FactGuard ("FactGuard," "we," "us," or "our") is operated by RAYFINITE LLC, a limited liability company organized under the laws of the State of Wyoming, United States, with its principal place of business at 30 N Gould St Ste N, Sheridan, Wyoming 82801, USA.
This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you use the FactGuard iOS application, the FactGuard web application, and the factguard.org website (together, the "Service"). For the purposes of the EU/UK General Data Protection Regulation (GDPR), RAYFINITE LLC is the "controller" of personal information processed through the Service. For the purposes of the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA/CPRA"), RAYFINITE LLC is the "business."
Contact: [email protected]
When you create an account, we collect identifiers depending on the sign-in method you choose:
| Sign-in method | Data we receive |
|---|---|
| Sign in with Apple | Apple user identifier, name (first sign-in only, optional), and email address (or an Apple-relayed private address if you choose to hide your email) |
| Sign in with Google | Google user identifier, display name, and email address |
| Phone / SMS | Phone number and account user identifier |
| Email / Password | Email address and account user identifier; your password is hashed by our authentication provider and is never visible to us in plain text |
Authentication is handled by Firebase Authentication (Google LLC). These identifiers and contact details are stored with our authentication provider and associated with your account.
When you submit a claim, statement, or URL for verification, the text of that submission is sent to our backend, which routes it to one or more third-party AI processing providers (see Section 5) to produce an automated verdict — a calibrated confidence score (0–100), supporting reasoning, and cited sources. Submitted claim content is processed to generate your result and is not stored on a per-user basis on our servers; the result is cached locally on your device.
If you use the optional on-device verification mode, your claim is processed entirely on your device and is not transmitted to us or to any third-party processing provider.
We use Firebase App Check and cryptographic nonces to confirm that requests to our backend originate from a genuine, untampered instance of the FactGuard app. These integrity signals help us prevent fraud, abuse, and unauthorized API use. They do not include the content of your claims.
We maintain basic usage counters — such as the number of verifications you have run and your remaining free-tier quota — to operate fairness limits and to determine feature access for your subscription tier. We do not use third-party advertising or behavioral-analytics SDKs.
FactGuard Pro subscriptions are processed entirely by Apple Inc. through the App Store and StoreKit. We receive a cryptographically verified transaction signal indicating your subscription status (for example, active or lapsed). We do not receive your payment card number, Apple ID credentials, or billing address.
We do not use third-party analytics SDKs, advertising networks, or cross-app trackers. Standard operational logs generated by our backend and infrastructure providers (for example, function invocation counts and error logs) may be retained by those providers under their own retention policies for security and reliability. These logs do not contain the text of your claims on a per-user basis.
The app stores certain data locally on your device, including cached verification results, usage and quota counters, and your verification-mode preference (for example, on-device versus cloud). This data remains on your device (in mechanisms such as Keychain and local app storage) and is removed when you delete the app or delete your account.
| Purpose | Information used |
|---|---|
| Provide and operate the Service (authenticate you, process your claims, return verdicts and sources, manage your subscription tier) | Account identifiers, claims/queries, usage and quota data, subscription status |
| Account management (sign-in, sign-out, account deletion) | Account identifiers |
| Security, integrity, and fraud prevention | App Check and integrity signals, operational logs |
| Enforce fair-use limits and quotas | Usage and quota data |
| Communicate with you (respond to support and privacy requests, send required service notices) | Email address or contact identifier |
| Comply with legal obligations and enforce our Terms | As reasonably necessary |
We do not use your personal information for advertising, behavioral profiling, or sale to third parties.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on the following legal bases under Article 6(1) of the GDPR:
| Processing activity | Legal basis |
|---|---|
| Creating and maintaining your account | Performance of a contract — Art. 6(1)(b) |
| Processing the claims you submit to return a verdict | Performance of a contract — Art. 6(1)(b) |
| Verifying subscription status | Performance of a contract — Art. 6(1)(b) |
| Security, integrity, and fraud prevention | Legitimate interests — Art. 6(1)(f) |
| Enforcing quotas and fair use | Legitimate interests — Art. 6(1)(f) |
| Complying with legal obligations | Legal obligation — Art. 6(1)(c) |
Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms. You may object to such processing as described in Section 11.
