Privacy Policy

Last updated: March 2026

1. What we collect

Data you provide directly:

  • Account info: name, email address, password (hashed; we never store it in plaintext).
  • Payment info: processed entirely by Stripe. We never see or store your credit card number.
  • Text you submit for verification (see Section 2 for how we handle it).

Data collected automatically:

  • Usage analytics (PostHog): pages visited, features used, verification count. No personally identifiable information.
  • Error tracking (Sentry): crash reports to improve reliability. May include anonymized request data.
  • Cookies: functional cookies for authentication and session management; optional analytics cookies (you can opt out). See our Cookie Policy.

Browser extension:

  • The extension reads AI-generated text on supported platforms only when you click “Verify.” It does not read your browsing history, form inputs, passwords, or any other page content.
  • Before any text is sent to our servers, the extension strips personally identifiable information (PII) locally on your device: email addresses, phone numbers, social security numbers, and credit card numbers are removed before transmission.
  • The extension stores your authentication token in local browser storage. No other data is stored locally.

2. How we use verification text

When you submit text for verification:

  • We send extracted claims to third-party APIs (OpenAI, Anthropic, Groq, search engines) for analysis. These services have their own privacy policies.
  • We store verification results (the report, scores, sources) in our database so you can access your verification history.
  • We do not store the original raw text you submitted after verification is complete. Only the extracted claims and results are retained.
  • We do not use your submitted text to train AI models.
  • We do not sell your submitted text to third parties.

3. Third-party services

We use the following services that process data on our behalf:

4. Data retention

  • Account data: retained until you delete your account.
  • Verification history: retained for 1 year, then auto-deleted.
  • API cost logs: retained for 90 days for billing purposes.
  • Analytics data: retained per PostHog's policies (anonymized).
  • You can request deletion of all your data by emailing us at hello@aretify.com.

5. Your rights (CCPA — California residents)

Since we operate from California, California residents have the right to:

  • Know what personal information we collect about you.
  • Request deletion of your personal information.
  • Opt out of the sale of personal information (we do not sell it).
  • Non-discrimination for exercising these rights.

To exercise these rights, email hello@aretify.com.

6. Your rights (GDPR — EU/EEA residents)

If you are in the EU/EEA, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Erase your data (“right to be forgotten”).
  • Restrict processing.
  • Data portability.
  • Object to processing.

Our legal basis for processing is: consent (for analytics cookies), contract performance (for providing the service), and legitimate interest (for security and abuse prevention).

7. Children

Aretify is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with data, contact us and we will delete it.

8. Security

We use industry-standard security measures:

  • Passwords are hashed with bcrypt.
  • All data in transit is encrypted via TLS/HTTPS.
  • Database connections use SSL.
  • API keys are stored as environment variables, never in code.
  • The browser extension strips PII locally before transmission.

9. Changes

We will notify you of material changes via email 30 days in advance.

10. Contact

hello@aretify.com
Naweid, San Diego, California, USA