User Rights

Your Rights and How to Exercise Them

Last Updated: December 2025

---

Your Privacy Rights

As a qwip user, you have comprehensive rights over your data. This document explains what rights you have and exactly how to exercise them.

Core Principle: You are in control. We've designed qwip so you can easily manage your privacy.

---

Table of Contents

1. Right to Privacy
2. Right to Know
3. Right to Delete
4. Right to Opt-Out
5. Right to Access
6. Right to Correct
7. Right to Portability
8. Right to Object
9. Right to Non-Discrimination
10. Right to Lodge a Complaint

---

1. Right to Privacy

What it means: Your images and browsing activity stay private.

How We Protect This Right

✅ Local Processing Only

• All AI detection runs in your browser
• Images never uploaded to servers
• No screenshots, no thumbnails, no pixel data

✅ No Tracking

• No browsing history collected
• No website URLs logged
• No IP address tracking

✅ Anonymous by Default

• Random session IDs (can't identify you)
• No account required
• No email collection

This Is Automatic

You don't need to do anything. Privacy is built into how qwip works.

Verification:

• View our open source code
• Check your browser's Network tab (images never sent)
• Review Security Practices

---

2. Right to Know

What it means: You have the right to know what data we collect about you.

What We Collect

Anonymous Session Analytics:

• Session ID: Random UUID (e.g., a3f2b1c4-5d6e-...)
• Images Analyzed: Count only (e.g., 47)
• Model Preference: Which model you use (e.g., "cifake")

Optional (if you enable "Contribute to Database"):

• Image Hashes: Cryptographic fingerprints (cannot reverse to image)
• Detection Results: AI/Real labels with confidence scores

What We DON'T Collect

• ❌ Your images
• ❌ Your name, email, or contact info
• ❌ Your browsing history
• ❌ Your location or IP address

How to Access Full Details

Read our documentation:

• Privacy Overview - Quick summary
• Data Collection - Comprehensive breakdown
• Security Practices - Technical details

No request needed - all information is publicly documented.

---

3. Right to Delete

What it means: You can delete your data anytime.

Option 1: Clear Session Data (Immediate)

How:

1. Click the qwip extension icon
2. Go to Settings tab
3. Click "Clear Session Data" button
4. Confirm deletion

What happens:

• ✅ Your session ID is deleted immediately
• ✅ New random ID generated on next use
• ✅ Previous ID becomes orphaned (can't be linked to you)

Result: Immediate deletion from local storage. Server data becomes anonymous orphan.

Option 2: Uninstall Extension (Complete Removal)

How:

1. Right-click qwip extension icon
2. Select "Remove from Chrome"
3. Confirm deletion

What happens:

• ✅ All local data cleared (session ID, stats, settings)
• ✅ Server still has orphaned session ID (anonymous, can't link to you)
• ✅ Image hashes remain in database (no way to identify which were yours)

Option 3: Request Server Data Deletion

How:

Email: privacy@qwip.io

Include:

• Your anonymous session ID (if you know it)
• Or request deletion of all orphaned data

Response time: 7 days maximum

What happens:

• ✅ We delete the specific session ID from our database
• ✅ We confirm deletion via email

Can We Refuse Deletion?

No. Under GDPR Art. 17 and CCPA, you have an absolute right to deletion (with very limited exceptions that don't apply to us).

We will always delete your data upon request.

---

4. Right to Opt-Out

What it means: You can disable all server communication and tracking.

Option 1: Disable Server Features

How:

1. Open qwip extension → Settings tab
2. Toggle OFF: "Server-Assisted Detection"
3. Toggle OFF: "Contribute to Database"

Result:

• ✅ 100% local-only processing
• ✅ Zero data sent to servers
• ✅ No analytics tracking
• ✅ Still works (slightly lower accuracy without crowdsourced data)

Option 2: Monitor Network Activity

Verify no data is sent:

1. Open browser DevTools (F12)
2. Go to Network tab
3. Use qwip to detect images
4. Check for requests to api.qwip.io

Expected:

• With server features ON: You'll see requests (only hashes, no images)
• With server features OFF: Zero network requests

This Is Permanent

Once you disable server features, they stay disabled until you manually re-enable them.

---

5. Right to Access

What it means: You can access all data we have about you.

Option 1: View Local Data (Immediate)

How:

1. Open qwip extension → Click extension icon
2. View popup stats:
   • Images analyzed count
   • Current model
   • Server status

For detailed local data:

1. Open Chrome DevTools (F12)
2. Go to Application tab
3. Expand Storage → Local Storage
4. Click on extension ID
5. View all stored data

What you'll see:

{
  "sessionId": "a3f2b1c4-5d6e-7f8g-9h0i-1j2k3l4m5n6o",
  "aiCount": 47,
  "currentModel": "cifake",
  "serverAssisted": true,
  "contributeToDatabase": true
}

Option 2: Request Server Data

How:

Email: privacy@qwip.io

Subject: GDPR Access Request (or CCPA Access Request)

Include:

• Your anonymous session ID (find in local storage)
• Confirmation that you're the user

Response time: 30 days maximum (usually faster)

What we'll send:

{
  "session_id": "a3f2b1c4-5d6e-...",
  "first_seen": "2025-12-20T14:22:00Z",
  "last_seen": "2025-12-28T10:30:00Z",
  "total_images_analyzed": 47,
  "preferred_model": "cifake"
}

No Cost

Accessing your data is always free. We don't charge for access requests.

