AI Photo DetectAI Photo DetectBeta

Resources

Security

We take security seriously at every layer of our platform — from the infrastructure we run on to the way we handle your data.

Our Security Commitment

Our infrastructure relies on SOC 2 Type II certified providers — including Clerk, Neon, Stripe, and Brevo — and our hosting runs on Amazon Web Services, which holds SOC 2 Type II and ISO 27001 certifications. We continuously monitor and harden our systems to protect your images and account data.

Infrastructure & Hosting Security

AI Photo Detect is hosted on Amazon Web Services (AWS), which holds both SOC 2 Type II and ISO 27001 certifications. These independent, third-party audits verify that our hosting provider maintains rigorous controls around availability, confidentiality, and data integrity.

Every third-party service we integrate with is held to the same standard. All core providers carry SOC 2 Type II certification:

Amazon Web ServicesSOC 2 Type II · ISO 27001

Cloud hosting & compute

Security page →
StripeSOC 2 Type II · PCI DSS Level 1

Payment processing

Security page →
ClerkSOC 2 Type II

Authentication & identity management

Security page →
NeonSOC 2 Type II

Serverless PostgreSQL database

Security page →
BrevoSOC 2 Type II

Transactional email delivery

Security page →

Vendor Due Diligence

We review the security posture of all third-party vendors before onboarding them and re-evaluate certifications annually. We only work with providers whose compliance programmes meet or exceed industry standards.

Data Protection

Protecting your images and personal data is central to how we design and operate the platform. Below is an overview of the key controls we have in place.

Encryption in Transit

All data between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across every endpoint and redirect insecure connections automatically.

Encryption at Rest

Images, thumbnails, and associated metadata stored in our database and object storage are encrypted at rest using AES-256, managed by our certified infrastructure providers.

Authentication

User authentication is handled entirely by Clerk, a SOC 2 Type II certified provider. Clerk supports multi-factor authentication (MFA), passkeys, and secure session management.

Access Control

API access requires a valid authentication token scoped to your account. Internal production systems follow the principle of least privilege — engineers have no standing access to production data.

Image Data Retention

Images uploaded for analysis are stored temporarily during processing and are subject to the retention limits described in our Privacy Policy. We do not use your images to train AI models or share them with third parties beyond what is required to perform the detection service.

Reporting a Vulnerability

If you discover a potential security vulnerability in our platform, please disclose it responsibly. We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to investigate and address it.

Contact our security team

We aim to acknowledge all reports within 2 business days and provide a resolution timeline within 5 business days.

Related Policies

Our security practices are complemented by our privacy and legal commitments:

Privacy PolicyTerms of ServiceCookie Policy