I Spy AI

Privacy Policy

Last updated April 17, 2026

Your privacy is critically important to us. At Cira Tech LLC, operator of I Spy AI, we are thoughtful about the personal information we ask you to provide and the information we collect through the operation of our services. We store personal information only as long as we have a reason to keep it, and we aim for full transparency on how we gather, use, and share your information.

Who We Are and What This Policy Covers

I Spy AI is an AI-generated image detection service operated by Cira Tech LLC and available at www.ispyai.io. Users create an account, upload images, and receive an analysis indicating the likelihood that an image was AI-generated.

This Privacy Policy applies to information we collect when you use our website and services (collectively, “Services”), including when you create an account, upload images for analysis, manage your subscription, or contact us for support.

Information We Collect

Information You Provide to Us

We collect information you provide directly when you sign up or use our Services:

  • Account information: When you create an account, we collect your name, email address, and a password. We also record whether your email address has been verified.
  • Profile information: You may optionally provide a profile image (avatar).
  • Payment information:Payments are processed by our payment partner, Dodo Payments. When you subscribe, Dodo collects your payment method and billing details directly. We store only the Dodo customer identifier (“Dodo Customer ID”) associated with your account, which we use to verify your subscription status. We do not store full credit card numbers or payment credentials.
  • Images you upload: You may upload images to have them analyzed for AI-generated content. We transmit your image to our analysis service to perform the detection and return a result. We do not store your images beyond what is strictly necessary to complete the analysis. Once analysis is complete, uploaded images are deleted and not retained.
  • Communications: If you contact us for support or send us feedback, we retain a copy of your message and our response.

Information We Collect Automatically

We also collect some information automatically:

  • Log information: Our servers and infrastructure may log standard web server data, including your IP address, browser type, operating system, referring URL, and the date and time of your request.
  • Session information: We use cookies and server-side sessions to keep you signed in and to cache a short-lived copy of your authentication state. For more information, see our Cookie Policy.

How and Why We Use Information

We use the information we collect to:

  • Provide our Services — set up and maintain your account, perform image analysis, and deliver results.
  • Manage your subscription — verify that you have an active subscription before allowing analysis, process payments through Dodo Payments, and communicate about your billing status.
  • Verify your identity and secure the service — require email verification before granting access; authenticate your session on each request.
  • Communicate with you — send email verification messages, respond to support requests, and, where permitted, send service-related notices.
  • Maintain and improve our Services — monitor system health, debug issues, and improve the reliability and quality of the analysis.
  • Comply with legal obligations — retain records required by law or respond to lawful requests from public authorities.

Legal Bases for Processing (EU/UK)

If you are located in the European Union or United Kingdom, our legal grounds for processing your personal information are:

  • Contract: Processing is necessary to provide the Services you have requested — for example, to authenticate you, run image analysis, or manage your subscription.
  • Legal obligation: Processing is necessary to comply with applicable law.
  • Legitimate interests: Processing is necessary for our legitimate interests, such as maintaining the security and integrity of our Services and preventing fraud, where those interests are not overridden by your rights.
  • Consent: Where we rely on consent (for example, for non-essential cookies), you may withdraw it at any time.

Payments and Dodo Payments

Payments for I Spy AI subscriptions are processed by Dodo Payments (Merchant of Record). When you make a purchase, your payment and related personal data are handled directly by Dodo Payments. Dodo Payments’ own policies govern their collection and use of your payment data:

We receive from Dodo only the customer identifier necessary to verify your subscription status. We do not receive or store your full payment card details.

Sharing Information

We do not sell your personal information. We share information about you only in limited circumstances:

  • Service providers: We share information with third-party vendors who help us operate the Services — including our image analysis backend, our database host (DigitalOcean), our email delivery provider (Gmail SMTP via Nodemailer), and Dodo Payments for billing. These providers are authorized to use your information only as necessary to provide services to us.
  • Legal requirements: We may disclose information in response to a valid subpoena, court order, or other lawful governmental request, or when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Cira Tech LLC, our users, or the public.
  • Business transfers: If Cira Tech LLC is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the website of any such change and any choices you may have.
  • With your consent: We may share information with your explicit consent or at your direction.

