AI Detection Benchmarks Archives

When you submit your academic papers to AI detection tools like Turnitin, GPTZero, or Copyleaks, your data may be stored indefinitely, shared with third parties, or used for product development—often without clear consent. Turnitin keeps papers permanently unless your instructor enables “Do Not Store” or you request deletion through your administrator. GPTZero deletes documents within 24 hours by default. Copyleaks operates under FERPA’s “school official” exception, allowing processing without explicit student consent. You have rights under FERPA and GDPR to access, correct, or request erasure of your data, but exercising them requires proactive communication with your institution.

Introduction: The Hidden Cost of AI Detection

You’ve just submitted your paper through Turnitin. You breathe a sigh of relief, hoping for a low similarity score. But what happens to your work after you click submit? Where does it go? Who has access to it? And most importantly: can you get it back?

These aren’t just theoretical questions. In 2026, AI detection tools process millions of student submissions worldwide, creating massive databases of academic work. Your papers—containing your original research, personal insights, and intellectual property—may be stored, analyzed, and potentially shared in ways you’ve never considered.

This guide reveals what truly happens to your submissions, explains your legal rights, and provides concrete steps to protect your academic privacy.

How AI Detection Tools Handle Your Data

Turnitin: The Permanent Archive

Turnitin operates the largest student paper repository in the world. According to their official privacy policy, student papers are added to a private, proprietary database indefinitely unless specific actions are taken[1].

Storage practices:

Papers are stored in Turnitin’s global repository permanently by default
Data is encrypted and stored in servers located in California, United States[2]
Instructors can enable “Do Not Store” mode, which prevents permanent archiving while still generating similarity reports[3]
Students can request deletion, but must go through their institution’s Turnitin administrator[4]

Important: Turnitin’s standard setting means your work could remain in their system forever, potentially being used to train future detection algorithms or compared against future submissions globally.

GPTZero: Short-Term Processing with Options

GPTZero takes a different approach. Their official FAQ states: “We do not store or collect the documents passed into any calls to our API.”[5]

Retention policy:

Standard web dashboard submissions: documents are generally not stored long-term
API usage: documents are processed and deleted immediately
Users can optionally save documents to their dashboard for later review
Data is not used to train AI models[5]

GPTZero is SOC 2 certified and claims FERPA compliance, making it one of the more privacy-conscious options[5].

Copyleaks: Institutional Control with Shared Data Hub

Copyleaks operates under the “school official” exception of FERPA, meaning institutions can submit student work without individual consent as long as the school maintains control and oversight[6].

Key practices:

Data stored on Google Cloud Platform servers
Offers a “Shared Data Hub” that collects user-submitted documents
Claims GDPR and FERPA compliance
Transparency about data usage is essential—students should understand if their work enters the shared repository[6]

The Third-Party Data Sharing Problem

Even if the primary AI detection tool has strong privacy policies, your data may still be at risk through:

API integrations: Many educational tools integrate multiple services, creating data pathways you haven’t authorized
Cloud hosting: Data stored in jurisdictions with different privacy laws may be accessed by foreign governments
Aggregator breaches: Platforms that combine multiple AI models are attractive targets for hackers
Shadow AI: Unapproved browser extensions or tools used by students or staff can log and sell sensitive data[7]

A 2026 analysis found that AI tools frequently share user data with third parties, creating significant compliance risks under GDPR, HIPAA, and other frameworks[7].

Your Legal Rights: FERPA and GDPR

FERPA (U.S. Students)

The Family Educational Rights and Privacy Act gives you specific rights:

Right to inspect: You can review your educational records, including data held by third-party services
Right to seek amendment: You can request correction of inaccurate information
Right to control disclosures: Generally, schools need your consent to release personally identifiable information—though the “school official” exception allows use of vendors like Copyleaks without explicit consent[6]
Right to opt out: Some institutions allow students to opt out of database submission, though this is not universal[8]

Important limitation: FERPA applies only to institutions receiving federal funding. Private schools not receiving such funding may have different obligations.

GDPR (EU/International Students)

The General Data Protection Regulation provides stronger protections:

Explicit consent required for most data processing (unlike FERPA’s “school official” exception)
Right to erasure: You can request your data be deleted
Right to data portability: You can obtain and reuse your data across services
Right to object: You can object to certain types of processing

Reality check: Most students don’t exercise these rights because they don’t know they exist or find the processes too burdensome.

Practical Steps: Taking Control of Your Data

1. Understand Your Institution’s Policies

Before submitting any work:

Check your syllabus for statements about plagiarism detection software
Look for institutional policies on data storage and student consent
Identify whether your school uses “no repository” options by default

2. Request “Do Not Store” When Available

If your instructor uses Turnitin:

Ask them to enable the “Do Not Store Submitted Papers” option[3]
This allows similarity checking without permanent archiving
Note: Not all instructors honor this request, but it’s worth asking

3. Exercise Your Deletion Rights

To remove your work from Turnitin:

Contact your instructor and request deletion
The instructor must contact the institution’s Turnitin administrator
Provide specific details: course name, assignment, submission ID
Understand this is permanent and cannot be undone[4]

For other tools:

GPTZero: No action needed unless you saved to dashboard (delete manually)
Copyleaks: Work with your institution’s data protection officer

4. Document Everything

If you’re concerned about future disputes:

Keep copies of your submission receipts
Save drafts with timestamps (use Git or version history)
Record communications about data deletion requests

5. Know When to Escalate

If your institution refuses reasonable privacy requests:

Consult your student ombudsman
File a complaint with your institution’s data protection officer
For EU students: contact your national data protection authority

Common Myths and Misconceptions

Myth 1: “My work is anonymous in the database”

False. Even if personally identifiable information is removed, your writing style, research topics, and intellectual contributions can be traced back to you.

