Privacy Policy

Trust Dossier helps you investigate claims using public sources and automated analysis. To do that, the Service processes what you submit (URLs, pasted text, uploaded files) on our servers and sends portions of that content to third-party APIs we configure (for example, search, page retrieval, and language models). We do not run Google Analytics in this codebase as of this writing.

We do not operate an in-app user database: there are no accounts or passwords in this app. Completed dossiers can be stored only in your browser (see below)—not on our servers as a personal “library” feature.

Your questions, pasted articles, URLs, and file uploads may include personal, sensitive, or legally protected information—whether or not you intend that. By submitting content, you understand it will be processed by our systems and, where applicable, by the third-party providers listed below. Do not submit information you are not allowed to share, or that you are not comfortable having processed for investigation and model-assisted analysis.

Investigation inputs. When you run an investigation, you may supply a URL, free-text (including long pasted articles), and/or a file (for example PDF or image, subject to size and type limits enforced in code). That content is sent to our API routes over HTTPS and processed to produce a dossier. It is not written to a user database in this app; processing happens for the request (and may appear in hosting or error logs—see below).

Feedback. If you use the feedback form on a dossier, you may send a usefulness rating, optional message, optional email, and automatically attached dossier metadata (for example page URL, user agent string, and a short hash preview). That submission is emailed through our email provider using credentials stored on the server.

Contact / privacy form. The form at the bottom of this page sends a message and optional reply-to email through the same provider (Resend). We include the page URL when you submit so we know where you wrote from.

Bot protection. We use Cloudflare Turnstile on forms and investigation flows. When you complete a challenge, a token is verified server-side with Cloudflare; we may forward a client IP (for example from cf-connecting-ip or x-forwarded-for) to Cloudflare as part of that verification, consistent with Turnstile’s documented behavior.

Rate limiting. API routes apply per-IP limits to reduce abuse. IP addresses are derived from the same forwarded headers when available.

Hosting logs. Our hosting provider (for example Vercel) may log requests, IPs, headers, and errors. We do not control their retention in detail; see your host’s privacy documentation.

Application logs. The server code may log errors to the runtime console (for example failed email or verification). Treat those as operational diagnostics, not a deliberate archive of your content.

Local storage in your browser. The app can save recent dossiers in localStorage for your convenience (“My Forensic History”) and may cache the last result. That data stays on your device unless you clear site data. We do not sync it to our servers.

To run investigations, prevent abuse, send optional feedback email, and maintain the Service. We do not sell your personal information. We do not use in-app advertising or third-party analytics scripts in this repository as of the effective date above.

Depending on configuration, the Service may call providers including but not limited to: OpenAI, Exa, Tavily, Serper, Bing Search, Cloudflare (Turnstile), Resend (email), fetches to public URLs you provide, and (for some flows) public domain metadata services such as Verisign RDAP. Each provider has its own terms and privacy policy; content you submit may be processed by their systems when those features are enabled via environment keys.

You should assume that any text or URLs you submit for analysis may be sent to or derived from those services for the purpose of retrieval, ranking, or model inference.

There is no account datastore in this app. Investigation payloads are processed for the duration of the request; retention on our side is essentially whatever the hosting platform and providers keep in logs or backups. Feedback emailed to us is retained like ordinary email. Browser-stored dossier history is under your control (clear site data to remove).

You can avoid submitting sensitive content. You can clear localStorage for this site to remove saved dossiers in your browser. You can use standard browser controls to block or delete cookies (Turnstile may require a working challenge—if you block required scripts, parts of the app may not work).

The Service is not directed at children under 13. Do not submit personal information about children in investigations unless you have the authority to do so.

We will update this page when practices change—for example if we add analytics, accounts, or server-side storage of investigations. The effective date at the top will change when we do. Continued use after changes means you accept the updated policy.

Privacy and general inquiries — use the form below. Messages are delivered through the same email system as in-app feedback (Resend), not via a mailbox at feedback@humanactually.com (that address is the sender identity; it may not receive email directly). If you leave your email, we can reply.

Other Human Actually contact options: humanactually.com.