Privacy Policy
Effective:
This Privacy Policy explains how [PLACEHOLDER: legal entity name] (“StealthZero,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use our websites, web application, companion mobile apps, APIs, and related services (the “Service”). It works together with our Terms of Use. For privacy purposes, the controller of your information is [PLACEHOLDER: legal entity & registered address].
1. Information we collect
- Account information — such as your name, email address, and the authentication method you use (email/password, Google sign-in, or passkey). We do not receive your Google password.
- Customer Content — the text, documents, files, prompts, and settings you submit to the tools (for example, the humanizer, detector, agent and writing tools, AI Reports, and Plagiarism Check), and the outputs generated for you.
- Usage & diagnostics — IP address, device and operating system, browser and app version, feature usage, pages viewed, requests, timestamps, referring pages, and crash and error logs.
- Approximate location — derived from your IP address and locale, used for language defaults, security, fraud prevention, and analytics. We do not collect precise GPS location.
- Payment information — processed by our payment processor and app stores. We receive limited billing details (such as plan, status, and the last four digits or card brand) but do not store full payment card numbers.
- Communications & support — messages you send us, including via email and support chat, and related metadata.
- Cookies, local storage & similar technologies — used to keep you signed in, remember preferences (including local history on your device), secure the Service, and measure usage. See “Cookies” below.
2. How and why we use information
We use information to:
- provide, operate, maintain, and deliver the Service and its features;
- process payments, subscriptions, trials, credits, and referrals;
- secure the Service and detect, prevent, and respond to fraud, abuse, and incidents;
- provide support and respond to your requests;
- troubleshoot, analyze, and improve the Service;
- send transactional and service messages, and (with consent where required) marketing;
- comply with law and enforce our Terms.
Legal bases (EEA/UK). Where the GDPR or UK GDPR applies, we rely on: performance of a contract (to provide the Service you request); legitimate interests (to secure, analyze, improve, and market the Service, and to prevent abuse, balanced against your rights); consent (for certain cookies and marketing, which you may withdraw at any time); and legal obligation (to meet our legal and regulatory duties).
3. AI processing of your content
To deliver features you request, your Customer Content is processed by us and by our model and verification subprocessors (for example, to humanize, detect, write, run agent tasks, generate AI Reports, and check for plagiarism). Some features route your content to third-party AI model providers and detection or plagiarism engines so they can return a result. We do not use your Customer Content to train our or any third party’s foundation models. Where the Service offers automated suggestions or scoring, you remain responsible for reviewing and deciding how to use the outputs.
4. Sharing & subprocessors
We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising as those terms are defined under California law. We share information only as described here, with service providers and subprocessors who act on our instructions and are bound by confidentiality and data-protection obligations. The categories of subprocessors we use include:
- Authentication, database & storage — Supabase (account authentication, application database, and file storage).
- Cloud hosting, CDN & security — Cloudflare (application hosting, content delivery, edge key-value storage, bot protection/Turnstile, and related security).
- Payments — Stripe (web subscription and payment processing).
- File uploads — UploadThing (handling files you upload).
- Email — Resend (transactional and product emails) and Maileroo (internal/administrative notifications).
- Support chat — Tawk.to (live chat support).
- Sign-in provider — Google (for Google sign-in, if you choose it).
- AI model providers — OpenAI and Google (Gemini) for AI writing, agent, and assistance features (and additional model providers we may add).
- Humanizer & detection model providers — the rephrasing and detection engines that power our humanizer and detector models (for example, Rephrasy and Cognibypass/Supernova), and Undetectable.ai for our Origin humanizer.
- AI Report & verification vendors — our AI-report backend and the detection and verification engines it integrates, including Turnitin, GPTZero, Winston, and Sentrio/Copyleaks.
- Plagiarism engine — iThenticate (for Plagiarism Check).
- Mobile app services — for our companion apps, our in-app purchase/subscription manager (RevenueCat), the Apple App Store and Google Play (for in-app purchases), and push-notification services (Firebase Cloud Messaging on Android and Apple Push Notification service on iOS).
We may also disclose information if required by law or legal process, to protect the rights, property, or safety of StealthZero, our users, or others, to enforce our Terms, or in connection with a merger, acquisition, financing, or sale of assets (in which case we will require the recipient to honor this Policy).
5. International data transfers
We and our subprocessors may process information in countries other than your own, including the United States. Where we transfer personal information from the EEA, UK, or Switzerland to a country without an adequacy decision, we use appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable), or another lawful transfer mechanism.
6. Retention & deletion
We keep personal information for as long as your account is active and as needed to provide the Service, then for a reasonable period to meet legal, accounting, security, and dispute-resolution needs. Customer Content is processed to deliver the feature you request; some content and history may be stored on your device or in your account depending on your settings. You can request deletion of your account and personal information by emailing support@stealthzero.ai; we generally complete verified requests within about 30 days, except where we must retain information by law.
7. Your privacy rights
EEA/UK and similar regions. Subject to applicable law, you may request to access, correct, delete, restrict, or port your personal information, object to certain processing, and withdraw consent (without affecting prior processing). You may also lodge a complaint with your local data-protection supervisory authority.
California (CCPA/CPRA) and similar U.S. state laws. Subject to applicable law, you may request to know, access, delete, and correct your personal information, and to opt out of any “sale” or “sharing” and to limit the use of sensitive personal information. We do not sell or share personal information as those terms are defined under California law. We will not discriminate against you for exercising your rights.
To exercise any right, contact support@stealthzero.ai. We will verify your request and may ask for information to confirm your identity. You may use an authorized agent where the law permits.
8. Cookies & similar technologies
We use cookies, local storage, and similar technologies to keep you signed in, remember your preferences and local history, secure the Service, and understand usage. Some are strictly necessary; others are optional. You can control cookies through your browser or device settings, and through any cookie or privacy controls we provide in the Service.
9. Automated decision-making
The Service uses automated processing to generate AI outputs and scores and to detect fraud and abuse (for example, bot protection, rate limiting, and trial- and referral-abuse checks). These do not produce legal or similarly significant effects about you without human involvement, and our scoring is provided as estimates for your review.
10. Children’s privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from them. Where local law requires a higher age (for example, 16 in parts of the EU/EEA), the Service is not directed to users under that age without appropriate parental or guardian consent. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.
11. Security
We use technical and organizational measures designed to protect personal information, including encryption in transit, access controls, logging, bot protection, and a request-signing (DPoP) layer that binds requests to your session. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials and devices secure.
12. EU/UK representative & data protection officer
Where required by the GDPR or UK GDPR, our EU/UK representative and/or Data Protection Officer can be reached at [PLACEHOLDER: EU/UK representative & DPO contact].
13. Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will provide reasonable notice (for example, by posting the updated Policy with a new effective date or by other reasonable means). Continued use of the Service after changes take effect means you accept the updated Policy.
14. Contact
Questions or requests? Contact us at support@stealthzero.ai.