Privacy Policy

Last updated: April 8, 2026

Overview

FaceFact is a Chrome extension that provides AI-powered fact-checking for Facebook posts. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

Data We Collect

• Email address — provided during registration to create your account and send an activation link.
• Facebook post text — the text content of posts you choose to fact-check. This is sent to our backend server for analysis and is not stored permanently.

Data We Do NOT Collect

• We do not collect your Facebook credentials or login information.
• We do not track your browsing history or activity outside of the fact-check action you initiate.
• We do not collect personal information from Facebook posts (e.g., names, photos, or friend lists).
• We do not sell or share your data with third parties for advertising purposes.

How We Use Your Data

• Email — used solely for account activation and session management. We do not send marketing emails.
• Post text — sent to our server, processed through an AI pipeline (via OpenRouter API) and web search (via Serper.dev) to generate a fact-check verdict, then discarded. Results are cached temporarily (up to 1 hour) to avoid duplicate processing.

Third-Party Services

We use the following third-party services to provide fact-checking functionality:

• OpenRouter — AI model routing for claim analysis and verdict generation.
• Serper.dev — web search API for finding evidence related to claims.
• Resend — email delivery for account activation.

These services receive only the minimum data necessary to perform their function. Please refer to their respective privacy policies for details on their data handling practices.

Data Storage and Security

• User accounts (email and session tokens) are stored in a SQLite database on the server.
• All communication between the extension and our server uses HTTPS encryption.
• Session tokens are generated using cryptographically secure random UUIDs.

Your Rights

You may request deletion of your account and associated data by contacting us. Since we store minimal data (only your email and session token), deletion is straightforward.

Host Permissions

The extension requests access to *.facebook.com solely to detect Facebook posts and inject the fact-check button. It does not access any other websites.

Changes to This Policy

We may update this policy from time to time. Changes will be reflected by updating the "Last updated" date above.

Contact

If you have questions about this privacy policy, please send a direct message to @3tsdev on X.