Privacy Policy

Effective date: April 5, 2026

Digital Grandson ("we," "our," or "us") is committed to protecting your privacy. This policy explains in plain English what we collect, what we don't collect, and how we handle your information.

What we collect

• Page content for analysis. When you click "Analyze," the text content of the current web page is sent to our AI provider for analysis. This content is processed in real time and discarded within 24 hours. We do not permanently store the content of any page you analyze.
• Image and video URLs for AI detection. When you use the image/video AI detection feature, the URL of the media is sent to up to three third-party detection services: Sightengine (pixel-level AI detection), Hive AI (AI generation and deepfake classification), and Google Gemini (visual artifact analysis). Only the media URL is sent to Sightengine and Hive. For Gemini Vision, the image or video may be downloaded by our server and sent as data to the Gemini API. We also check embedded metadata (C2PA Content Credentials and IPTC/XMP) locally on our server — no third-party service is involved for those checks.
• Account email. If you create an account or purchase a subscription, we collect your email address to manage your account and send you important updates (like receipts or security notices).
• Anonymous analysis count. We keep a count of how many analyses have been performed to manage free-tier limits. This count is not linked to the content of any specific page.
• Server-side caching. Analysis results may be cached on our servers for up to 24 hours to improve performance and reduce redundant API calls. Cached results are keyed by page URL and are automatically deleted after expiry.
• Analytics. We collect anonymous usage statistics to improve our service, including page views on our website, button clicks, and feature usage. We do not use cookies or tracking pixels. Visitor counts use a daily-rotating hash that cannot identify you personally.
• Analysis telemetry. When you analyze a page, we record the domain name (e.g., "reuters.com"), the verdict category, and a general score range. We do not record the full URL or any text from the page. This helps us understand how our analysis performs and improve accuracy.
• Scan database. Each page analysis and media scan result is stored in our database with: the URL or domain scanned, the verdict or AI detection scores from each service, a short text snippet (first 500 characters of analyzed text, for context only), media URL (if applicable), the full analysis response, and which AI model was used. This data is retained indefinitely and used solely to assess our tool's effectiveness and improve detection accuracy over time. After 90 days, scan records are automatically anonymized: any user ID or visitor identifier is permanently removed, so the remaining data (URLs, scores, verdicts, text snippets) describes public web content and cannot be linked back to you.
• Scan feedback. After any scan, you may optionally submit a thumbs-up or thumbs-down rating, plus an optional short comment (up to 200 characters). This feedback is linked to the scan result (not to your identity) and is used to identify false positives/negatives and improve detection accuracy.
• Waitlist email. If you join our waitlist, we store your email address to notify you about new features. You can request removal at any time.

What we do NOT collect

• Browsing history. We do not passively monitor your browsing. When you analyze a page, we record only the domain name for aggregate statistics — never the full URL, page content, or your browsing patterns.
• Personal data beyond your email. We don't collect your name, address, phone number, or any other personal information unless you voluntarily provide it (for example, in a support email).
• Full page content. We do not keep full copies of the web pages you analyze. A short text snippet (first 500 characters) is retained as part of the scan record for quality assessment; the full page content is sent to the AI provider, analyzed, and discarded.

We never sell your data

Your data is never sold. Period. We do not sell, rent, or share your information with advertisers, data brokers, or any third party for marketing purposes. We do not engage in ad targeting of any kind.

Third-party services

AI providers for text analysis

Digital Grandson uses third-party AI services to analyze page content. The specific provider depends on your mode of use:

• Managed mode (proxy): When using our managed service, page text you analyze is sent to Anthropic (Claude) via our backend servers for AI processing. Anthropic processes the text and returns an analysis. We select Anthropic because they commit to not using API inputs for model training. Anthropic's usage policy applies to this data.
• BYOK mode (Bring Your Own Key): You choose your own AI provider and the extension sends page text directly from your browser to that provider. Supported providers are Anthropic (Claude), OpenAI (GPT), Google (Gemini), and Moonshot (Kimi). Each provider has its own data handling policies.

Media AI detection services

When you scan an image or video for AI-generated content, we use multiple detection services in parallel for accuracy:

• Sightengine: The media URL is sent to Sightengine for pixel-level AI generation and deepfake analysis. In BYOK mode, your credentials are sent directly from your browser; in managed mode, our server-side credentials are used.
• Hive AI: The media URL is sent to Hive Moderation for AI-generation classification and generator identification (e.g., Midjourney, Stable Diffusion). Hive processes the media at the URL and returns confidence scores.
• Google Gemini Vision: The image or video may be downloaded by our server and sent to the Google Gemini API for visual artifact analysis (e.g., anatomical errors, garbled text, impossible geometry). Videos are capped at 15MB. In BYOK mode, your Gemini API key is used directly from your browser for images only.
• C2PA / IPTC metadata: Our server downloads the media file header to check for Content Credentials (C2PA) and IPTC/XMP metadata declarations. These checks are performed locally on our server — no third-party service is involved.

