Privacy Policy
Effective March 31, 2026
At PlagiarismChecker (plagiarismchecker.so), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address (required for account creation and password recovery)
- Password (hashed using bcrypt, never stored in plaintext)
- Account name or display name (optional)
1.2 Scan Text Data
When you submit text for plagiarism scanning:
- The text you submit is NOT stored after processing completes
- We retain only metadata: plagiarism score, verdict, detected source URLs, word count, and scan timestamp
- Text is processed in-memory only and discarded immediately after similarity analysis
- Anonymous scans (without account login) are treated identically—text is never stored
1.3 API Usage Data
If you use our API:
- API key (hashed, stored securely with SHA-256)
- API request logs (timestamp, endpoint, status code, response time, credits used)
- No request body or response body is logged
1.4 Device & Usage Information
We automatically collect:
- IP address (for rate limiting and fraud prevention)
- Browser type, version, and operating system
- Referring URL and pages visited
- Session duration and interaction patterns
1.5 Cookies
We use only session cookies:
auth-token— Authentication token (expires when you log out)session-id— Session identifier (expires after 24 hours of inactivity)- No third-party tracking cookies or advertising cookies
2. How We Use Your Information
We use collected information for:
- Account creation, authentication, and access control
- Providing plagiarism detection services
- Maintaining and improving our platform
- Sending transactional emails (password reset, subscription confirmations, scan results)
- Rate limiting and fraud prevention
- Compliance with legal obligations
We do NOT use your information for: marketing emails (unless you opt in), selling to third parties, or building marketing profiles.
3. Third-Party Services & Data Sharing
We use the following third-party services. Your submitted text is never shared with these services, but metadata may be:
Authentication & Database
Stores account credentials (email, hashed password), billing info, and scan metadata. All data encrypted at rest and in transit.
Cache Infrastructure
Caches search results and page content for up to 24 hours. Data is encrypted in transit and auto-expires.
Search Infrastructure
We send short search queries (extracted phrases, NOT full text) to our search provider to find potential source documents.
Application Hosting
Our hosting provider maintains server logs including IP, user agent, and request metadata.
Important: Your submitted text (the content being scanned) is never transmitted to any third party in full. Only short extracted phrases are sent to our search provider.
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Submitted text | Not stored (discarded after processing) |
| Scan metadata (score, sources, timestamp) | Stored indefinitely (until account deletion) |
| API request logs | 90 days |
| Cache data | 24 hours (search results), 12 hours (page content) |
| Account data (email, password) | Until account deletion + 30 days (backup recovery) |
| Deleted account data | Permanently deleted after 30 days |
5. Your Privacy Rights
5.1 Access Your Data
You can view your account information, API keys, and scan history in your Dashboard at any time.
5.2 Export Your Data
You can request a copy of all your data (account info, scan history, metadata) in machine-readable format. Email privacy@plagiarismchecker.so with "Data Export Request" and we'll send it within 30 days.
5.3 Delete Your Account
You can delete your account from Settings. This will immediately remove all account data, API keys, and scan history. Deletion is permanent.
5.4 Withdraw Consent
If you consented to optional communications, you can withdraw consent at any time by updating preferences in Settings or emailing privacy@plagiarismchecker.so.
5.5 GDPR Rights (EU Users)
If you are in the EU, you have rights under GDPR including access, correction, deletion, portability, and objection. Contact privacy@plagiarismchecker.so to exercise these rights.
6. Security
We implement industry-standard security measures:
- SSL/TLS encryption for all data in transit (HTTPS)
- Password hashing using bcrypt (salted, not reversible)
- API key hashing using SHA-256 (never stored in plaintext)
- In-memory processing — text is never written to disk
- Rate limiting to prevent abuse and brute-force attacks
- Row-Level Security (RLS) at the database level to isolate user data
No security system is 100% secure. If you discover a vulnerability, please report it to security@plagiarismchecker.so.
7. GDPR Compliance
We comply with GDPR (General Data Protection Regulation) for users in the European Union:
- Lawful basis: Account creation (contract), service provision (contract), fraud prevention (legitimate interest)
- Data Processing Addendum: Available upon request. Contact legal@plagiarismchecker.so
- EU Representative: Contact us at privacy@plagiarismchecker.so
8. Children's Privacy
PlagiarismChecker is not intended for users under 13 years old. We do not knowingly collect information from children. If we discover we have collected data from someone under 13, we will immediately delete it. If you believe a child under 13 has provided information, contact privacy@plagiarismchecker.so.
9. Policy Changes
We may update this Privacy Policy to reflect changes in law, technology, or our practices. Material changes will be announced via email to registered users. Your continued use of PlagiarismChecker after changes constitutes acceptance of the updated policy.
10. Contact Us
For privacy questions, requests, or complaints:
Privacy Inquiries: privacy@plagiarismchecker.so
Security Vulnerabilities: security@plagiarismchecker.so
Legal Requests: legal@plagiarismchecker.so
We aim to respond to all inquiries within 10 business days.
Last updated: March 31, 2026