Home/Privacy Policy

Privacy Policy

Last updated: June 30, 2026

1. Controller

The controller responsible for the processing of personal data on this website, within the meaning of the General Data Protection Regulation (GDPR), is:

Ailiniyazi Maimaiti (BriefWizard)
Gustav-Heinemann-Ring 131, 81739 München, Germany
E-mail: kontakt@aiwebsitedetector.com

2. What Data We Collect and Why

2.1 Website Scans

When you submit a URL for scanning, we store the following data in our database:

  • The URL you submitted
  • Scan results (detected builder, CMS, technologies, hosting provider, AI probability)
  • Your IP address (for rate limiting and abuse prevention)
  • Your browser’s User-Agent string (for bot detection)
  • A screenshot of the scanned website (URL reference, not raw image data)
  • Timestamp of the scan

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in providing the scanning service, preventing abuse, and maintaining service integrity.

2.2 User Accounts

If you register for an account (e.g. to access the developer API), we store:

  • E-mail address
  • Password (hashed with bcrypt — never stored in plain text)
  • API keys you generate
  • Account creation and last login timestamps

Legal basis: Art. 6(1)(b) GDPR — performance of the contract with you.

2.3 Browser Extension

The browser extension analyses the active tab only when you explicitly trigger a scan. It sends the current page URL to our scan API. No browsing history is collected, and no data is transmitted without your interaction.

2.4 Contact Enquiries

If you contact us by e-mail, we process your e-mail address and the content of your message to respond to your enquiry. Data is deleted once the conversation is concluded and no legal retention obligations apply.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in handling enquiries.

2.5 Analytics

We collect aggregated, anonymised server-side traffic statistics (page views, referrers, country-level data) via our own infrastructure. No cookies are set for analytics purposes, and no personal identifiers are stored.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in understanding usage patterns to improve the Service.

2.6 Scanned Site Owners (Non-Users)

The website scanner analyses domains submitted by our users, who are not necessarily the owner of the scanned site. For a scanned site itself, we only ever collect the public, technical signals described in 2.1 above — HTML, HTTP headers, DNS records, IP/ASN and hosting information. We do not perform WHOIS lookups for registrant names or contact details, and we do not harvest e-mail addresses from scanned pages.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in providing technology-detection results about publicly accessible websites.

3. Third-Party Service Providers

We use the following third-party processors to operate the Service. Where providers are based outside the EU/EEA, data transfers are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards.

ProviderPurposeLocation
Hetzner Online GmbHWebsite hosting & server infrastructureGermany (EU)
Hetzner Online GmbH (self-hosted PostgreSQL)Database — self-hosted on our own serverGermany (EU)
Anthropic PBCAI-generated site descriptions (Claude API)USA (SCCs)
Hetzner Online GmbH (self-hosted mail server)Transactional e-mail delivery — self-hosted SMTPGermany (EU)
Stripe Inc.Payment processing (paid plans)USA (SCCs)
Google LLC (AdSense)Ad servingUSA (SCCs)

We do not sell personal data to any third party.

4. Cookies and Session Storage

We use cookies only where strictly necessary:

  • Session cookie (next-auth) — set when you log in to your account or the admin dashboard. Contains an encrypted session token. Expires when you close your browser or after 30 days if “Remember me” is selected.
  • Google AdSense (advertising) — we use Google AdSense to serve ads. AdSense may set cookies for ad delivery, frequency capping, and measurement. For full details, see Google’s Privacy & Terms.

Legal basis for advertising cookies: Art. 6(1)(a) GDPR — your consent.

5. Data Retention

  • Scan records — retained indefinitely as anonymised technical data. IP addresses in scan records are not linked to personal accounts and are used solely for rate limiting.
  • User accounts — retained for as long as the account is active. You may request deletion at any time (see Section 6).
  • E-mail correspondence — deleted once the enquiry is resolved, unless a longer retention period is required by law.
  • Delisting requests — if a scanned site's owner submits a removal request (see Section 2.6), we retain the request itself (domain, requester e-mail, reason) for our records after review. If approved, the affected domain is excluded from all public directory pages, search indexing, and — for a full-removal request — future scanning, from that point forward. Existing scan records are not retroactively deleted by a directory-only delisting.

6. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15) — request a copy of the data we hold about you.
  • Right to rectification (Art. 16) — request correction of inaccurate data.
  • Right to erasure (Art. 17) — request deletion of your personal data (“right to be forgotten”).
  • Right to restriction (Art. 18) — request that we limit how we process your data.
  • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Right to object (Art. 21) — object to processing based on legitimate interest.

To exercise any of these rights, contact us at kontakt@aiwebsitedetector.com. We will respond within 30 days.

You also have the right to lodge a complaint with the competent supervisory authority. In Germany, this is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 27, 91522 Ansbach.

If you are the owner of a scanned website rather than a registered user of the Service, the channel above is for account-related requests. To request removal of your site from our public directory pages or from future scanning, use /manage-listing instead — see Section 2.6.

7. Security

We implement appropriate technical and organisational measures to protect your data, including TLS encryption for all data in transit, bcrypt password hashing, and database access restricted to authorised infrastructure only.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify affected users promptly in the event of a data breach.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The “Last updated” date at the top of the page will always reflect the most recent revision. For significant changes, we will notify registered users by e-mail.

9. Contact

For all privacy-related enquiries: kontakt@aiwebsitedetector.com

See our Impressum for full contact and legal details.