How we keep your account and your content safe — written plainly, with no claims we can't back up.
TextSight is operated by Lacewing Technologies. We're a focused team, so we keep our security posture simple, transparent, and honest: we describe what we actually do, and we use measured language rather than marketing superlatives. This page explains the controls in place today. If something on this page isn't clear, email security@textsight.ai.
All connections to TextSight — the web app, the marketing site, and our APIs — are served over HTTPS/TLS. We enforce HTTP Strict Transport Security (HSTS) so browsers always connect over an encrypted channel, and all traffic is fronted by Cloudflare for TLS termination and edge protection.
Account data is stored in a managed PostgreSQL database, with Redis used for queues and short-lived job state. Storage volumes are encrypted at rest by our managed-infrastructure providers.
All payments and subscription billing are handled entirely by Stripe, a PCI-DSS compliant payment processor. Your card details are entered directly into Stripe's secure fields — TextSight never sees or stores your full card number. We only keep the non-sensitive billing metadata Stripe returns to us (such as plan, status, and the last four digits) needed to run your subscription.
TextSight runs on established, reputable infrastructure providers, each used for a specific purpose:
| Component | Provider | Purpose |
|---|---|---|
| Application backend | DigitalOcean | App servers & API |
| Marketing site | Vercel | Static marketing & tools pages |
| AI-detection model | Self-hosted (Hetzner, EU) | Dedicated servers running our own detection model |
| Generative features | Anthropic (Claude) API | AI rewriting & generative tools |
| Image / audio detection | Sightengine | Image and audio detection |
| Edge / DNS / TLS | Cloudflare | HTTPS, HSTS, DDoS & edge protection |
| Database | Managed PostgreSQL | Account & application data |
| Queues / cache | Redis | Background jobs & job state |
Our AI-detection model is self-hosted on dedicated servers in the EU (Hetzner) rather than a third-party detection API, which keeps the core detection pipeline under our direct control.
For what these tools collect and how long we keep it, see our Privacy Policy and Cookie Policy.
We ask that you give us a reasonable opportunity to investigate and fix an issue before any public disclosure, avoid accessing or modifying other users' data, and avoid actions that could degrade the service (such as denial-of-service testing or spam). Acting in good faith under this guidance, we won't pursue action against you for your research.
Security and privacy go together. You can review what data we hold and how we use it, and exercise your rights, through these documents:
To request access to or deletion of your data, you can delete saved scans and your account from your settings, or email privacy@textsight.ai.