https://facta.dk/en/privacy-policy/

1. Who are we?
   FACTA is a Danish-developed browser extension that helps users verify factual claims online. We are dedicated to promoting information quality and combating misinformation. As data controller, we are committed to processing your personal data in accordance with applicable data protection legislation, including the EU General Data Protection Regulation (GDPR). You can contact us at support@facta.dk.
2. What data do we collect?
   To provide our fact-checking service, we process the following categories of data when you actively use the FACTA extension:

Text you fact-check: The specific text you select and choose to fact-check is sent encrypted to our server for AI-based analysis. This text is processed solely for the purpose of providing you with a fact-check result.
Images/screenshots: If you choose to use the screenshot feature, the selected image area is sent for OCR processing (optical character recognition) to extract text, which is then fact-checked. The image is deleted immediately after processing.
Local preferences: Your personal settings such as selected theme (light/dark mode) and preferred language are stored locally in your browser storage and are never sent to our servers.
History: Your complete fact-check history is stored exclusively locally in your browser, allowing you to review previous searches. This data remains on your device and is not synchronized to external servers.
3. Data we do NOT collect
To protect your privacy, we have designed FACTA so that we specifically do NOT collect or store the following information:

Your geographic location or localization data
Personal information such as your name, email address, or phone number
Your general browsing history or search history
Information about which websites you visit when not actively using FACTA
4. How do we use your data?
We exclusively use the collected data for the following legitimate purposes:

To perform accurate fact-checks on text you voluntarily submit for analysis
To improve and optimize our AI model and fact-checking algorithms for increased accuracy and reliability
To store your local preferences to ensure a personalized and consistent user experience
5. Data sharing
To provide our service, we work with the following trusted third-party providers, and data is shared only to the extent necessary:

OCR.space: For text extraction from images via optical character recognition (only when you actively use the screenshot feature)
AI services: Groq for AI analysis of claims
Brave Search API: For searching relevant sources and factual verification. Powered by Brave Search.
Cloudflare Workers: For hosting and processing requests
Search server: Self-hosted search server (SearXNG) on DigitalOcean in Frankfurt, Germany, used as a supplementary search service to find relevant sources for fact-checking. Search queries are processed on this server and are not permanently logged.
We never sell, rent, or disclose your personal information to third parties for commercial or marketing purposes under any circumstances.

1. Data Processing Agreements
   We have entered into data processing agreements (DPA) with our subprocessors in accordance with GDPR Art. 28. This ensures that your data is processed only according to our instructions and that providers maintain appropriate security measures.
2. IP address for rate limiting
   Your IP address is used exclusively to implement abuse prevention and rate limiting (maximum 100 requests per IP per day). The IP address is temporarily stored in our KV store for 24 hours and then automatically deleted. It is never linked to personal data and is not used to identify or track you.
3. Cookies and Google Analytics
   Our website uses the following technologies to improve your experience:

Google Analytics: We use Google Analytics (GA4) to collect anonymized statistics about visits to our website. This includes page views, session duration, and approximate geographic location (country/region). Google Analytics sets cookies to distinguish between users. You can opt out by declining cookies.
Local preferences: We store your language choice and theme preference in localStorage (not cookies), so your settings are remembered between visits.
Cookie consent: Your choice to accept or decline cookies is saved so we do not ask you again.
Cookie inventory: facta_cookie_consent (lifetime: 1 year, purpose: store your cookie choice), facta_theme (localStorage, purpose: theme preference), facta_lang (localStorage, purpose: language choice). localStorage data is not cookies and is not sent to servers.
You can delete cookies at any time via your browser settings. See Google's privacy policy for more information on how Google processes data.

1. Referral and rewards system
   If you use our invitation system, we process the following:

User ID: An anonymous, randomly generated ID is stored locally and used to identify your account in our backend system. This ID contains no personal information.
Referral code: If you generate an invitation code, it is stored in our backend linked to your anonymous user ID, so we can award XP rewards when others use your code.
XP and statistics: Your earned XP points and achievements are stored locally in your browser and synchronized via your browser's sync feature if you are logged in.
10. Data retention
Local data: Stored securely in your browser's local storage and remains there until you manually delete it, clear browser data, or uninstall the FACTA extension.
Server data: Text sent for fact-checking is processed in real-time and is not permanently stored on our servers. Data is automatically deleted immediately after analysis is complete and the result is delivered to you.
Cache: Anonymized results may be cached for up to 24 hours to improve performance. Time-sensitive results are cached for maximum 2 hours.
Feedback data: User reports about incorrect results are stored for up to 90 days linked to your anonymous user ID. After that, they are automatically deleted.
11. Your rights
Under the EU General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

Right of access: You may request information about what personal data we process about you
Right to rectification: You may have any inaccurate or incomplete information corrected
Right to erasure: You may request deletion of your personal data ("right to be forgotten")
Right to object: You may object to our processing of your information
Right to data portability: You may request to receive your data in a structured, commonly used format
To exercise your rights or ask questions about our data processing, please contact us at support@facta.dk . We strive to respond to all inquiries within 30 days.

1. Security
   We take the protection of your data very seriously and have implemented the following technical and organizational security measures:

Industry-standard TLS/HTTPS encryption for all data transmission between your browser and our servers
Minimal data retention policy: No permanent storage of fact-check requests on our servers
Regular security reviews and vulnerability assessments of our systems
13. Children's privacy
FACTA is not designed for or directed at children under 13 years of age. We do not knowingly collect personal information from children under this age. If we become aware that we have inadvertently collected data from a child under 13, we will immediately delete this information from our systems.

1. Changes to this policy
   We reserve the right to update this privacy policy from time to time to reflect changes in our practices or applicable legislation. For material changes that affect your rights, we will clearly notify you via the extension or our website. We encourage you to review this policy regularly to stay informed.
2. Contact
   Do you have questions, concerns, or requests regarding this privacy policy or our processing of your personal data? You are always welcome to contact us:

Email: support@facta.dk

Website: facta.dk