We share personal information only with the service providers ("processors" and "sub-processors") listed below, each engaged to process data on our behalf under contractual data-protection terms. We disclose the AI processing providers truthfully here for transparency and regulatory compliance.
| Provider | Role | Data shared | Privacy information |
|---|---|---|---|
| Apple Inc. | Sign in with Apple, App Store and StoreKit subscription billing, app distribution | Apple user identifier, name; subscription transaction signals | apple.com/legal/privacy |
| Google LLC / Firebase | Firebase Authentication, backend cloud functions, App Check, AI inference (Google Gemini) | Account identifiers (email, phone, user ID); claim/query text (processed in transit, not stored per-user) | firebase.google.com/support/privacy |
| Groq, Inc. | AI inference (large-language-model processing) | Claim/query text (processed in transit, not stored per-user) | groq.com/privacy-policy |
| Cloudflare, Inc. | Website hosting, DNS, and email routing for [email protected] | IP addresses and standard web-traffic metadata; content of email you send to us | cloudflare.com/privacypolicy |
We may update our sub-processors from time to time. Material changes will be reflected in this Policy. Our AI processing providers are engaged solely to generate verdicts in response to your submissions and are contractually restricted from using your content to build or train their general-purpose models except as permitted by their applicable terms; we encourage you to review each provider's policy linked above.
We do not sell, rent, or trade your personal information. We may disclose information only:
We do not sell your personal information and we do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We have not done so in the preceding twelve (12) months. FactGuard contains no advertising, no advertising SDK, no cross-app tracking, and does not use the Apple Advertising Identifier (IDFA). Because we do not track you across other companies' apps or websites, we do not present an App Tracking Transparency (ATT) prompt.
We are based in the United States, and our sub-processors (including Google/Firebase, Groq, and Cloudflare) are headquartered in the United States and may process your information on servers located outside your country of residence. Where we transfer personal information from the EEA, the United Kingdom, or Switzerland to the United States, we rely on appropriate safeguards, which may include the EU-U.S. Data Privacy Framework and its UK and Swiss extensions (where a provider is certified) and the European Commission's Standard Contractual Clauses, together with supplementary measures as appropriate.
We retain information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.
You can permanently delete your account at any time from within the app: go to Profile → Delete Account. Deleting your account removes your authentication record (and revokes your Apple token if you used Sign in with Apple), clears local device data, and removes your associated account data from our systems. Account deletion is irreversible.
You may also email [email protected] to request access to, a copy of, correction of, or deletion of your personal information. We may need to verify your identity before fulfilling a request.
Subject to applicable law, you have the right to:
If you are a California resident, you have the right to:
To exercise these rights, email [email protected]. You may use an authorized agent to submit a request on your behalf, subject to verification.
Categories of personal information collected in the preceding 12 months: Identifiers (name, email, phone number, account user identifier, Apple/Google identifier); Commercial information (subscription status); and Internet or other electronic activity (claims/queries processed in transit; usage and quota counts). Business purpose: operating and securing the Service. Sources: directly from you and from your authentication and subscription providers. No personal information is sold or shared for cross-context behavioral advertising.
FactGuard is not directed to children under 13 years of age (or under 16 in the EEA, where a higher age applies), and we do not knowingly collect personal information from children below the applicable age. Consistent with the U.S. Children's Online Privacy Protection Act (COPPA), if we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete it promptly. If you believe a child has provided us personal information, contact [email protected].
We use reasonable technical and organizational measures designed to protect personal information, including:
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at [email protected].
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective date" and "Last updated" dates above and, where required by law, provide additional notice (for example, by email or an in-app notice). Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
For privacy questions, to exercise your rights, or to report a concern, contact:
We aim to respond to verifiable privacy requests within the timeframe required by applicable law (generally within 30 to 45 days).