Data Privacy Policy

Last updated: June 16, 2023

This Privacy Policy document contains types of information that is collected and recorded by ImageTwin and how we use it.

Data controller: ImageTwin AI GmbH, Taubstummengasse 11, 1040 Vienna, Austria, [email protected] (referred to as “ImageTwin” or “we”).

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in ImageTwin. This policy is not applicable to any information collected offline or via channels other than this website.


By using our website, you (also referred to as “customer” or “user”) hereby consent to our Privacy Policy and agree to its terms.

Direct Contact

If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

Log Files

ImageTwin follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and are a part of hosting services’ analytics. The information collected by log files includes internet protocol (IP) addresses, browser type, internet service provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.

Third Party Privacy Policies

ImageTwin’s Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options.

You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers’ respective websites.

Processing of Images and PDFs

After submitting images or a PDF (referred to as the data) to our detection service, the data is treated as follows:

  • The data is transferred via TLS-encryption to the server.
  • The data is processed to identify image integrity issues. The results are returned to the User.
  • After the results are returned to the user, the images/PDF is deleted.

Types of data processing

To use our services, you need to create a user account. The following data will be requested:

  • E-Mail-Address
  • Name
  • Address
  • Organization (optional)

How we use your information

We use the information we process in various ways, including to:

  • Provide our services and fulfill our contractual obligations
  • Provide, operate, and maintain our website
  • Improve, personalize, and expand our website
  • Promote our products, services, and other offerings
  • Understand and analyze how you use our website
  • Develop new features, and functionality

Legal bases of data processing & storage period

Below you will find an overview of the legal basis of the GDPR on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection provisions of your or our country of residence or domicile may apply.

  • Consent (Art. 6 para. 1 p. 1 lit. a. GDPR) – You have given his/her consent to the processing of personal data relating to you for a specific purpose or purposes.
  • Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. GDPR) – The processing is necessary for the performance of a contract to which you are a party, or for the performance of pre-contractual measures, which are carried out at your request.
  • Legal obligation (Art. 6 (1) p. 1 lit. c. GDPR) – Processing is necessary for compliance with a legal obligation to which we are subject.
  • Legitimate interests (Art. 6 (1) p. 1 lit. f. GDPR) – Processing is necessary to protect our legitimate interests or a third party’s legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data. 

The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations.

According to § 132 BAO, for example, we are legally obligated to store accounting documents (e.g. invoices, receipts) for a period of at least 7 years (longer in the case of legal disputes).

Uploaded documents (image files, etc.) are not saved. You may have the option to save documents with the associated found plagiarism/manipulations and load them again later within the web application. Whether a document should be saved is optionally selectable by you. The document will then be stored on our server for a maximum of one month and then deleted. Uploaded and saved documents are used by us exclusively for the fulfillment of our contractual obligations.

National data protection regulations in Austria: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Austria. These include the Federal Act on the Protection of Individuals regarding the Processing of Personal Data (Data Protection Act – DSG). In particular, the Data Protection Act contains special regulations on the right to information, the right to rectification or erasure, the processing of special categories of personal data, processing for other purposes and transmission, and automated decision-making in individual cases.

Web analysis, monitoring and optimization

Web analytics (also referred to as “reach measurement”) is used to evaluate the flow of visitors to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can recognize, for example, at what time our online offer or its functions or content are most frequently used or invite re-use. Likewise, we can understand which areas need optimization.

In addition to web analytics, we may also use testing procedures, for example, to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, e.g. data summarized for a usage process, may be created for these purposes and information may be stored in a browser, or in a terminal device, and read from it. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. If you have agreed to the collection of their location data from us or from the providers of the services we use, location data may also be processed.

The IP address of you as the user is also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect you as the user. Generally, in the context of web analysis, A/B testing and optimization, no clear data of the users (such as e-mail addresses or names) are stored, but pseudonyms. That is, we as well as the providers of the software used do not know the actual identity of you as the user, but only the information stored in your profile for the purposes of the respective procedures.

Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status).

Data subjects: You as the user (e.g., website visitors, users of online services).

Purposes of processing: reach measurement (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest/behavior-based profiling, use of cookies); provision of our online offer and user experience.

Security measures: IP masking (pseudonymization of the IP address).

Legal basis: consent (Art. 6 para. 1 p. 1 lit. a) GPDR.

Further notes on processing processes, procedures, and services:

Google Analytics: web analysis, reach measurement as well as measurement of user flows; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR); Website:; Privacy policy:; Order processing agreement:; Standard contractual clauses (ensuring level of data protection for processing in third countries):; Opt-out: Opt-Out Plugin:, Ad Display Settings:; Further Information: (types of processing as well as data processed).

Firebase: Google Firebase is a platform for developers of applications for mobile devices and websites. Google Firebase offers a variety of functions for testing applications, monitoring their functionality and optimizing them (which are presented on the following overview page: The functions include, among other things, the storage of applications including personal data of the app users, such as content created by them or information regarding their interaction with the apps (so-called “cloud computing”). Google Firebase also provides interfaces that allow interaction between application users and other services, e.g. authentication using services such as Facebook, Twitter or using an email password combination; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website:; privacy policy:

Segment: Twilio Segment is a Customer Data Platform (CDP) to collect and use data from the users of a website. The platform assists in analyzing and understanding customer behavior, optimizing marketing strategies, and enhancing the overall customer experience. Segment enables businesses to create detailed customer profiles, track user interactions, and personalize messaging and campaigns; Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR); service provider: Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, United States; website:; privacy policy:

Payment Procedure

In the context of contractual and other legal relationships, due to legal obligations or otherwise based on our legitimate interests, we offer data subjects efficient and secure payment options and use other service providers for this purpose in addition to banks and credit institutions (collectively, “payment service providers”).

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e., we do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the payment service providers transmit the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and the privacy notices of the payment service providers (see below).

For payment transactions, the terms and conditions and data protection notices of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information, and other data subject rights.

Types of data processed: inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contract data (e.g., subject matter of contract, term, customer category); usage data (e.g., websites visited, interest in content, access times); meta, communication and procedural data (e.g., IP addresses, time data, identification numbers, consent status).

Data subjects: you as a customer or prospective customer.

Purposes of processing: provision of contractual services and customer service.

Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).

Further notes on processing processes, procedures, and services:

Stripe: Payment services (technical connection of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legalbasis: Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) GDPR); Website:; Privacy policy:

To Unsubscribe From Our Communications

You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located at the bottom of our e-mails or by contacting us via email to [email protected] or postal mail to ImageTwin AI GmbH, Taubstummengasse 11, 1040 Vienna, Austria. Customers cannot opt-out of receiving transactional emails related to their account with us.

GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

The right to a complaint to a data protection authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the requirements of the GDPR.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please feel free to contact us.