EFF DO NOT TRACK COMPLIANCE POLICY — deepaidetector.com

Adopted: 2026-06-07
Version: 1.0
Canonical: https://deepaidetector.com/.well-known/dnt-policy.txt

This document describes how deepaidetector.com responds to the HTTP Do Not
Track (DNT) header sent by a user agent (RFC 7231 §5.3.4 / Tracking
Preference Expression W3C draft).

1. NO CROSS-SITE OR THIRD-PARTY TRACKING
   deepaidetector.com does not engage in cross-site or third-party tracking
   of users for any purpose. We do not load third-party advertising,
   retargeting, analytics SDKs, social plug-ins, or session-replay tools
   on production pages. Consequently there is no tracking behaviour to
   disable when the DNT header is present.

2. SERVER-SIDE LOGGING (NOT TRACKING)
   We retain transient server-side request logs (hashed IP fingerprint,
   user-agent string, requested path, response code, timing) at our edge
   (Cloudflare) for up to 24 hours for security and reliability purposes.
   These logs are not used for tracking; they are not joined with
   third-party identifiers; they are not shared for advertising; they
   are not retained beyond 24 hours.

3. AUTHENTICATION COOKIES
   We set a single first-party HTTP-only session cookie ("session") and a
   CSRF token to keep authenticated users signed in. These are strictly
   necessary cookies under ePrivacy / PECR and are unaffected by DNT.

4. PSEUDONYMOUS USAGE COUNTERS
   We maintain pseudonymous usage counters (eg, detections-per-billing-
   period per account, anonymous-tier requests per hashed IP per 24h)
   for rate-limit enforcement and tier compliance. These counters do not
   constitute tracking under the DNT specification because they (a) are
   keyed to the authenticated session or to a hashed IP rather than a
   cross-site identifier, (b) are not shared with third parties, and (c)
   are not used for behavioural advertising or profiling.

5. GLOBAL PRIVACY CONTROL
   In addition to DNT, we honour the Global Privacy Control (GPC) signal
   as a valid opt-out request under the CCPA/CPRA and equivalent US state
   privacy laws. See: https://globalprivacycontrol.org/

6. EXCEPTIONS
   None.

7. AUDIT AND PUBLIC POSTING
   We will revise this policy if we ever change our tracking practices.
   The Expires field of this policy is 2027-06-07; the policy will be
   reviewed by that date and updated if required.

8. COMPLAINTS AND CONTACT
   privacy@deepaidetector.com — Privacy contact
   security@deepaidetector.com — Security contact
   See also: https://deepaidetector.com/legal/privacy
            https://deepaidetector.com/legal/cookies