Privacy Policy

Last updated: March 2026

1. Privacy at a Glance

The following section provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to personally identify you. For detailed information, please refer to the full privacy policy below.

Data collection on our website

Some data is collected automatically by our IT systems when you visit the website — primarily technical data such as your browser, operating system, and the time of your visit. This collection is automatic as soon as you enter the site.

Other data is only collected when you provide it to us — for example, by filling in a contact form or placing an order.

How we use your data

Some data is collected to ensure the website functions correctly. Other data may be used to analyse how visitors use the site, in order to improve our service. Where analysis tools are used, your browsing behaviour is evaluated anonymously wherever possible — it cannot be traced back to you personally.

Your rights

You have the right to receive free information at any time about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction, restriction, or deletion of this data. You can contact us at any time at the address given in the imprint. You also have the right to lodge a complaint with the competent supervisory authority.

2. Controller & Contact

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Benjamin Lohrer
korrektur.de / ai-checker-online.com
Karlsruhe, Germany
E-mail: privacy@ai-checker-online.com

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g. names, email addresses).

3. What Data We Collect

We collect only the personal data that is necessary to provide our service. Depending on how you use the website, this may include:

When you place an order

• E-mail address (to send you the plagiarism or AI detection report)
• Payment data processed by Stripe (we never see your full card number — see Section 6)
• The document you upload for scanning
• Order metadata: scan type, page count, timestamp

When you browse the website

• IP address (anonymised)
• Browser type and version
• Operating system
• Referring URL
• Pages visited and time on site
• Cookie identifiers (only after your explicit consent — see Section 8)

When you contact us

• Name and e-mail address provided in your message
• Content of your enquiry

4. Purposes & Legal Bases

We process your personal data on the following legal bases under Article 6 GDPR:

• Art. 6(1)(b) GDPR — Contract performance: Processing your order, delivering the report to your e-mail address, handling payment, and processing contact form submissions.
• Art. 6(1)(c) GDPR — Legal obligation: Retaining invoices and payment records as required by German commercial and tax law (§ 257 HGB, § 147 AO) for up to 10 years.
• Art. 6(1)(f) GDPR — Legitimate interests: Server log processing to ensure security, stability, and abuse prevention. Embedding of Google Fonts and YouTube for consistent presentation.
• Art. 6(1)(a) GDPR — Consent: Analytics cookies (Google Analytics, Matomo), marketing cookies, and social media plugins — only after you have given explicit consent via the cookie banner or by interacting with the relevant element.

5. Document Processing (Plagiarism Checks)

Documents you upload are forwarded to PlagAware GmbH (Germany) for plagiarism analysis. PlagAware acts as a data processor under Article 28 GDPR. We have a Data Processing Agreement in place with PlagAware.

• Documents are processed solely for the purpose of performing the plagiarism scan.
• Documents are not added to PlagAware's internal comparison database.
• Documents are not stored permanently — they are deleted immediately after the report has been generated.
• Documents are never used to train AI systems or shared with third-party AI companies.
• Data transfer remains within Germany / the EU/EEA — servers are located in Falkenstein and Nuremberg, Germany.

PlagAware's own privacy policy is available at www.plagaware.com/en/privacy.

6. Payment Processing (Stripe)

All payments are processed by Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland). Stripe is an independent data controller for payment data.

• We never receive or store your full card number, CVC, or bank account details.
• Stripe transmits only a payment confirmation token to us upon successful payment.
• Personal data is transmitted to third parties only to the extent necessary for payment processing (Art. 6(1)(b) GDPR). No further transmission takes place unless you have explicitly consented.
• Stripe's privacy policy: stripe.com/privacy.

7. SSL / TLS Encryption

For security reasons and to protect the transmission of confidential content — such as orders or enquiries — this website uses SSL or TLS encryption. You can recognise an encrypted connection by the address bar of your browser changing from http:// to https:// and by the padlock symbol in your browser bar.

When SSL/TLS encryption is active, data you transmit to us cannot be read by third parties.

Our servers are located in Germany (Falkenstein and Nuremberg), operated by Hetzner Online GmbH. All data transfers are fully encrypted.

8. Cookies & Consent (TTDSG)

We use cookies and similar technologies on this website. Cookies do not harm your computer and do not contain viruses. They serve to make our service more user-friendly, more effective, and more secure.

In accordance with § 25 TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz) and the GDPR, we only store non-essential cookies after obtaining your explicit, informed, freely given consent.

Most of the cookies we use are so-called session cookies. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them, allowing us to recognise your browser on your next visit.

