Privacy Policy

Last updated: January 1, 2026  |  Effective: January 1, 2026

EssayHumanizer.ai ("we," "us," or "our") is operated by EssayHumanizer.ai Ltd. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at essayhumanizer.ai, use our API, or access any related services (collectively, the "Service"). Please read this policy carefully. By using the Service, you agree to the practices described here.

1. Information We Collect

1.1 Information You Provide Directly

Account information: If you create an account, we collect your email address and a hashed password. We do not store passwords in plain text. We may also collect an optional display name.

Payment information: Paid plan subscriptions are processed entirely by our third-party payment processor (Stripe). We never receive, store, or handle raw credit card numbers, bank account details, or payment card security codes. Stripe provides us only with a non-sensitive payment token and your billing email.

Contact form submissions: If you contact us at hello@essayhumanizer.ai or through our contact page, we receive the content of your message, your email address, and any other information you choose to include.

1.2 Text You Submit for Humanization — Critical Notice

Text you submit to our humanization tool is processed in real-time by our servers and the underlying language model API (OpenAI). We do not store, log, persist, or retain submitted text after your session request is complete. Your text is transmitted to our server, processed, the humanized output is returned to you, and both the input and output are immediately discarded from our systems. We do not use your submitted text to train any model, and we do not share it with any third parties other than the underlying AI processing API (OpenAI) under their data processing agreement, which also prohibits training on API inputs.

1.3 Automatically Collected Information

Usage data: We collect anonymized, aggregate usage metrics through our internal analytics infrastructure (no third-party trackers). This includes: pages visited, tool usage frequency, general geographic region (country-level only, derived from Cloudflare's geolocation header), device type (mobile/desktop), and anonymized session duration. We do not build individual user profiles from this data.

Log data: Our web server logs may temporarily record your IP address, browser type, referrer URL, and timestamps for the purpose of security monitoring, abuse prevention, and rate limiting. These logs are retained for a maximum of 30 days and then automatically purged.

Cookies: We use strictly necessary cookies to maintain your session and preferences (e.g., selected humanization mode, tone settings). We do not use advertising cookies, tracking pixels, or fingerprinting. We do not use Google Analytics, Facebook Pixel, or similar third-party tracking tools. Our cookie usage qualifies as "strictly necessary" under GDPR and does not require a consent banner, though we display one for transparency.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve the Service;
  • To process transactions and send subscription-related communications;
  • To respond to your support requests and communications;
  • To detect, investigate, and prevent fraudulent, abusive, or illegal activity;
  • To enforce our Terms of Service and acceptable use policies;
  • To analyze aggregate, anonymized usage trends to improve the Service;
  • To send transactional emails (e.g., receipts, password resets) — we do not send unsolicited marketing emails without your explicit opt-in.

We do not sell your personal information to third parties. We do not use your data for targeted advertising. We do not share your information with data brokers.

3. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, our legal bases for processing personal data are:

  • Contract performance: Processing necessary to deliver the Service you signed up for (account management, payment processing, API delivery).
  • Legitimate interests: Security monitoring, fraud prevention, aggregate analytics — balanced against your privacy rights.
  • Legal obligation: Compliance with applicable laws and regulations.
  • Consent: For any optional data uses (e.g., marketing emails), where we ask for and rely on your explicit consent, which you may withdraw at any time.

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We share data only in the following limited circumstances:

  • Service providers: We use Cloudflare (infrastructure, CDN, DDoS protection), OpenAI (API text processing), and Stripe (payment processing). Each operates under a data processing agreement that limits their use of your data to delivering their services to us.
  • Legal requirements: If required by law, court order, or governmental authority — we will notify you unless legally prohibited from doing so.
  • Business transfer: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice and an opportunity to opt out before your data is subject to a different privacy policy.
  • Protection of rights: To protect the rights, property, or safety of EssayHumanizer.ai, our users, or the public, where disclosure is necessary.

5. Data Retention

Submitted text: Not retained. Deleted immediately after each API response.

Account data: Retained as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it by law (e.g., billing records for tax compliance, retained for up to 7 years per applicable law).

Server logs: Retained for up to 30 days for security purposes, then automatically purged.

Payment records: Billing transaction records retained for 7 years for tax and accounting compliance. These records contain only tokenized payment references, not raw card data.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to our legal retention obligations.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Data portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting lawfulness of prior processing.
  • California residents (CCPA): Right to know, right to delete, right to opt-out of sale (we do not sell data), and right against discrimination for exercising these rights.

To exercise any of these rights, email us at privacy@essayhumanizer.ai. We will respond within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before fulfilling your request.

7. Security

We implement appropriate technical and organizational measures to protect your information: TLS 1.3 encryption in transit, AES-256 encryption at rest for any stored account data, rate limiting and DDoS protection via Cloudflare, regular security audits, and strict access controls limiting data access to authorized personnel on a need-to-know basis. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. We will notify affected users of any data breach in accordance with applicable law.

8. International Data Transfers

Our infrastructure is hosted on Cloudflare Workers, which may process data in multiple geographic regions. If you are located in the EEA or UK, your data may be transferred to countries outside the EEA/UK (including the United States). We ensure such transfers comply with applicable data protection law through Standard Contractual Clauses (SCCs) or other approved transfer mechanisms.

9. Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at privacy@essayhumanizer.ai and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with a revised "Last updated" date, and by sending an email notification to registered users. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

11. Contact Us

For privacy-related questions, requests, or concerns:

Email: privacy@essayhumanizer.ai

General contact: hello@essayhumanizer.ai

Website: essayhumanizer.ai/contact

If you are in the EEA and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.