Privacy Policy

Last updated: January 25, 2026

1. Overview

AI or Nah ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

2. Information We Collect

2.1 Information You Provide

When you use our Service, you provide:

  • Instagram usernames or URLs you submit for analysis

We do NOT collect: Names, email addresses, passwords, or any personal identification.

2.2 Automatically Collected Information

We automatically collect:

  • Device Fingerprint: Browser-based fingerprint to track free tier usage (no IP address included)
  • Usage Data: Timestamps of when you checked accounts
  • Technical Data: Browser type, device type (for mobile-only enforcement)

2.3 Payment Information

If you purchase credits, we collect your email address for account access. Payment information (credit card details) is processed directly by Stripe and never stored on our servers.

2.4 Publicly Available Data

When you submit an Instagram username, we retrieve publicly available information from that Instagram profile using third-party scraping services. This includes profile photos, post images, captions, follower counts, and engagement metrics. We only access data that is publicly visible without authentication.

3. How We Use Your Information

We use collected information to:

  • Provide and operate the Service (AI-generated image detection)
  • Enforce free tier limits (3 lifetime checks per device)
  • Process payments and manage credit balances
  • Send verification codes for passwordless authentication
  • Cache analysis results to improve performance and reduce API costs
  • Monitor and analyze usage patterns to improve the Service
  • Detect and prevent abuse or violations of our Terms of Service

4. Data Storage and Retention

Cached Results: Analysis results are stored in our database and remain accessible until 90 days of inactivity (no views). After 90 days, results are automatically deleted.

Downloaded Images: We download and store analyzed Instagram images on our servers to avoid hotlinking. These images are deleted when their associated analysis result expires.

Device Fingerprints: Browser fingerprints are stored to track free tier usage. These are retained indefinitely to prevent abuse.

Customer Accounts: If you purchase credits, your email and credit balance are stored indefinitely. You can request deletion by contacting us.

Verification Codes: Email verification codes expire after 10 minutes and are automatically deleted.

5. Data Sharing and Third Parties

We do NOT sell your data to third parties.

We share data only with:

  • Service Providers: We use third-party services (Apify for Instagram scraping, Sightengine for AI detection, Supabase for data storage, Stripe for payment processing, Resend for email delivery) to operate the Service. These providers may access data necessary to perform their functions.
  • Payment Processor: When you purchase credits, Stripe processes your payment information. We never see or store your credit card details. Stripe's privacy policy applies to payment data.
  • Public Results: Analysis results are publicly accessible via shareable URLs (e.g., aiornah.ai/check/username). Anyone with the link can view results.
  • Legal Requirements: We may disclose information if required by law or in response to valid legal requests.

6. Cookies and Tracking

We use minimal cookies for essential functionality. Our session cookie (aion_session) is used for passwordless authentication and expires after 30 days. We also use localStorage to store a device token for free tier tracking. We do NOT use tracking cookies for advertising or analytics purposes.

7. Your Rights

You have the right to:

  • Access: View any cached results associated with usernames you've searched
  • Deletion: Cached results automatically expire after 90 days of inactivity
  • Opt-Out: Simply don't use the Service if you don't agree with this policy

Note: Since we don't collect personal identification (no accounts/emails), we cannot identify or delete data tied to specific individuals beyond IP-based rate limit data.

8. Security

We implement reasonable security measures to protect data from unauthorized access, alteration, or disclosure. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected such information, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us through our website.

🔒 Privacy Summary

We collect minimal data: usernames you search and your IP address (for rate limits). We don't sell your data. Results are public via shareable links. Data expires after 90 days of inactivity. That's it!