Privacy Policy

Your privacy matters. Here's exactly what Vidocq collects, why, and how we protect it.

Last updated: February 2026

1. What We Collect

Vidocq collects only the data necessary to provide the fact-checking service:

  • Account information — your email address and a hashed password when you register.
  • Fact-check history — the tweet text you submit for analysis, along with AI-generated verdicts, confidence scores, and sources.
  • API keys (BYOK users) — if you bring your own API keys, they are stored encrypted on our servers so the extension can call AI providers on your behalf.
  • Payment information — handled entirely by Stripe. We never see or store your full card number. We receive only a Stripe customer ID and subscription status.
  • Usage data — basic metrics such as daily check counts for rate-limiting. We do not use analytics trackers or third-party cookies.

2. How We Store Your Data

Your data is stored and processed using Cloudflare's infrastructure:

  • Cloudflare Workers — all server-side logic runs on Cloudflare's global edge network.
  • Cloudflare D1 — account data, fact-check history, and settings are stored in a D1 SQLite database.
  • API key encryption — BYOK API keys are encrypted at rest using AES-256-GCM before being written to the database. They are only decrypted in memory during a fact-check request.
  • Passwords — stored as bcrypt hashes. We never store plaintext passwords.

3. Third-Party Services

Vidocq integrates with the following third-party services:

  • Stripe — processes Pro and Pro+ subscription payments. Stripe's privacy policy applies to all payment data. Stripe Privacy Policy
  • OpenAI — when you select a GPT model, the tweet text is sent to OpenAI's API for analysis. OpenAI Privacy Policy
  • Anthropic — when you select a Claude model, the tweet text is sent to Anthropic's API. Anthropic Privacy Policy
  • Google — when you select a Gemini model, the tweet text is sent to Google's Generative AI API. Google Privacy Policy

We send only the tweet text to AI providers — never your email, API keys, or personal information.

4. Chrome Extension Permissions

The Vidocq Chrome extension requests the following permissions:

  • Host permission for x.com / twitter.com — required to inject the fact-check button into tweet UI and read tweet text when you click it.
  • Storage — used to store your authentication token locally in the browser so you stay logged in.

The extension does not access browsing history, bookmarks, or any data on websites other than X/Twitter.

5. Data Retention & Deletion

  • Fact-check history is retained as long as your account is active.
  • You can delete individual fact-checks from your dashboard at any time.
  • To delete your entire account and all associated data, email team@vidocq.ai and we will process the deletion within 7 days.
  • If you cancel your subscription, your account and history remain accessible. Payment data is removed by Stripe per their retention policy.

6. Cookies

Vidocq does not use tracking cookies or third-party analytics. The only client-side storage used is a JWT authentication token in the browser's local storage, which is required to keep you logged in.

7. Children's Privacy

Vidocq is not intended for use by children under the age of 13. We do not knowingly collect personal information from children.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to registered users. The "Last updated" date at the top reflects the most recent revision.

Questions?

If you have any questions about this privacy policy or your data, contact us at team@vidocq.ai or visit our Contact page.