---

6. Right to Correct

What it means: You can correct inaccurate data.

Our Position

Not applicable - we don't store personal data that could be inaccurate.

What we store:

• Session ID (random, no concept of "correct" or "incorrect")
• Image count (automatically accurate)
• Model preference (automatically reflects your choice)

If you believe data is wrong:

Email: privacy@qwip.io

We'll investigate and correct any errors.

---

7. Right to Portability

What it means: You can export your data in a machine-readable format.

Option 1: Export Local Data (Immediate)

How:

1. Open Chrome DevTools (F12)
2. Go to Application tab → Local Storage
3. Right-click your data → Copy
4. Paste into a text file → Save as JSON

What you get:

{
  "sessionId": "a3f2b1c4-5d6e-7f8g-9h0i-1j2k3l4m5n6o",
  "aiCount": 47,
  "currentModel": "cifake",
  "serverAssisted": true,
  "contributeToDatabase": true,
  "webgpuEnabled": false
}

Option 2: Request Server Data Export

How:

Email: privacy@qwip.io

Subject: Data Portability Request

Response: JSON file with all server data

Format: Machine-readable JSON (GDPR Art. 20 compliant)

---

8. Right to Object

What it means: You can object to how we process your data.

How to Object

You can object to:

• Analytics tracking (session ID, usage stats)
• Database contributions (image hashes)
• Any processing you disagree with

How:

1. Immediate: Disable server features in settings
2. Formal objection: Email privacy@qwip.io

Our Response

We will:

1. Acknowledge your objection within 48 hours
2. Stop processing your data immediately
3. Delete existing data (if requested)
4. Confirm compliance

We will NOT:

• ❌ Ask you to justify your objection
• ❌ Continue processing despite objection
• ❌ Discriminate against you

---

9. Right to Non-Discrimination

What it means: We can't discriminate against you for exercising your rights.

Our Commitment

You have the right to:

• Exercise any privacy right without penalty
• Delete your data without losing service access
• Opt-out of tracking without reduced functionality

We will NOT:

• ❌ Deny service for exercising rights
• ❌ Charge different prices
• ❌ Provide different quality of service
• ❌ Suggest you'll receive inferior service

All Features Always Available

Regardless of your privacy choices:

• ✅ All detection models available
• ✅ All settings accessible
• ✅ Full extension functionality
• ✅ Same update frequency

The only difference:

• With server features OFF: Slightly lower accuracy (no crowdsourced data)
• With server features ON: Slightly higher accuracy (database lookups)

Your choice, no penalties.

---

10. Right to Lodge a Complaint

What it means: You can complain to a supervisory authority if you believe we violate privacy laws.

Contact Us First

We encourage you to contact us first:

Email: privacy@qwip.io

We'll:

1. Investigate your concern within 48 hours
2. Resolve the issue if possible
3. Explain our reasoning if we disagree

Most issues can be resolved quickly through direct communication.

Supervisory Authorities

If you're unsatisfied with our response, contact:

European Union / EEA:

• Your country's Data Protection Authority
• List of EU DPAs

United Kingdom:

• Information Commissioner's Office (ICO)
• https://ico.org.uk/make-a-complaint/

California (USA):

• California Attorney General
• https://oag.ca.gov/privacy/ccpa

Other Countries:

• Check your local data protection authority

How to File a Complaint

Include:

• Your concern (what privacy right was violated)
• Evidence (screenshots, correspondence)
• What you want us to do differently
• Any responses we've already provided

Supervisory authorities will:

• Investigate your complaint
• Contact us for our response
• Make a determination
• Potentially impose penalties

We take all complaints seriously and will cooperate fully with regulators.

---

Quick Reference Guide

Common Actions

I Want To...	How	Time
See what data you have	Email privacy@qwip.io	30 days
Delete my data	Settings → Clear Session Data	Immediate
Stop all tracking	Settings → Disable server features	Immediate
Export my data	DevTools → Local Storage → Copy	Immediate
Uninstall completely	Remove from Chrome	Immediate
File a complaint	Contact supervisory authority	Varies

---

Contact Information

Privacy Questions: privacy@qwip.io

Security Issues: security@qwip.io

General Inquiries: hello@qwip.io

Data Protection Officer (when appointed): dpo@qwip.io

---

Response Times

We commit to these maximum response times:

Request Type	Maximum Response Time
GDPR access request	30 days
GDPR deletion request	7 days (usually immediate)
CCPA request	45 days
General privacy question	5 business days
Security issue	48 hours

---

Your Rights Are Protected by Law

These rights are not just our policy - they're legally enforceable under:

• GDPR (EU/EEA/UK) - Articles 15-22
• CCPA (California, USA) - Sections 1798.100-1798.145
• PIPEDA (Canada)
• LGPD (Brazil)
• Privacy Act (Australia)
• And many other jurisdictions

We respect your rights and make them easy to exercise.

---

Last Updated: December 2025