1. Data We Collect

We collect only the data necessary to provide fact-checking services. Below is a complete breakdown of every category of data we handle.

Email address
Collected only if you choose to create an account (for credit purchases). Free checks work entirely without an account and require no email.
Device ID
A randomly generated UUID stored in chrome.storage.local. Used solely to enforce the free-check quota (3 checks per day per device, 20 welcome credits with a free account). Not tied to your identity, your Google account, or any personal information.
Check inputs
When you right-click an image, the image is sent to our backend (as base64) for analysis. When you right-click text, the selected text is sent. These inputs are processed in real time and are not stored long-term in their raw form.
Check results
The verdict (TRUE / FALSE / MISLEADING / UNVERIFIED), summary, sources, and metadata are stored in our database to provide permalink pages and to cache results for other users who may check the same content.
Content hashes
A perceptual hash (dHash) of images and an MD5 hash of normalized text. Used for caching, rate-limiting, and deduplication. These hashes are one-way and cannot be reversed to reconstruct the original image or text.
Payment data
Processed by our payment processor (Stripe or Lemon Squeezy). We do not store credit card numbers, CVV codes, or billing addresses. We store your customer ID and purchase history so you can view past transactions and manage credits.
Usage analytics
Aggregate counters only: daily active users, total check counts, average latency, cache hit rates. No personally identifiable information is included in analytics.

2. Data We Do NOT Collect

3. How We Use Your Data

To detect 'zero-day' misinformation: Content you check may be re-analyzed by automated background jobs at a later date to detect whether the verdict has changed as new sources become available. The recheck count and updated verdict are stored and may appear on the permalink page.

Content hashes are also used for rate-limiting: no more than 5 checks per unique content hash per hour, to prevent abuse of the free-check quota.

4. Third-Party Services

The following third parties receive data from us as part of providing the fact-checking service. We do not share your data with any party beyond these necessary API calls.

Google Vision API
Receives the image you are checking (as base64) for label detection, landmark detection, and text extraction (OCR).
Google Fact Check API
Receives the claim text or the image hash to search published fact-check databases.
TinEye
Receives the image (as base64) for reverse image search to find original sources and earlier appearances.
GDELT
Receives the claim text to search global news events and timelines for contextual verification.
Brave Search API
Receives the claim text for general web search to gather source articles and corroborating evidence.
Google Gemini (via LiteLLM)
Receives the claim text or image description (derived from Vision API output) plus aggregated signals from all sources, to synthesize a verdict, summary, and confidence score. The raw image is not sent to the LLM.
Google OAuth
Receives your email and basic profile information when you choose to sign in. Used for account creation and authentication.
Payment processor (Stripe or Lemon Squeezy)
Receives payment information directly from your browser. We never see your full card number. Card data is governed by the processor's Privacy Policy. The current processor is listed on the pricing page.
Redis
Stores cached verdicts and analytics counters in memory. No personally identifiable information is stored in Redis.
Cloud hosting provider
Our backend and database are hosted on cloud infrastructure. Check results, content hashes, and account data are stored on their infrastructure, subject to their privacy policy.

5. Data Retention

6. Public Permalinks

7. Your Rights

You have the following rights regarding your data:

8. GDPR Rights (EU/EEA Users)

If you are in the European Economic Area or United Kingdom, you have the following rights under the GDPR:

Our lawful basis for processing is: (a) contract (Art. 6(1)(b)) for providing the fact-checking service you requested; (b) legitimate interests (Art. 6(1)(f)) for caching, abuse prevention, and service improvement; (c) consent (Art. 6(1)(a)) for account creation via OAuth. You may object to legitimate-interest processing at any time.

We do not engage in automated decision-making with legal or similarly significant effects (Art. 22). Fact-check verdicts are informational tools, not binding determinations.

9. California Privacy Rights (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

Categories of personal information we collect: identifiers (email, device ID), commercial information (purchase history), and internet activity (content you submit for checking).

To exercise these rights, email alex@bukhalov.com with subject 'CCPA request'. We will verify your identity before responding, within 45 days.

10. International Data Transfers

Fact Checker is operated from Serbia. If you access the service from the European Economic Area, United Kingdom, or other jurisdiction with data protection laws, your data (including check inputs, email if you have an account, and content hashes) will be transferred to and processed in Serbia and the United States (where our cloud infrastructure and third-party APIs are located).

Serbia's Law on Personal Data Protection (ZSLP) mirrors the GDPR. We rely on Standard Contractual Clauses (SCCs) with our service providers (Google, payment processors) for lawful international transfers, as approved by the European Commission. For transfers to US-based providers, we rely on the EU-US Data Privacy Framework where our providers are certified participants.

Transfers are made under the SCCs and EU-US Data Privacy Framework described above.

11. Children's Privacy

Fact Checker is not directed to children under 13 and we do not knowingly collect personal information from children under 13. The service is a general-audience productivity tool. If you are a parent or guardian and believe your child has provided us with personal information (e.g., by creating an account), please contact us at alex@bukhalov.com. We will delete such information promptly and take steps to prevent further collection.

We do not use age-gating or targeted advertising. Free checks require no account and no personal information beyond an anonymous device ID.

12. Data Security

13. Changes to This Policy

We may update this Privacy Policy as the service evolves. Changes will be posted on this page with an updated effective date. Continued use of the Fact Checker extension after changes are posted constitutes acceptance of the revised policy. If we make material changes that reduce your rights, we will provide additional notice through the extension or by email where possible.

14. Governing Law

This Privacy Policy is governed by the laws of Serbia. Disputes will be resolved in the competent courts of Serbia. Nothing in this policy limits any statutory rights you may have under your local data protection laws, including the GDPR if you are in the EEA or UK.

15. Disclaimer

Fact Checker provides AI-assisted verdicts for informational purposes only. Verdicts are not definitive statements of truth and are not a substitute for professional judgment, journalistic standards, or legal, medical, or financial advice. Always verify critical claims through primary sources.

16. Contact

For general inquiries, support, or privacy-related requests:

alex@bukhalov.com

For privacy concerns specifically, please use the subject line "Privacy concern" so we can route your message to the right person.

Back to Fact Checker landing page