AIAI or Not

Privacy

Last updated: May 11, 2026

The short version

Photos are private by default.When you scan something, the photo is uploaded to a private storage bucket only you can read. It does NOT appear anywhere public unless you explicitly tap “Share to /top” after the scan. If you never opt in, no one else ever sees it.

What we collect

  • Photos you take in the app, stored in a private Supabase storage bucket. Only your authenticated session can read them.
  • GPS coordinates at the moment you tap the shutter (if you grant location permission). Used to drop the pin on your personal map.
  • An anonymous user ID so your scans persist across sessions on the same browser. No email, phone, or name.
  • Votes you cast and scans you opt to share publicly on the global /top feed.
  • Basic logs (IP, user agent, request timestamps) from our CDN for security and debugging. Not sold or shared.

Face blur

Every photo runs through on-device face detection (MediaPipe) in your browser BEFORE upload. Any detected faces are pixelated so the original face never reaches our server. This is not perfect — faces facing away, partially covered, or very small may not be detected. If a face slipped through, you can delete the scan.

Photos that don't make the cut

If Claude classifies the photo as “Not an AI ad” (a selfie, food, random object, an ad for something not AI-related), the photo is deleted immediately from storage and no scan record is saved. Zero persistence.

What we do NOT do

  • We don’t track you across other websites.
  • We don’t sell your data.
  • We don’t collect anything from your camera roll — only the frame you actively capture.
  • We don’t make your photos public unless you tap the opt-in toggle.
  • We don’t process biometric data — faces are blurred, never identified.

Third parties

  • Anthropic— each photo is sent (via a short-lived signed URL) to Claude Haiku for AI-ad classification. Anthropic’s data policy applies to that fetch. The URL expires within 2 minutes.
  • Supabase— database + private storage.
  • Vercel— web hosting + edge functions.
  • Google Maps— map tiles only. Your coordinates are used client-side to render the map.
  • MediaPipe (Google)— face-detection model files served via CDN, run entirely in your browser. No photo data is sent to Google.

Regions

AI or Not is accessible globally. The operator does not actively market to or target users in any specific jurisdiction. See the Terms for the data protection commitments we apply regardless of where you are.

International data transfers

The app’s infrastructure (Supabase, Vercel, Anthropic) is hosted in the United States. If you use AI or Not from outside the US, your scans and request metadata are processed and stored on US-based servers. By using the app you acknowledge this transfer. The operator does not transfer your data to any other third parties.

Deletion

To delete your scans, contact the operator. We’ll wipe all rows tied to your anonymous user ID and the underlying photos from storage. Self-serve delete is on the roadmap.

Contact

Questions, takedown requests, or concerns: open an issue or reach out to the project operator.