You can configure your browser to inform you about cookie placement, allow cookies only in individual cases, exclude cookies for certain cases or in general, and activate automatic deletion of cookies when the browser is closed. Disabling cookies may limit the functionality of the website.

Essential cookies (no consent required, Art. 6(1)(f) GDPR)

These cookies are technically necessary for the website to function correctly. They cannot be disabled.

• cookie_consent — Stores your cookie preferences (expires: 1 year)
• session — Maintains your active session during an order (expires: session end)

Analytics cookies (consent required, Art. 6(1)(a) GDPR)

Only activated if you click "Accept all" or enable the Analytics category in our cookie banner.

• Google Analytics 4 — _ga, _ga_* cookies tracking page views, session duration, and traffic sources. IP anonymisation is enabled. Expires: up to 2 years.
• Matomo — Self-hosted analytics. IP address is anonymised before storage. Data remains on our servers and is not shared with third parties.

Marketing cookies (consent required, Art. 6(1)(a) GDPR)

Only activated if you click "Accept all" or enable the Marketing category.

• Currently no marketing cookies are active. This section will be updated if marketing tools are added in future.

Withdrawing consent

You can change or withdraw your cookie consent at any time by clicking the "Cookie Settings" link in the footer of any page. This will re-open the consent banner where you can adjust or revoke your selections. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

9. Hosting & Server Logs

This website is hosted by Hetzner Online GmbH on servers located in Germany (Falkenstein and Nuremberg). When you visit any page, our web server automatically records the following data in server log files:

• Browser type and browser version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

These logs are processed on the basis of Art. 6(1)(b) GDPR (processing to fulfil a contract or pre-contractual measures) and our legitimate interest (Art. 6(1)(f) GDPR) in the secure and stable operation of the website. Logs are not merged with other data sources and are not used to identify individual users. They are automatically deleted after 90 days.

10. Contact Form

If you send us enquiries via the contact form, your details from the form — including the contact information you provide — will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. We will not share this data without your consent.

The processing of data entered in the contact form is carried out exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time by sending us an informal email. The lawfulness of data processing operations carried out before the revocation remains unaffected.

Data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your enquiry has been fully processed). Mandatory statutory provisions — in particular retention periods — remain unaffected.

11. Google Analytics

If you have consented to analytics cookies, this website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses cookies — text files stored on your computer — that enable analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there.

Storage of Google Analytics cookies is based on Art. 6(1)(a) GDPR (consent). The website operator has a legitimate interest in analysing user behaviour to optimise both the website and advertising.

IP anonymisation

We have activated the IP anonymisation function on this website. This means your IP address is truncated by Google within member states of the European Union or other states party to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other data from Google.

Demographic features

This website uses the "demographic features" function of Google Analytics. This allows reports to be generated that contain statements on age, gender, and interests of site visitors. This data comes from interest-based advertising by Google as well as visitor data from third-party providers. This data cannot be assigned to any specific person. You can disable this function at any time via the ad settings in your Google account.

Data processing agreement

We have concluded a Data Processing Agreement with Google (Art. 28 GDPR). Data is processed in the USA under the EU–US Data Privacy Framework (adequacy decision of 10 July 2023).

You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, and the processing of this data by Google, by downloading and installing the browser plugin available at: tools.google.com/dlpage/gaoptout.

More information on how Google handles user data in Google Analytics: support.google.com/analytics/answer/6004245.

12. Matomo

If you have consented to analytics cookies, this website also uses Matomo (formerly Piwik), an open-source web analytics service. Matomo uses cookies — text files stored on your computer — that enable analysis of your use of the website.

The information generated by the cookie about your use of this website is stored on our own server in Germany. The IP address is anonymised before storage. Matomo cookies remain on your device until you delete them.

Matomo analytics data is not passed on to third parties. Unlike Google Analytics, all data stays on our own servers and is under our full control.

Storage of Matomo cookies is based on Art. 6(1)(a) GDPR (consent). You can prevent the storage and use of your data by withdrawing analytics consent at any time via the cookie banner.

13. Social Media Plugins

Our website embeds social media plugins. These plugins are disabled by default and only activated after you give explicit consent, or when you click on an embedded element.

Instagram

Our pages include functions from the Instagram service, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our pages with your user account. We draw your attention to the fact that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram. Privacy policy: instagram.com/about/legal/privacy.

LinkedIn

Our website uses functions of the LinkedIn network, provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you visited our website with your IP address. If you click the LinkedIn "Recommend" button and are logged into your LinkedIn account, LinkedIn can associate your visit to our website with you and your user account. We draw your attention to the fact that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn. Privacy policy: linkedin.com/legal/privacy-policy.

