Privacy information

Who is responsible

The controller for the processing of personal data in connection with this demo is:

ACMC

63 Glaslynn Apartments
97 Howth Road
D03DD43 Dublin 3
Ireland

You can reach us for privacy-related requests at research@acmc.fyi.

What personal data we process

• Content you submit. The full text you paste or type for analysis, and any optional labels or ratings you provide in the feedback form.
• Model outputs. Verdicts, scores, highlighted spans ("tells"), explanations, and related technical outputs produced when we run our pipeline on your text.
• Technical metadata. Identifiers we generate for each run (for example a job id), timestamps, and similar data needed to operate the service and to link feedback to a prior run.
• Server and hosting logs. Our hosting provider may process connection metadata (for example IP address, user agent, time of access) when you contact the service. We configure the service to minimise collection where we can, but we do not control every default log field of the platform.

We store the submitted text and model outputs whenever you run the pipeline, not only when you send optional feedback. Feedback adds your corrections and ratings on top of that record.

Please do not submit special categories of personal data under Article 9 GDPR (for example health, biometric data used to identify you, or data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, sex life, or sexual orientation) unless you have a clear legal basis and we have agreed in writing. This demo is not intended for that kind of information.

Purposes of processing

• Operating this interactive demonstration and returning results to you.
• Scientific research and development, including training, fine-tuning, evaluation, and error analysis of our models and methods.
• Improving robustness, calibration, and interpretability of the system using stored examples.
• Maintaining the security and integrity of the service (for example abuse detection at infrastructure level).

Legal basis

We rely on Article 6(1)(f) GDPR (legitimate interests) to process the data described above: operating a public research demo, building and evaluating interpretable AI-text analysis methods, and keeping a record of inputs and outputs for reproducible research and system improvement. Where national law treats scientific research as a separate ground, we may also rely on provisions implementing Article 89 GDPR together with applicable research exemptions, where available.

When we balance our interests against your interests, we take into account that the service is voluntary, the privacy information is provided here, and you can exercise your rights below (including objection under Article 21 GDPR and erasure where applicable).

Recipients and processors

We use infrastructure providers who process personal data on our instructions (processors under Article 28 GDPR). Depending on deployment, this may include Google Cloud (for example Cloud Run for hosting, and Firestore or similar storage if enabled). Their processing is governed by our agreement with them, including the Google Cloud data processing terms and, where applicable, standard contractual clauses for transfers. See Google Cloud Data Processing Addendum.

If the pipeline calls external model APIs (for example for scoring), those providers receive only the portions of text or model payloads required for that call, under their terms and privacy notices.

International transfers

Your data may be processed in the European Economic Area and, depending on configuration, in other countries where our processors operate (for example the United States). Where the European Commission has not issued an adequacy decision, we rely on appropriate safeguards under Chapter V GDPR (for example standard contractual clauses) provided by our processors, unless another derogation applies.

Representative in the European Union (Article 27 GDPR)

The controller is established in Ireland (European Union). Article 27 GDPR (representative of controllers not established in the Union) does not apply to us on that ground.

Retention

We keep stored submissions and derived model outputs only as long as necessary for the purposes described above, including scientific evaluation and model improvement. In practice we aim to delete or irreversibly anonymise data when it is no longer needed for those purposes, and in any case within a reasonable window (for example up to twenty-four months) unless a longer period is required by law or for the establishment, exercise, or defence of legal claims.

Your rights

Subject to conditions in the GDPR, you may have the following rights:

• Right of access (Article 15 GDPR)
• Right to rectification (Article 16 GDPR)
• Right to erasure ("right to be forgotten") (Article 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to data portability (Article 20 GDPR), where technically feasible
• Right to object (Article 21 GDPR), including to processing based on legitimate interests
• Right to withdraw consent, where we ever rely on consent for specific processing

To exercise these rights, contact us at research@acmc.fyi. We may need to verify your request in line with applicable law.

Automated processing

The demo produces automated assessments about text style and possible machine authorship. This output is not used as the sole basis for decisions with legal or similarly significant effects on you within the meaning of Article 22 GDPR; it is an experimental research interface.

Children

The service is not directed at children under 16. If you believe a child has provided personal data, contact us at research@acmc.fyi and we will take appropriate steps.

Data protection officer

We have not appointed a data protection officer under Article 37 GDPR, because we are not required to do so under applicable law.

Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The controller is established in Ireland; the Irish supervisory authority is the Data Protection Commission (www.dataprotection.ie).

Source of the data

We receive personal data directly from you when you use the website and submit text or feedback.

Changes

We may update this page when our processing or legal obligations change. The version on this page at the time of your visit applies unless we notify you otherwise where required by law.

Note on this text

This page is intended to help us meet transparency obligations under the GDPR. It does not constitute legal advice; if you need certainty for your organisation, consult qualified counsel.