Plagius One logo

PlagiusOne Privacy Policy

Effective as of: September 15, 2025
Controller: GH SOFTWARE LTDA., Porto Alegre/RS, Brazil ("GH Software").

This Policy explains which data we collect, how we process it, with whom we share it, how long we retain it, and what your rights are when you use PlagiusOne, the website, and related services. By using our services, you agree to this Policy.

We process personal data in accordance with applicable data protection laws, following the principles of purpose, adequacy, necessity, transparency, security, prevention, and accountability. The legal bases may include contract performance, compliance with legal or regulatory obligations, regular exercise of rights, legitimate interest (with safeguards and assessments when appropriate), and consent when required.

2. Data we collect

2.1. Account and billing: name, email, phone, taxpayer or business ID (when applicable), address, language, time zone, billing data (we do not store full card numbers), subscription history, transactions, and authentication data when you use federated login (e.g., identifier, name, and email from Google OAuth).
2.2. Service usage and activity logs: analysis metrics (e.g., number of words, duration, file format), technical logs, device/browser identifiers, IP address, date/time, visited pages, User-Agent, and records of relevant actions (logins, uploads, analyses performed, credit consumption, plan changes, payment events, and fraud attempts).
2.3. Content submitted for analysis: texts/documents you send to the Service.
2.4. Support and communications: exchanged messages, attachments, and metadata needed for assistance.
2.5. Cookies and similar technologies: essential cookies (login, security), functional cookies (preferences), and analytics cookies (statistics). You can manage preferences in your browser; some features may not work properly without essential cookies.

3. Processing purposes

(a) Provide the Service: run analyses, deliver results, maintain availability, authenticate and authorize access.
(b) Improve the Service: develop features, monitor performance and security, prevent fraud or abuse.
(c) Support and communication: respond to requests, send operational notices and transactional emails (welcome messages, account confirmations, receipts, invoices, security alerts, result notifications, and renewal notices), and, where appropriate, marketing communications, always with an opt-out option for marketing.
(d) Billing and compliance: process payments through partners, issue invoices/receipts, perform financial reconciliation, demonstrate use of the Service in payment disputes (including disputes/chargebacks), and fulfill legal and regulatory obligations.
(e) Defense of rights: prevent disputes and exercise or protect rights in administrative or judicial proceedings or in interactions with financial institutions/payment intermediaries, including the use of access logs, IP data, transaction data, and usage records as legitimate evidence.

4. Processing of content submitted for analysis

4.1. Content is processed to deliver the analysis result. We may use minimal excerpts and text fragments to verify against public search engines (as part of the detection method), acknowledging that such third-party services may log queries.
4.2. Storage and retention of Content: by default, we keep Content while the Account or the relevant subscription is active, to the extent necessary to provide the Service, display analysis history, allow reports to be reissued, and support related features. After the Account is closed or the last subscription cycle ends, Content is kept only for the period strictly necessary to comply with legal obligations, audits, fraud prevention, and defense of rights, in line with section 8 below.
4.3. User‑initiated deletion: the User may delete analyses/reports via the dashboard at any time. Deletion may not be immediate in backups kept for a limited time and in essential logs, which may be retained solely for the timelines and purposes described in this Policy.
4.4. We do not use your Content to train models beyond what is strictly required to provide the Service, unless we obtain express consent.

5. Sharing with third parties

We share personal data only when necessary:

  • Payments: payment processors and methods (e.g., card providers, gateways), including billing data, transaction identifiers, and, where needed, limited usage records to demonstrate services provided in payment disputes/chargebacks.
  • Infrastructure: cloud providers, CDN, email, monitoring, and security services.
  • Analytics/anti-fraud: services for metrics, abuse prevention, and detection of suspicious activity.
  • Authentication: federated login providers (e.g., Google OAuth), when you choose that method.
  • Legal and accounting advisors: when required to comply with obligations or defend rights.
  • Authorities and financial institutions: upon legal request or to protect rights, including sharing logs and transaction data with public authorities, financial institutions, and payment intermediaries in fraud investigations, billing disputes, or regular exercise of rights.

We require third parties to adopt appropriate security and compliance measures.

6. International transfers

Your data may be processed outside Brazil. We adopt adequate safeguards (e.g., contractual clauses) and partners with comparable protection standards.

7. Information security

We implement technical and organizational measures to protect data, including encryption in transit, access controls, audit logs, and secure development practices. No platform is 100% secure; in the event of a relevant incident, we will follow legal notification procedures.

8. Retention and timelines

We keep personal data only for the time necessary to fulfill the purposes described in this Policy or to meet legal obligations, audits, fraud prevention, and defense of rights, in line with applicable data protection laws.

Reference timelines (which may be adjusted to comply with local law):

  • Account and billing: while the Account is active and, after closure, for a limited period (for example, up to 2 years) exclusively for legal, audit, fraud prevention, and defense purposes, without public access or commercial use. After this period or the maximum retention period permitted by law, data will be scheduled for permanent deletion. Before deletion, the user may be notified for potential reactivation; once deleted, data cannot be recovered.
  • Analysis Content: kept while the Account or subscription is active and, after closure, only for the period necessary to meet the purposes described above (typically included within the same limited retention period applied to Account and billing data), after which it is deleted or anonymized, except where a longer period is required by law.
  • Technical logs and usage metrics: typically up to 12 (twelve) months, for security, statistics, audit, fraud prevention, and dispute resolution (including payment disputes).
  • Support and communications: up to 24 (twenty-four) months after the ticket or interaction closes.
  • Anonymized data: may be kept indefinitely, without any possibility of identifying the subject.

9. Data subject rights

Depending on the laws of your jurisdiction, you may exercise, when applicable: confirmation of processing; access; correction; anonymization, blocking, or deletion; portability; information about sharing; withdrawal of consent; objection to unlawful processing; and review of automated decisions that significantly affect you (subject to technical limitations and trade secrets). To exercise your rights, contact plagiusone@plagius.com.

10. Automated decisions and explainability

Analysis results (scores/indications of similarity or AI generation) rely on automated processing. We provide understandable information about the overall meaning of scores and typical factors, without revealing trade secrets or enabling circumvention of the system.

11. Cookies and preferences

We use cookies that are strictly necessary for login/security, functional for preferences, and analytics for aggregated statistics. You can configure your browser to block cookies; some features may not work properly without essential cookies.

12. Children and adolescents

Our services are not intended for children. For teenagers, usage must comply with the law and have responsible supervision.

13. Changes to this Policy

We may update this Policy. For material changes, we will communicate through reasonable means (for example, email or dashboard notices). Continued use after publication indicates agreement with the current version.

14. Contacts

Questions or requests about privacy: plagiusone@plagius.com.
Website: plagius.one | Application: plagius.one

GH Software Ltda.
Porto Alegre/RS - Brazil