Effective Date: February 23, 2026
AI Reality Check ("we," "us," or "our") operates the website airealitycheck.ai and the AI Reality Check application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.
When you create an account, we collect your email address and, if you authenticate via Google or GitHub OAuth, your name and profile information provided by those services. We do not store your OAuth passwords.
When you use our Trust Check, Readiness Check, or Spend Check tools, we collect the responses you provide and the results generated by our analysis. This data is encrypted at rest (see Section 3).
If you use the AI chatbot feature, the messages you send and the responses generated are stored in encrypted form to provide conversation history and continuity.
If you subscribe to AI Reality Check Pro, your payment is processed by Stripe. We do not store your credit card number, CVV, or full card details. Stripe provides us with a subscription identifier and billing status. Please refer to Stripe's Privacy Policy for details on how Stripe handles your payment data.
If you connect social media accounts (X/Twitter, LinkedIn, or Facebook) for content posting, we store encrypted OAuth tokens to perform actions on your behalf. These tokens are encrypted with AES-256-GCM and can be revoked at any time by disconnecting the account.
We use Plausible Analytics, a privacy-first analytics service that does not use cookies, does not collect personally identifiable information (PII), and does not track users across websites. If Google Analytics 4 (GA4) is enabled, it may collect additional usage data subject to your cookie consent preferences (see Section 5).
For security purposes, we log API requests including endpoint, timestamp, user identifier, and IP address. These logs are used solely for security monitoring and abuse prevention.
We use the information we collect to:
We do not sell, rent, or share your personal information with third parties for marketing purposes.
All assessment results, chat messages, and social media OAuth tokens are encrypted using AES-256-GCM (Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode) before being stored in the database. This is the same encryption standard used by financial institutions and government agencies. Each encrypted record uses a unique initialization vector (IV) to ensure that identical data produces different ciphertext.
Your data is stored in a PostgreSQL database hosted on Railway, a cloud infrastructure provider. All data in transit is protected with TLS 1.3 encryption. Our application enforces HTTPS-only connections, HTTP Strict Transport Security (HSTS), and Content Security Policy (CSP) headers.
Authentication sessions use HttpOnly, Secure cookies with SameSite=Lax policy and expire after 24 hours. Session tokens are cryptographically hashed before storage. CSRF tokens are required on all data-modifying operations.
API endpoints are protected by rate limiting to prevent abuse and ensure fair usage for all users.
While we implement industry-standard security measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data using current best practices.
We use the following third-party services to operate AI Reality Check. Each service receives only the minimum data necessary to perform its function:
Your assessment responses are sent to Anthropic's Claude API for AI-powered analysis and scoring. Anthropic processes this data according to their Privacy Policy. Per Anthropic's API terms, data submitted through the API is not used to train their models.
Payment processing for Pro tier subscriptions. Stripe collects and processes payment card data directly; we never see or store your full card details. See Stripe's Privacy Policy.
Transactional email delivery for magic link authentication and account notifications. Resend receives your email address solely for the purpose of delivering these messages. See Resend's Privacy Policy.
Privacy-first website analytics. Plausible does not use cookies, does not collect personal data, and is fully compliant with GDPR, CCPA, and PECR without requiring a consent banner. See Plausible's Data Policy.
When enabled, GA4 collects usage data including page views, events, and device information. GA4 uses cookies and is only activated with your explicit consent via a cookie consent banner. You can opt out at any time by withdrawing cookie consent. See Google's Privacy Policy.
If you connect social media accounts for content posting, we interact with these platforms' APIs using encrypted OAuth tokens stored on your behalf. We only post content that you or an authorized administrator explicitly initiate. Revoking access removes the stored tokens from our system.
If you sign in using Google or GitHub, we receive your name, email address, and profile picture from the respective provider. We do not receive or store your password for these services.
We use strictly necessary cookies for authentication (session tokens) and security (CSRF tokens). These cookies are required for the Service to function and cannot be disabled.
Plausible Analytics does not use cookies of any kind. It does not collect or store any personal data or personally identifiable information. No consent banner is required.
If GA4 is enabled on the Service, it sets cookies to identify unique visitors and track sessions. These cookies are only placed after you provide explicit consent via the cookie consent banner. You may withdraw consent at any time, at which point GA4 cookies will no longer be set. Existing GA4 cookies can be cleared through your browser settings.
We may store a cookie to remember your preferred language (English, Spanish, French, or Portuguese). This is a functional cookie that improves your experience and contains no personal data.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
You may request a copy of the personal data we hold about you. Your assessment history and results are accessible directly through the Service via your account dashboard.
You may request an export of your data in a machine-readable format. Contact us at the email address below to request an export.
You may request the deletion of your account and all associated data, including assessment results, chat history, and any stored social media tokens. Upon receiving a verified deletion request, we will permanently delete your data within 30 days, except where retention is required by law.
How to request data deletion:
If you signed in via Facebook and wish to delete data associated with your Facebook account, you may also submit a deletion request through Facebook's settings under "Apps and Websites" by removing AI Reality Check, or contact us directly at the email above.
You may request correction of any inaccurate personal data we hold about you.
You may opt out of optional analytics tracking (GA4) by declining or withdrawing cookie consent. You may disconnect social media integrations at any time, which will delete the associated encrypted tokens. You may unsubscribe from any non-essential communications.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.
We retain your personal data only for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at [email protected].
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective Date" at the top of this page and, where appropriate, notify you via email or a prominent notice on the Service. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: