Privacy Policy

Last updated: May 20, 2026

This Privacy Policy explains how AI-ID Center ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use:

  • The ai-idcenter.org website
  • The AI-ID Output Connector browser extension

By using our services, you agree to the practices described in this policy.

Section 01

Who We Are

AI-ID Center provides an identity layer for AI-generated content. Our service lets users bind a verifiable identity ("AI-ID") to outputs they create on third-party AI platforms (such as ChatGPT and Gemini), and share those outputs with a public verification link.

AI-ID Center is currently operated as an individual project. We may transition to a registered company in the future, in which case this policy will be updated accordingly and registered users will be notified by email.

Contact: [email protected]

This service is intended for individual users only. We do not knowingly collect data from children under 13 years of age.

Section 02

Information We Collect

We collect the minimum information needed to operate the service. We do not sell your data.

2.1 Account Information (via Clerk)

We use Clerk (clerk.com) as our authentication provider. When you sign in (via Google or email), Clerk stores:

  • Your email address
  • Your chosen username (e.g. @yourname)
  • Your authentication tokens

Clerk handles password storage and session management on our behalf. Their privacy practices are described at clerk.com/privacy. We never see or store your password.

2.2 AI-Generated Content You Choose to Capture

When you click the AI-ID button next to an AI-generated output (e.g. an image on ChatGPT), the AI-ID Output Connector extension sends the following to our servers:

  • The output content itself (e.g. the image, as base64-encoded data)
  • The source URL of the page where you captured it
  • The page title
  • Your prompt text (if visible to the extension)
  • A client timestamp
  • Your username (from your AI-ID account)

This data is captured only when you explicitly click the AI-ID button. We do not capture anything in the background.

2.3 Verification Artifacts

For each captured output, we generate and store:

  • A composite image with a verification band showing your username
  • A unique artifact ID and verification URL
  • The metadata listed in section 2.2

These artifacts are stored on Cloudflare R2 (object storage). They are publicly accessible by anyone who has the verification URL — that is the purpose of the service.

2.4 Extension Storage

The AI-ID Output Connector extension stores the following in your browser's local storage (chrome.storage.local):

  • A short-lived authentication token (JWT) that expires after 15 minutes
  • The timestamp when the token was stored

This data never leaves your browser except when authenticating with our servers. It is automatically deleted when you sign out.

2.5 Website Analytics

We use Cloudflare Web Analytics, which is privacy-friendly and cookieless. It collects aggregate, anonymized visit statistics (page views, country-level location, referrers) without using cookies or tracking individual users. More info: cloudflare.com/web-analytics.

We do not use Google Analytics, Facebook Pixel, or any other third-party tracking.

2.6 Server Logs

Our servers (Cloudflare Workers and Cloudflare Pages) automatically log standard request information (IP address, user agent, timestamp) for security and abuse prevention. These logs are retained for up to 30 days.

Section 03

How We Use Your Information

We use your information only to:

  • Operate the service — authenticate you, generate verification artifacts, serve share pages
  • Bind your identity to outputs — display your username on captured content
  • Prevent abuse — detect and block fraudulent activity using server logs
  • Improve the service — understand aggregate usage patterns via Cloudflare Web Analytics
We do not:
  • Sell your data to any third party
  • Use your data for advertising or marketing profiling
  • Read or capture your AI conversations beyond the specific output you click
  • Track your browsing history
Section 04

The Browser Extension and Its Permissions

The AI-ID Output Connector extension requests the following permissions:

  • storage — to store your authentication token in chrome.storage.local
  • activeTab / host permissions — to inject the AI-ID button into supported AI platforms (currently ChatGPT and Gemini) and to read the specific output you click

The extension:

  • Runs only on supported AI platforms — it does not run on every website you visit
  • Captures content only when you explicitly click the AI-ID button
  • Does not read your browsing history, passwords, or unrelated page content
  • Does not send any data to third parties

When you uninstall the extension, all data stored in chrome.storage.local by the extension is automatically deleted by Chrome.

Section 05

Data Sharing With Third Parties

We share data only with the following service providers, each acting as a processor on our behalf:

Provider Purpose Data shared
Clerk
clerk.com		 Authentication Email, username, sessions
Cloudflare
cloudflare.com		 Hosting, API, file storage, analytics All operational data

We do not share your data for advertising, marketing, or any commercial purpose with any other party.

We may disclose your information if required by law (court order, subpoena, lawful government request).

Section 06

Data Retention

  • Account information (Clerk): Retained as long as your account exists
  • Verification artifacts (R2): Retained indefinitely unless you request deletion (these are intended to remain verifiable long-term)
  • Server logs (Cloudflare): Retained up to 30 days
  • Extension storage (your browser): Cleared on sign-out or extension removal
Section 07

Your Rights

You have the following rights regarding your personal data:

  • Access — Request a copy of the data we hold about you
  • Correction — Ask us to correct inaccurate data
  • Deletion — Ask us to delete your account and associated data
  • Portability — Request your data in a machine-readable format
  • Objection — Object to certain uses of your data

To exercise any of these rights, email us at [email protected] with the subject line "Privacy request: [type]" (e.g. "Privacy request: deletion"). We will respond within 30 days, in line with GDPR Article 12.

Note on deletion

We do not yet offer an in-app "Delete Account" button. Deletion is handled manually upon email request. Upon a verified deletion request, we will:

  • Remove your Clerk account
  • Delete your verification artifacts from Cloudflare R2
  • Remove any associated database records

If you have published verification URLs publicly, links to those artifacts will return a 404 error after deletion.

Section 08

International Users

Our servers are operated by Cloudflare, which uses a global network of data centers. By using our service, you consent to your data being processed in any of these locations.

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the GDPR. The legal basis for our processing is:

  • Contract — to provide you the service you signed up for
  • Legitimate interest — for security, abuse prevention, and aggregate analytics

If you are a California resident, you have rights under the CCPA. We do not sell personal information, and we treat all California user requests as binding under CCPA.

Section 09

Security

We protect your data by:

  • Using HTTPS/TLS for all data in transit
  • Storing authentication tokens with short expiration (15 minutes)
  • Using Clerk's industry-standard authentication infrastructure
  • Hosting on Cloudflare's secure infrastructure with DDoS protection

No system is perfectly secure. If we ever become aware of a data breach affecting your information, we will notify you by email within 72 hours of confirming the breach, in line with GDPR requirements.

Section 10

Children's Privacy

This service is not intended for users under the age of 13. We do not knowingly collect data from children under 13. If you believe we have collected data from a child under 13, please contact us at [email protected] and we will delete it.

Section 11

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the "Last updated" date at the top
  • Post a notice on ai-idcenter.org if the changes are significant
  • For material changes, notify registered users by email

Continued use of the service after changes means you accept the updated policy.

Section 12

Contact

For any questions about this Privacy Policy or your data:

Email: [email protected]

We aim to respond within 7 days, and always within the 30-day GDPR timeframe.

This Privacy Policy was last updated on May 20, 2026.