookies, Google Analytics, and personalized advertising by launching our Cookie consent manager, visit our Cookie Policy to read more. Furthermore, we respect browser-level Global Privacy Control (GPC) signals. If your browser broadcasts a GPC signal, we will automatically disable non-essential tracking and advertising cookies.

You can opt out of receiving promotional emails from us by clicking the "unsubscribe" link at the bottom of any such email. Please note that even if you opt out of promotional emails, we will still send you essential service-related communications (such as password reset verifications or important policy updates).

If you are a resident of California or other US states with comprehensive privacy laws (such as Virginia, Colorado, or Connecticut), this section applies to you.

• Categories of Data Collected: In the past 12 months, we have collected identifiers (e.g., email, IP address), commercial information (e.g., subscription history), internet activity (e.g., platform engagement), and geolocation data.
• "Sale" or "Sharing" of Personal Information: We do not sell your personal data for money. However, under the broad definition of "sharing" in the CCPA, our use of Google Analytics and Google AdSense for targeted advertising may constitute "sharing" data. You have the right to opt out of this "sharing" via our Privacy Manager or by utilizing a Global Privacy Control (GPC) signal.
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights. You will not be denied services or charged different prices for utilizing your opt-out rights.

Our primary databases are hosted in the European Union (Ireland). However, Demotect operates globally, and your data may be securely transferred to third-party sub-processors located in the United States (such as AWS, Stripe, Google, and OpenAI).

When we transfer data originating from the EEA, UK, or Switzerland to countries that do not have equivalent data protection laws, we rely on legally recognized transfer mechanisms. These include the European Commission’s Standard Contractual Clauses (SCCs) and our partners' adherence to the EU-U.S. Data Privacy Framework (DPF).