Clerk (authentication)

For paid users, we use Clerk to handle account authentication and session management. Clerk processes your email address and authentication tokens. Clerk does not have access to your analysis data or browsing activity.

Stripe (payment processing)

Payments are processed by Stripe, a PCI-compliant payment processor. Stripe handles all credit card information directly. We never see, store, or have access to your full card numbers. Stripe processes your payment details, email, and billing address as needed to complete transactions.

Third-party privacy policies

We encourage you to review the privacy policies of our third-party service providers:

• Anthropic Privacy Policy
• OpenAI Privacy Policy
• Google Privacy Policy
• Moonshot Privacy Policy
• Sightengine Privacy Policy
• Hive AI Privacy Policy
• Clerk Privacy Policy
• Stripe Privacy Policy

Feedback data

If you submit feedback through the extension (either via the general feedback form or per-scan thumbs-up/down ratings), we collect your rating, message text, and optionally your email address (if you choose to provide it). Per-scan feedback is linked to the scan result but not to your personal identity. This data is stored on our servers and used solely to improve Digital Grandson's accuracy. We do not share feedback data with third parties.

Data retention

• Extension cache: Cached analysis results expire after 5 minutes and are stored only on your device.
• Server cache: Server-side analysis cache expires based on TTL settings (up to 24 hours) and is automatically deleted after expiry.
• Analytics and telemetry: Retained for up to 12 months, then automatically purged.
• Scan records: Retained indefinitely to assess tool effectiveness and improve detection accuracy. After 90 days, user-identifying fields (user ID, visitor hash) are permanently stripped. The remaining anonymized data — URLs, verdicts, scores, text snippets, and service results — describes public web content and is not linked to any individual.
• Waitlist emails: Retained until you request removal.
• Page content: Raw page content is not permanently stored. The first 500 characters may be retained as part of the scan record (see above).

Local data vs. backend data

Digital Grandson stores data in two places:

• On your device (local): API keys, settings, analysis cache, and trial counter are stored in your browser via chrome.storage.local. Clearing your browser data or uninstalling the extension removes all of this.
• On our servers (backend): If you use managed mode or the free tier, scan results are logged in our database as described above. Clearing your local data or uninstalling the extension does not delete backend scan records. These records are automatically anonymized after 90 days. Automated self-service deletion of backend data is not currently available — to request deletion, email hello@digitalgrandson.ai.
• BYOK mode: If you use Bring Your Own Key mode exclusively, your analysis requests go directly to your chosen provider and are not logged in our backend database (except for C2PA/IPTC metadata checks, which are processed server-side).

Data storage and security

Your API keys (if you use your own) are stored locally on your device using Chrome's built-in secure storage. They are never transmitted to our servers. Account information is stored securely with industry-standard encryption.

Your rights

Depending on where you live, you may have certain rights regarding your personal data under laws such as the GDPR (EU/EEA) and CCPA (California). These rights may include:

• Right to access: You can request a copy of the personal data we hold about you.
• Right to deletion: You can request that we delete your personal data.
• Right to correction: You can request that we correct inaccurate personal data.
• Right to data portability: You can request your data in a structured, machine-readable format.
• Right to opt out of data sales: We do not sell your personal data. Period.

To exercise any of these rights, email us at hello@digitalgrandson.ai. We will respond to your request within 30 days.

Deleting your data

You can delete your local extension data at any time by clearing your browser's extension storage or uninstalling Digital Grandson. This removes all API keys, settings, cache, and history from your device.

For backend data: scan records are automatically anonymized after 90 days (user-identifying fields are permanently removed). If you would like your backend records deleted before anonymization occurs, or if you want to delete your account entirely, email hello@digitalgrandson.ai and we will process your request within 30 days.

Children's privacy

Digital Grandson is not intended for use by children under 13. We do not knowingly collect information from children under 13.

Changes to this policy

If we make significant changes to this privacy policy, we will notify you through the extension or by email. We will always post the updated policy on this page with a new effective date.

Contact us

If you have any questions about this privacy policy or how we handle your data, please reach out:

Email: hello@digitalgrandson.ai