. Or use the REST API directly with POST /v1/verify."}},{"@type":"Question","name":"Is there a free tier?","acceptedAnswer":{"@type":"Answer","text":"Yes. Get an API key instantly with no signup required. The free tier includes 1,000 verifications per day (30,000/month). No credit card needed."}},{"@type":"Question","name":"What signals does Device.AI analyze?","acceptedAnswer":{"@type":"Answer","text":"Device.AI analyzes user agent, automation framework presence (Selenium, Puppeteer, PhantomJS, etc.), canvas fingerprint, WebGL renderer, screen resolution, timezone, hardware concurrency, browser feature support, and connection type."}}]}]}

Privacy Policy

Last updated: April 6, 2026

1. Overview

Device.AI (“we,” “us,” or “our”) is a device intelligence and bot detection platform operated by Technetwork 2 LLC dba ai.ventures. This Privacy Policy explains how we collect, use, store, and protect information when you use our website, API, and related services (collectively, the “Service”).

2. Information We Collect

2.1 API Key Holders (Our Customers)

When you generate an API key or upgrade to a paid plan, we may collect:

  • Email address (only at paid tier — free tier requires no personal information)
  • Payment information (processed securely by Stripe; we never store card details)
  • API usage data (request counts, rate limit usage)

2.2 End-User Device Signals (Via Our Detection Script)

When a website using Device.AI loads our detection script (detect.js), we collect technical device signals from the end user’s browser to determine whether the visitor is a human or automated bot. These signals include:

  • User agent string and browser type
  • Screen resolution, color depth, and window dimensions
  • Canvas and WebGL rendering fingerprints (hashed, not raw)
  • Timezone and language preferences
  • Hardware concurrency and device memory
  • Connection type and downlink speed
  • Automation framework detection signals (e.g., WebDriver presence)
  • IP address (used for request context, not stored long-term)

We do not collect: names, email addresses, passwords, keystrokes, form data, browsing history, cookies from other sites, or any personally identifiable information (PII) from end users of websites using our service.

2.3 Website Visitors

When you visit device.ai directly, we may collect standard analytics data including page views, referral sources, and general geographic region via Google Analytics 4.

3. How We Use Information

  • Bot Detection: Device signals are analyzed in real-time to generate a trust score (0.0–1.0) indicating the likelihood that a visitor is human.
  • Service Improvement: Aggregated, anonymized verification data helps us improve our scoring models and detection accuracy.
  • Rate Limiting: API key usage is tracked to enforce plan limits and prevent abuse.
  • Billing: Email and payment data are used to process subscriptions for paid plans.
  • Analytics: We provide API key holders with aggregated usage statistics (requests, blocks, scores) through our dashboard and stats API.

4. Data Retention

  • Verification events: Individual verification records are retained for up to 90 days, then automatically deleted.
  • API keys: Retained for the lifetime of the account. Inactive keys may be purged after 12 months of non-use.
  • Aggregated statistics: Anonymized, aggregated data may be retained indefinitely for model improvement.
  • Payment data: Managed by Stripe per their privacy policy. We retain transaction references for accounting purposes.

5. Data Sharing

We do not sell, rent, or trade personal information. We share data only in these limited circumstances:

  • With our API key holders: Verification results (score, risk level, action) are returned to the website that initiated the verification request.
  • Service providers: Stripe (payments), Vercel (hosting), Neon (database), Google Analytics (website analytics).
  • Legal requirements: When required by law, subpoena, or court order.
  • Business transfer: In the event of a merger, acquisition, or sale of assets, with notice to affected users.

6. Security

We implement industry-standard security measures to protect data, including:

  • TLS encryption for all data in transit
  • Encrypted database storage (Neon Postgres with encryption at rest)
  • Cryptographically secure API key generation
  • No storage of raw fingerprint data — only hashed representations
  • Rate limiting and abuse prevention on all endpoints

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability (receive your data in a structured format)
  • Withdraw consent at any time

To exercise any of these rights, contact us at privacy@device.ai.

8. GDPR Compliance

For users in the European Economic Area (EEA), our lawful basis for processing device signals is legitimate interest— specifically, our customers’ legitimate interest in protecting their websites from automated abuse and fraud. Device signals collected by our script are technical in nature and do not constitute personal data in most implementations, as they are processed as hashed, ephemeral signals rather than persistent identifiers.

Where our customers use Device.AI as a data processor, we process data only according to their instructions and have appropriate data processing agreements in place.

9. CCPA Compliance

California residents have additional rights under the California Consumer Privacy Act (CCPA). We do not sell personal information as defined by the CCPA. California residents may exercise their rights by contacting us at privacy@device.ai.

10. Children’s Privacy

Device.AI is a B2B service intended for use by developers and businesses. We do not knowingly collect personal information from children under 13 (or the applicable age of consent in your jurisdiction). If you believe we have inadvertently collected such information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or requests: