Privacy Policy
Last updated: June 25, 2026
1. Introduction
UFact ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fact-checking service (the "Service").
We are a data controller under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (GDPR). If you are a California resident, this policy also describes your rights under the California Consumer Privacy Act (CCPA).
2. Information We Collect
We collect only the minimum information necessary to provide the Service:
- Account Information: When you sign up, we collect your name and email address through our authentication provider, Clerk. We do not store passwords on our servers.
- Statements You Submit: The text you submit for fact-checking is processed to provide results but is not used for any other purpose.
- Usage Data: We may collect anonymous usage data (e.g., page views, feature usage) to improve the Service. This data cannot be used to identify you personally.
3. How We Use Your Information
We use your information solely to:
- Create and maintain your account.
- Provide fact-checking results based on the statements you submit.
- Communicate with you about your account or the Service.
- Improve and troubleshoot the Service.
- Comply with legal obligations.
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following lawful bases:
- Performance of a contract: Processing your account information is necessary to provide the Service under our Terms of Service.
- Consent: Where required, we will ask for your consent before processing your data. You may withdraw consent at any time.
- Legitimate interests: We may process anonymous usage data for improving the Service, which is in our legitimate interest and does not override your rights.
5. Data Sharing and Disclosure
We do not sell your personal information. We do not share your personal information with third parties except:
- Service Providers: We use Clerk for authentication, Neon for database hosting, and Vercel for hosting the application. Each provider processes data only as necessary to perform their functions and under contractual obligations to protect your data.
- Legal Requirements: We may disclose information if required to do so by law or in response to valid legal requests by public authorities.
6. Data Retention
We retain your account information for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, subject to any legal obligations that require us to retain certain data for longer periods. Statements you submit for fact-checking are retained only as long as necessary to provide results and improve the Service.
7. Your Rights
Under the GDPR (UK & EU)
You have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct any inaccurate or incomplete data.
- Erasure: Request deletion of your personal data.
- Restriction: Restrict the processing of your data.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to the processing of your personal data.
To exercise any of these rights, contact us at somossaxio@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
Under the CCPA (California)
If you are a California resident, you have the right to:
- Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
- Delete: Request deletion of personal information we have collected.
- Non-Discrimination: Not be discriminated against for exercising any of your CCPA rights.
We do not sell your personal information. To exercise your CCPA rights, contact us at somossaxio@gmail.com.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit (TLS) and at rest, access controls, and regular security assessments.
9. International Data Transfers
Your data may be transferred to and processed in countries outside the EEA or UK. When we transfer your data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: somossaxio@gmail.com