Fact It
Legal

Privacy Policy

Last updated: 2026-07-13

Fact It's product surface is “fact-check what your AI just said”. To do that we read text from the AI assistant's response on your screen and send it to a server to be checked. We take that seriously, and this policy describes exactly what we collect, where it goes, and how to get it removed. If anything here is unclear, contact us at today.factit@gmail.com.

What we capture

  • The AI's response only.Per host, our selectors target the assistant's message — the extension sends only the assistant's response, never your own prompt.
  • A platform identifier (e.g. chatgpt-web) for the “accuracy trends per host AI” view.
  • A timestamp.
  • A request identifier used for rate-limiting and to correlate a check with any feedback you later submit. By default this is derived from your IP address; the raw IP is used transiently for abuse prevention and is not stored as a stable profile.

We never capture your login state, the page URL beyond the hostname, your other open tabs, screenshots, keystrokes, or any DOM content outside the AI's response.

Where it goes

  1. The captured response is sent to the Fact It API over HTTPS.
  2. The pipeline calls the sub-processors listed below to extract claims, verify them, and gather evidence.
  3. The verdict and source list are returned to you and persisted locally (IndexedDB in the extension, Tauri-SQL on desktop). If you use the hosted dashboard with an account (once auth is enabled), your history may also be stored server-side.

We do not sell your data, and your captured content is not used to train any models.

Sub-processors

We share data with the following third parties only to the extent needed to provide the service:

ProviderPurposeWhat it receives
Anthropic (Claude)Claim extraction + verificationThe AI response text being checked. Anthropic does not train on API data.
General evidence providers — Wikipedia (always on) plus Tavily, Brave, and/or Perplexity Sonar when their keys are configuredRetrieve supporting/contradicting sources for every claimA search query derived from the extracted claim.
Specialized evidence providers, routed by claim topic — Europe PMC (EMBL-EBI) for medical claims and SEC EDGAR (sec.gov) for financial claims are always on; CourtListener (legal) runs only if its key is configuredRetrieve topic-specific sources when a claim is classified into that domainA search query derived from the extracted claim, sent only to the provider(s) matching that claim's topic.
PostHogProduct analytics + error monitoringFact-checking stays aggregate metadata only — e.g. source app, claim count, verdict tallies, overall confidence, feedback rating. The AI response text and individual claim text are not sent to PostHog, and fact-check events never build a profile about you. If you create an account, PostHog additionally holds an account profile (your email, your name, and whether your address is verified) so we can measure how many people who start a signup finish it. Your fact-checking activity is not attached to that profile. Sign out and it stops being associated with this browser.
ResendSending account email — verify your address, reset your password, notify you that your password changedYour email address and the contents of that message. Only used if you create an account with an email address.
HaveIBeenPwnedRejecting passwords that appear in known public breachesNot your password, and not your email. We hash the password locally and send only the first five characters of that hash — which matches millions of possible passwords — and do the comparison on our side. HaveIBeenPwned cannot learn your password from it.
Google Cloud Run (GCP)Hosting for the hosted web + APITraffic to the hosted service, as part of normal request handling.
Google (only if you use "Continue with Google")Sign-inStandard OAuth sign-in. We receive your email address, name, and profile picture; we never receive your Google password.

The Anthropic API is configured with server-side telemetry enabled for our own observability; those payloads are not forwarded to any third-party analytics sink beyond the sub-processors above.

Opt-in by host

You maintain an allowlist of hosts. Sensitive defaults are off (banking, healthcare, government domains). The extension respects the host's own privacy signals: incognito mode and explicit “do not record” flags disable Fact It automatically. You can also toggle checking on or off per page from the toolbar popup or with a keyboard shortcut.

Data retention

  • Local data (verdicts, history) lives on your device until you clear it and is never uploaded unless you opt into cloud sync.
  • Analytics metadatain PostHog is retained under PostHog's standard retention for the project.
  • Transient request data (e.g. IP used for rate-limiting) is not retained as a durable profile. If you browse without an account, nothing you do builds one.
  • Account data. If you create an account we store your email, your name, and a hash of your password — never the password itself. Deleting your account deletes your API tokens and any provider keys you brought, immediately and permanently. We keep the usage ledger — how many checks were run and what they cost us — but strip your identity from it, because we need those totals to reconcile our own provider bills.

Data deletion

  • Local: clear your history from the dashboard, or remove the extension.
  • Cloud (once enabled): account deletion removes all server-side data within 24 hours.
  • To request deletion of anything else, email today.factit@gmail.com.

Children

Fact It is not directed to children under 13 and we do not knowingly collect data from them.

Contact

Questions, privacy requests, or data-deletion requests: today.factit@gmail.com.