14. YouTube

Our website uses plugins from the YouTube site operated by Google. The site operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to YouTube's servers is established. The YouTube server is informed which of our pages you have visited.

If you are logged into your YouTube account, you allow YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offering. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR. YouTube's privacy policy: policies.google.com/privacy.

15. Google Maps

This site uses the map service Google Maps via an API, provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

Google Maps is used in the interest of an appealing presentation of our online offering and to make it easy to find the locations specified on our website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Google's privacy policy: policies.google.com/privacy.

16. Newsletter

If you wish to subscribe to the newsletter offered on our website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis.

We use this data exclusively for the purpose of sending the requested information and do not share it with third parties. The processing of data entered in the newsletter registration form is carried out exclusively on the basis of your consent (Art. 6(1)(a) GDPR).

You can revoke your consent to the storage of data, your email address, and its use for sending the newsletter at any time — for example via the "Unsubscribe" link in the newsletter. The lawfulness of data processing operations already carried out remains unaffected by the revocation.

Data stored by us for the purpose of receiving the newsletter will be stored until you unsubscribe from the newsletter and deleted after unsubscription.

17. Third-Party Services Overview

We use the following third-party services that may process personal data. Where a dedicated section exists above, refer to that for full details.

• PlagAware GmbH (Germany) — Document processor for plagiarism analysis (Section 5)
• Stripe Payments Europe, Ltd. (Ireland) — Payment processing (Section 6)
• Hetzner Online GmbH (Germany) — Web hosting, servers in Falkenstein & Nuremberg (Section 9)
• Google LLC (USA) — Google Analytics, Google Fonts, YouTube, Google Maps (Sections 11, 14, 15)
• Instagram Inc. / Meta Platforms (USA) — Social media plugin (Section 13)
• LinkedIn Corporation (USA) — Social media plugin (Section 13)

We do not sell, rent, or otherwise share your personal data with third parties for their own marketing purposes. Data is only transmitted to third parties where this is necessary for contract processing, or where you have given explicit consent.

18. Data Retention

• Order data & invoices: Retained for 10 years to comply with German commercial (§ 257 HGB) and tax law (§ 147 AO).
• E-mail address (for report delivery): Deleted after successful delivery of your report, unless you have subscribed to our newsletter.
• Uploaded documents: Deleted from our systems and from PlagAware's servers immediately after report generation.
• Plagiarism reports: Deleted from our systems immediately after delivery to your email.
• Server logs: Deleted automatically after 90 days.
• Contact form data: Deleted once the matter is fully resolved, unless statutory retention periods apply.
• Newsletter data: Retained until you unsubscribe; deleted after unsubscription.
• Cookie consent records: Stored in your browser's localStorage for 1 year, then automatically expired.

Customer data collected during the order process is deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

19. Your Rights Under GDPR

Under the GDPR, you have the following rights with respect to your personal data:

• Right of access (Art. 15 GDPR): You may request free information at any time about the origin, recipients, and purpose of your stored personal data, as well as a copy of that data.
• Right to rectification (Art. 16 GDPR): You may request correction of inaccurate data.
• Right to erasure (Art. 17 GDPR): You may request deletion of your data, subject to applicable retention obligations.
• Right to restriction (Art. 18 GDPR): You may request that processing be restricted in certain circumstances.
• Right to data portability (Art. 20 GDPR): You may request your data in a structured, commonly used, machine-readable format, or request direct transmission to another controller where technically feasible.
• Right to object (Art. 21 GDPR): You may object at any time to processing based on legitimate interests.
• Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time by sending us an informal email. The lawfulness of processing carried out before withdrawal remains unaffected. To withdraw cookie consent specifically, use the Cookie Settings link in the footer.

To exercise any of these rights, please contact us at privacy@ai-checker-online.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.

20. Supervisory Authority

In the event of data protection violations, you have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection matters is the data protection commissioner of the German federal state in which our company is headquartered.

For Baden-Württemberg (our state of registration), the competent authority is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart, Germany
www.baden-wuerttemberg.datenschutz.de

A list of all data protection commissioners and their contact details can also be found at: bfdi.bund.de.

21. Opposition to Advertising Emails

The use of contact data published as part of the imprint obligation to send unsolicited advertising and information materials is hereby expressly prohibited. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example via spam emails.

22. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our services, technology, or legal requirements. We will post the updated version on this page with a new "Last updated" date at the top. We encourage you to review this policy periodically.

Material changes that affect your rights will be communicated via a notice on the website or, where we have your e-mail address, by e-mail.