Skip to main content
Rhetoric Audit logo
Back to Home

Privacy Policy

Effective Date: May 6, 2026 — Immortal Reality PA LLC

1. Introduction

Immortal Reality PA LLC ("we", "our", or "us") operates the Rhetoric Audit Chrome extension and website at www.rhetoricaudit.com (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights with respect to that information.

By installing the extension or using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2a. Account Information

To use Rhetoric Audit, you create a free account using your email address. We collect:

  • Email address — used for account authentication via Supabase. We do not collect your name, phone number, or payment information unless you purchase additional credits.
  • Analysis credit balance — the number of remaining analysis credits associated with your account, stored in our database.
  • Authentication tokens— a secure session token is stored locally in your browser's chrome.storage.local to keep you signed in across sessions. This token is never transmitted to third parties.

2b. Anonymous Device Identifier

On first installation, the extension generates a random anonymous device identifier using crypto.randomUUID(). This ID:

  • Is stored in chrome.storage.local under the key ra_device_id.
  • Is sent with every analysis request to rhetoricaudit.com/api/analyze to enforce anonymous daily usage quotas and prevent abuse.
  • Is not linked to your identity, IP address, or any personal information.
  • May be re-attributed to your account if you later create an account, so that prior anonymous scans can be associated with your history.

2c. Local Browser Storage (chrome.storage.local)

The extension stores the following data locally in your browser. This data never leaves your device except where explicitly noted:

  • ra_device_id — anonymous installation UUID (see §2b above).
  • ra_user_id — your account user ID (only set after sign-in).
  • ra_email — your account email address (only set after sign-in).
  • ra_access_token / ra_refresh_token — Supabase session tokens used to authenticate API requests. Stored locally; not transmitted to third parties.
  • ra_credits_balance — your current analysis credit balance, cached locally for display.
  • ra_analyses — a local cache of up to 200 of your past forensic reports (JSON), stored for offline/history access.
  • ra_dismissed_urls — a list of up to 500 URLs where you have dismissed the Rhetoric Audit pill, so it does not reappear.
  • ra_pending_text / ra_pending_url / ra_pending_title — temporary fields set when you right-click to analyze a text selection. Cleared after the popup reads them.

2d. Data Collected During an Analysis

When you click the Rhetoric Audit icon or use the context menu to analyze an article, the following occurs:

  • Article text extraction — the extension reads the visible text content of the current webpage. Up to 6,000 characters of article text is extracted from the DOM.
  • Transmission to our backend — the extracted article text, the article URL, the page title, your anonymous device ID (ra_device_id), and — if you are signed in — your user ID, are sent over HTTPS to our analysis API at rhetoricaudit.com/api/analyze. Article text is not sent to any third party directly by the extension.
  • AI processing — our backend forwards the article text to OpenRouter for analysis. OpenRouter routes the request to our selected AI model (GPT-4.1 Nano). The article text may be processed by OpenRouter and its underlying model providers subject to their respective data handling policies.
  • Analysis result storage — the resulting forensic report (13 diagnostic metrics in JSON format) is stored in our Supabase database under your account. This includes: the article URL, analysis timestamp, and all 13 metric scores. The raw article text is not stored after the analysis is complete.
  • Credit deduction — one analysis credit is deducted from your account balance per successful analysis.

2e. Usage Data

We collect anonymized usage statistics including feature interactions and error logs to improve the Service. This data is not linked to your identity.

3. How We Use Your Information

We use the information collected solely to:

  • Authenticate your account and maintain your session.
  • Process article text through our AI analysis pipeline and return the forensic report.
  • Store your analysis history so you can revisit past reports in your dashboard.
  • Track and manage your analysis credit balance.
  • Improve the accuracy and performance of analysis outputs.
  • Diagnose technical issues and maintain service reliability.

We do not sell, rent, or share your personal information or analyzed content with third parties for marketing or advertising purposes.

4. Data Storage & Security

Your account data and analysis history are stored in Supabase, a cloud database provider, using Row-Level Security (RLS) — meaning your data is only accessible to your own authenticated session. No other user or administrator can query your analyses directly through the API.

All data in transit is encrypted via HTTPS/TLS. Authentication is handled via Supabase's email-based auth system. We implement reasonable technical and organizational measures to protect your information against unauthorized access, loss, or misuse. However, no method of transmission over the internet is 100% secure.

5. Data Sharing & Third-Party Services

We do not sell or rent your personal data. The Service shares data with the following third-party providers solely to operate the Service:

  • Supabase — database and authentication provider. Data shared: your email address, hashed password (if using email auth), account user ID, analysis credit balance, and forensic report results (article URL, timestamp, 13 metric scores). Raw article text is never stored in Supabase.
  • OpenRouter — AI model routing service used for analysis processing. Data shared: the extracted article text (up to 8,000 characters) and the article URL. OpenRouter routes this to GPT-4.1 Nano (OpenAI) subject to their respective data handling policies. Your personal identity, email, or device ID is not shared with OpenRouter.
  • Vercel — cloud hosting and edge delivery for the Rhetoric Audit website and API. Data shared: all HTTP requests to rhetoricaudit.com pass through Vercel infrastructure, including standard request metadata (IP address, browser user agent, request path). Vercel may log this data per its own privacy policy.

We encourage you to review the privacy policies of these providers before use. We are not responsible for the data practices of third-party services.

6. Chrome Extension Permissions — Why We Need Them

Chrome displays a warning that the extension can "Read and change all your data on all websites." Here is exactly why each permission is required:

  • Access to all websites (host permission) — Rhetoric Audit is an ambient article scanner. It detects news and opinion articles on any website you visit and shows a risk score pill. Without access to all websites, it could only work on a pre-approved list of domains — defeating its purpose. We read only the visible article text. We do not read passwords, form inputs, financial data, or any other personal information.
  • activeTab + scripting — used to inject the analysis panel and risk pill into the current page. Only activated when an article is detected.
  • storage — stores your session token, credit balance, and dismissed-URL list locally in your browser. No data leaves your device via this permission.
  • contextMenus— adds a right-click "Analyze selection" option so you can analyze highlighted text.

We collect zero browsing history. The extension does not log which sites you visit. It only processes a page when article content is detected and you have not dismissed that page.

7. Data Retention

Raw article text submitted for analysis is not stored after the analysis is complete. Analysis results (the 13 diagnostic metrics, article URL, and timestamp) are retained in your account history until you delete your account or request deletion. Anonymized usage logs may be retained for up to 90 days.

8. Your Rights

You have the right to:

  • Request access to the personal data we hold about you.
  • Request deletion of your account and associated analysis history.
  • Withdraw consent at any time by uninstalling the extension and contacting us to delete your account.

To exercise any of these rights, contact us at the address below.

9. Children's Privacy

Our Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the effective date at the top of this page. Continued use of the Service after changes constitutes your acceptance of the revised policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:

Immortal Reality PA LLC

palash@rhetoricaudit.com