FakeOrLegit Privacy Policy

Last updated: May 2026

What we collect:
- URLs you submit for scam analysis (stored as the hostname plus the resulting risk report)
- Message text you paste for analysis (stored only as a SHA-256 hash for deduplication — the raw text is never persisted)
- Anonymous request metadata (IP address, used solely for short-term rate limiting; not linked to any account)

What we do NOT collect:
- Account information (no accounts exist)
- Email addresses, names, or any other personally identifying information
- Browsing history beyond what you explicitly submit
- Authentication credentials, payment information, or location data
- Any data from pages you visit unless you explicitly right-click and choose "Check with FakeOrLegit"

How data is used:
- URL hostnames and risk reports power our public domain-report pages and improve our scam-pattern detection
- Message hashes are used only to cache repeat analyses
- No data is sold or shared with third parties for marketing or advertising

Third parties:
- The extension calls a single API at fakeorlegit.io
- We use OpenAI's API to generate the plain-English explanation for risk reports; only the URL or message text you submit is sent, never any identifying information about you
- No analytics or tracking SDKs are bundled in the extension

Data retention:
- URL/hostname data: retained indefinitely as part of our public scam-pattern database
- Message hashes: 30 days
- IP rate-limit data: 1 hour

Your rights:
- Since no account exists, there is no per-user data to export or delete
- To request removal of a specific URL or hostname from our public domain reports, contact info@aurabionics.com

Full policy and contact:
- https://www.fakeorlegit.io/privacy
- Operated by Aura Bionics Inc.