Plag Detect
Log In Get Started

Privacy Policy

Last updated: May 17, 2026

This Privacy Policy explains what personal data Plag Detect (“we”, “us”) collects when you use https://plagdetect.org and our services, why we collect it, how we use it, and the choices you have. It is written to satisfy the GDPR, UK GDPR and CCPA disclosure requirements.

1. Data We Collect

1.1 Information you provide

  • Account data: first name, last name, email address, password hash.
  • Document content: the files and text you upload for analysis.
  • Support communications: messages you send us via email or chat.

1.2 Information collected automatically

  • Log & security data: IP address, browser user-agent, request timestamps, country (derived from IP), brute-force counters.
  • Cookies: a session cookie used to keep you logged in and a CSRF cookie used to protect form submissions. See our Cookie Policy.

1.3 Information from payment processing

When you make a purchase, our payment processor PayPro Global collects payment-method details directly and shares with us only the order ID, the slot package purchased, the billing email, and the country/state for tax purposes. We never see or store your full card number.

2. How We Use Your Data

  • To create and operate your account.
  • To process documents you submit and return the requested similarity / AI reports.
  • To process payments, issue receipts, prevent fraud, and comply with tax law.
  • To respond to your support requests.
  • To send transactional emails (e.g. password reset, expiry warning, order confirmation).
  • To detect, investigate and prevent abuse of the Service.
  • To comply with legal obligations.

3. Legal Bases (GDPR)

  • Contract — to provide the Service you signed up for.
  • Legal obligation — to keep tax / accounting records.
  • Legitimate interest — to keep the Service secure and to improve it.
  • Consent — for any optional marketing email (you can unsubscribe at any time).

4. Sharing & Sub-processors

We do not sell your personal data. We share data only with the service providers listed below, each under a data-processing agreement and only to the extent necessary to provide the Service:

  • PayPro Global, Inc. – payment processing & Merchant of Record.
  • Plagiarism-detection engine provider – the third-party similarity-detection service that powers our scans; receives only the document content needed to run the requested scan.
  • Hosting & email-delivery providers – to operate the website and send transactional email.

We may also disclose data when required by law, court order, or to protect the rights, property, or safety of Plag Detect, our users, or the public.

5. International Transfers

Our service providers may process data in countries outside your own, including the United States. Where data is transferred out of the EEA or UK, we rely on the European Commission’s Standard Contractual Clauses or another lawful transfer mechanism.

6. Retention

  • Account data — for the life of your account plus up to 12 months.
  • Uploaded documents & reports — up to 90 days after the scan, then permanently deleted; you can delete them sooner from your dashboard.
  • Billing & tax records — up to 7 years as required by law.
  • Security logs — up to 12 months.

7. Your Rights

Subject to applicable law, you have the right to: access the personal data we hold about you, request correction or deletion, restrict or object to certain processing, request portability of data you provided, and withdraw consent at any time. EEA / UK residents may lodge a complaint with their local supervisory authority. California residents have the additional rights described in the CCPA, including the right to know, the right to delete, and the right not to be discriminated against for exercising those rights.

To exercise any of these rights, email support@plagdetect.org. We may need to verify your identity before acting on the request.

8. Security

We use HTTPS for all traffic, hash passwords with industry-standard algorithms, isolate uploaded files per user, and apply brute-force and CSRF protections. No system is perfectly secure; please use a strong, unique password and notify us immediately if you suspect your account has been compromised.

9. Children

The Service is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us so we can delete it.

10. Changes

We may update this Privacy Policy. Material changes will be announced on the Service or by email at least 14 days before they take effect.

11. Contact

Privacy questions: support@plagdetect.org.