Content handling.

The promise

Lifecycle of your text

From the moment you click "Detect" to the moment the result is on your screen, here's exactly what happens:

Total time: about 4 seconds for a 1,000-word doc. Total persistent storage of your text: zero bytes.

Training data — what we use, what we don't

Our detection model is trained on:

• Public AI-generated text — outputs from public benchmarks and our own generation runs against ChatGPT, Claude, Gemini, Llama 3.
• Licensed human writing — datasets we've licensed from publishers, including academic, journalistic, and casual writing.
• Open-source corpora — Common Crawl, public-domain literature, OpenWebText.
• Synthetic data — adversarial examples we generate ourselves to harden the model.

Never:

• Your scanned text.
• Your rewritten text.
• Any text submitted to TextSight by any customer.
• Anything scraped from the web without an explicit license.

Saved history (opt-in)

On paid plans, you can click "Save to history" on any scan. When you do:

• Your text is stored encrypted at rest (AES-256), region-pinned to your account's region.
• Only you (and any team members you grant access to) can see it.
• We never look at it. The encryption keys are accessible only to your account.
• You can delete any item or your entire history with one click in Settings → History → Clear.
• On account deletion, your history is purged within 30 days.

Saved history is off by default. You opt in per-scan.

API content

API requests follow the same rules as web scans by default — zero retention. Optional headers:

• X-TS-Store: true — store the scan in your dashboard history (opt-in).
• X-TS-Region: eu — pin processing to our EU region.
• X-TS-Region: us — pin processing to our US region.

If you don't set a region, we route to the lowest-latency region from your IP. Enterprise customers can hard-set a region at the API key level.

Enterprise extras

Enterprise plans get additional content-handling guarantees:

• Customer-managed encryption keys (CMEK) for saved history.
• Region pinning enforced at the API key level (no accidental cross-region calls).
• Custom retention windows for saved history (e.g. auto-delete after 90 days).
• Quarterly audit reports — anonymized stats on your team's usage and retention.
• Mutual NDA available pre-signup.

Region pinning

By default:

• EU customer accounts → all processing in eu-west-1 (Ireland).
• US customer accounts → all processing in us-east-1 (Virginia).
• Rest of world → routed to the closest region for latency.

You can override the default in Settings → Privacy → Region. Enterprise can enforce this at the policy level.

Legal requests

If we receive a valid legal request for customer data (subpoena, court order), here's what we do:

• Verify it's legally valid before responding.
• If it's overly broad, push back through counsel.
• Notify the affected customer, unless legally prohibited from doing so (gag order).
• Provide only the minimum data legally required.

Because we don't retain scan content by default, the most we can typically produce is account info and billing records. We publish a transparency report annually — last year: 3 requests received, 1 partially complied with, 2 narrowed via legal pushback.

Breach protocol

If we suffer a data breach affecting customer data:

• Customers affected get notified within 72 hours (GDPR Art. 33).
• Our security team publishes a postmortem at security.textsight.ai within 14 days.
• Affected accounts get one free year of identity monitoring (US) or equivalent (EU).
• Regulators notified within their required windows.