Image Data

Images you upload are transmitted to our AI analysis backend solely for the purpose of performing the requested detection. We do not retain your images after analysis is complete. Specifically:

  • Your image is sent to the analysis service as raw binary data over an encrypted connection.
  • Once the analysis result is returned and made available to you, the image is deleted from our systems and is not stored, indexed, or used for any other purpose.
  • We do not use your uploaded images to train AI models or share them with third parties beyond the analysis backend.

How Long We Keep Information

We keep your account information (name, email address, email verification status, and Dodo customer identifier) for as long as your account is active. If you close your account, we will delete or anonymize your personal information unless we are legally required to retain it.

Server and access logs may be retained for a short period (typically up to 30 days) for security monitoring and debugging purposes, after which they are deleted or anonymized.

As described above, uploaded images are deleted promptly after analysis is complete.

Security

We take reasonable technical and organizational measures to protect your personal information against unauthorized access, use, alteration, or destruction. These measures include:

  • Encrypted connections (HTTPS) for all traffic to and from our Services.
  • JWT-based authentication with short-lived tokens signed using EdDSA, with regular key rotation.
  • Email verification required before account access is granted.
  • Database connections over TLS with certificate pinning to our managed PostgreSQL host.
  • Strict Content Security Policy and other security headers on all responses.

No online service can guarantee 100% security. If you believe your account has been compromised, please contact us immediately at [email protected].

Your Choices

  • Account information: You can review and update your name and email address from your profile page.
  • Email communications: We send transactional emails such as email verification and account-related notices. You cannot opt out of these while your account is active. If you no longer wish to receive any communications from us, you may close your account.
  • Cookies: You can control cookies through your browser settings. Disabling cookies will prevent you from signing in to I Spy AI. See our Cookie Policy for details.
  • Account deletion: You may request deletion of your account by emailing us at [email protected]. We will delete your account and associated personal information, subject to any retention obligations imposed by law.

Your Rights

Depending on your location, you may have certain rights regarding your personal information.

European General Data Protection Regulation (GDPR)

If you are located in a country subject to the GDPR, you have the right to:

  • Request access to your personal data;
  • Request correction or deletion of your personal data;
  • Object to our use and processing of your personal data;
  • Request that we restrict our use and processing of your personal data;
  • Request portability of your personal data; and
  • Lodge a complaint with your local data protection supervisory authority.

US State Privacy Rights

Residents of certain US states (including California, Colorado, Connecticut, Texas, Virginia, and others) may have additional rights, including:

  • The right to know what personal information we collect and how it is used;
  • The right to request deletion of your personal information;
  • The right to correct inaccurate personal information;
  • The right to opt out of the sale or sharing of personal information (we do not sell personal information); and
  • The right not to be discriminated against for exercising your privacy rights.

In the past 12 months, we have collected the following categories of personal information: identifiers (name, email address, IP address, device and browser identifiers); commercial information (subscription status and Dodo customer identifier); and internet or network activity information (log data, session data). We collect this information for the purposes described in the How and Why We Use Information section above. We do not sell this information.

To exercise any of these rights, please contact us at [email protected]. We will respond within a reasonable timeframe and may need to verify your identity before processing your request.

Children

Our Services are not directed to children. You must be at least 13 years old to use the Services. If you are located in the European Union or European Economic Area (“EU/EEA”), you must be at least 16 years old to use the Services without parental or guardian consent, in accordance with the GDPR. We do not knowingly collect personal information from anyone below the applicable minimum age. If you believe a user below the applicable minimum age has provided us with personal information, please contact us and we will delete that information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the date at the top of this page and, where appropriate, by sending an email to the address associated with your account. Your continued use of the Services after any change constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Cira Tech LLC

Email: [email protected]

This Privacy Policy is adapted from the Automattic Legalmattic open-source privacy policy, available under a Creative Commons ShareAlike license.