Myth 2: “Only my school can see my paper”

False. Turnitin’s global repository compares submissions across institutions worldwide. Your work could be accessed by universities in other countries with different privacy standards.

Myth 3: “I can’t opt out—it’s required”

Partially false. Many schools claim plagiarism detection is mandatory, but you often have the right to request alternatives. The University of Ottawa states: “Students must have the option to opt out of using plagiarism detection software. Professors must then suggest rigorous alternatives to verify academic integrity.”[8]

Myth 4: “Deletion removes my paper completely”

Uncertain. While services claim to delete submissions, backups and cached versions may persist. There’s no independent verification of complete erasure.

The Trade-Off: Privacy vs. Academic Integrity

You face a fundamental choice:

Submit to detection tools:

✓ Verify originality before final submission
✓ Avoid unintentional plagiarism
✓ Meet institutional requirements
✗ Potential permanent data storage
✗ Loss of control over intellectual property
✗ Risk of data breaches or misuse

Opt out or minimize data sharing:

✓ Retain full ownership and control
✓ Avoid surveillance capitalism concerns
✗ May need alternative verification methods
✗ Possible suspicion from instructors
✗ Limited ability to self-check before submission

Our recommendation: Use detection tools strategically, not automatically. Submit only when necessary, request “Do Not Store” settings, and delete submissions immediately after receiving your report.

What to Do If Your Rights Are Violated

Document the violation: Save screenshots, emails, and policy documents
File internal complaints: Start with your department chair, then data protection officer
Contact student advocacy groups: Organizations like the Student Defense Team provide free legal guidance[9]
Report to regulators: In the U.S., contact the Department of Education’s Student Privacy Policy Office; in the EU, contact your national Data Protection Authority

Looking Ahead: The Future of Academic Data Privacy

Trends to watch in 2026-2027:

Increased regulation: State-level laws like California’s CCPA and Virginia’s CDPA may expand student rights
Institutional pushback: Universities like MIT and Harvard are renegotiating vendor contracts to include stronger data protections
Technical solutions: Zero-knowledge proofs and federated learning could enable verification without data sharing
Student movements: Growing awareness is driving demand for privacy-respecting alternatives

Conclusion: Take Control of Your Academic Data

Your papers represent months of work, original thinking, and intellectual growth. They deserve protection—not just from plagiarism accusations, but from unauthorized data harvesting and indefinite storage.

Key takeaways:

Most AI detection tools store your data indefinitely by default—you must explicitly opt out
You have legal rights under FERPA/GDPR, but exercising them requires proactive effort
“Do Not Store” options exist but aren’t always used—ask your instructor
Document everything and don’t hesitate to escalate when your rights are ignored

Your academic work belongs to you. Treat it accordingly.

Related Guides

Need Help Protecting Your Academic Privacy?

If you’re facing data privacy concerns with AI detection tools or need guidance on exercising your rights, Paper-Checker.com offers:

Free consultation with academic integrity experts
Privacy audit services for student submissions
Template letters for data deletion requests
Legal referral network for serious violations

Contact us today to schedule a confidential discussion about your situation. Don’t let your intellectual property be exploited without your consent.

Get Your Free Privacy Consultation Now

Citations

[1]: Turnitin Services Privacy Policy. (2026). https://guides.turnitin.com/hc/en-us/articles/27377195682317-Turnitin-Services-Privacy-Policy
[2]: Turnitin FAQ: Where is data stored? https://help.turnitin.com/da/simcheck/web-based/brugere/faq.htm#:~:text=Data%20is%20stored%20in%20our%20data%20center%20in%20California%2C%20United%20States.
[3]: Turnitin “Do Not Store Submitted Papers” Feature. (2025). https://openlab.sps.cuny.edu/teaching-guides/2025/07/09/turnitin-do-not-store-submitted-papers-feature/
[4]: How to delete a submission from Turnitin. (2025). https://helpcenter.turnitin.com/hc/en-us/articles/27974188730509-How-can-I-delete-my-submission-from-Turnitin
[5]: GPTZero Privacy Policy & FAQ. (2024). https://gptzero.me/privacy-policy.html and https://gptzero.me/faq
[6]: Copyleaks Privacy Policy and AI Regulations. (2025). https://copyleaks.com/privacy-policy and https://copyleaks.com/blog/ai-regulations
[7]: AI Data Privacy & Third-Party Sharing Risks. (2025-2026). Various sources on AI tool data sharing practices
[8]: University of Ottawa: Opt-out options for plagiarism detection. https://saea-tlss.uottawa.ca/en/teaching-technologies/academic-integrity-ouriginal-respondus/learn-more-on-turnitin-originality
[9]: LLF National Law Firm Student Defense Team. (2026). Resources on academic privacy rights

Data Privacy and AI Detection: What Happens to Your Papers After Submission?