TrustMeter — Privacy Policy & Data Practices

Quick summary

Short version:

TrustMeter analyzes only content you ask it to analyze. It does not collect your identity or browsing history.
We store a randomly generated session ID in the browser localStorage for session lifecycle management. See Local storage.
Text and/or image content that you request to analyze may be sent to our backend for AI inference and evidence lookup. We do not keep personally identifying information tied to analysis requests.
Add this policy URL to your Chrome Web Store listing so reviewers and users can read it.

What data TrustMeter may access and why

TrustMeter analyzes only the content of the webpage the user is currently viewing. It does not store or track who the user is, what sites they visit over time, or any personal browsing profile. All content access is strictly for performing the misinformation analysis feature.

📌 How the extension interacts with webpage content

When a webpage loads, TrustMeter’s content script becomes active on that page. Depending on your settings, it can operate in two modes:

Auto analysis mode (default) — TrustMeter automatically extracts readable text from the page and sends it for analysis.
↳ This is done using an algorithm that strips away navigation, menus, ads, and non-content elements to identify the “main article text.”
Manual mode (privacy-first option) — No text is sent until you click the Analyze button in the extension popup or highlight specific text and choose Verify Claim.
↳ You can turn auto mode on/off at any time inside the extension popup settings.

🔍 What data is extracted

Data type	Accessed?	Stored?	Sent to server?	Purpose
Visible page article text (auto mode)	Yes (page load)	No (processed in-memory only)	Yes — sent only for analysis	Extracted using a readability algorithm. Used to generate: detected claims, fact-check results, supporting URLs, and a page trust score.
Selected text (manual verify mode)	Yes (only on user selection)	No	Yes — sent only when the user manually triggers “Verify Claim”	Allows users to verify specific paragraphs, statements, or claims instead of the entire page.
Images on webpage (manual verify mode)	Yes (only when user clicks analyze icon)	No	Yes — image URL or encoded bytes sent for analysis	Enables AI reverse-search and deepfake detection to determine authenticity and context of the image.
Session identifier (`trustmeter_session_id`)	Yes	Stored locally in browser only (`localStorage`)	Sent as a session tag with each analysis request	Used to match incoming analysis responses to the correct webpage and allow session cancellation if the user leaves the page.
Browser history, personal profile, IP address	No	No	No	TrustMeter does not collect anything that identifies the user personally.

🧠 Technical flow (step-by-step)

    1. User opens a webpage.
    2. TrustMeter injects a content script into that webpage.
    3. In auto mode: readable page text is extracted automatically.
    In manual mode: extraction happens only when user requests.
    4. A temporary session ID is created and kept locally.
    5. Extracted text or selected text/image is sent securely to our backend.
    6. Backend runs misinformation checks using AI and fact-check APIs.
    7. Results are returned to the extension UI and shown to the user.
    8. Temporary data is discarded after the analysis completes.

🗂️ Local storage usage (never synced)

The only entry stored is a randomly generated session ID, e.g.:

    trustmeter_session_id = "8fd9a312-83fe-4df7-b57a-7c9f89e17ce5"

This ID is:

Not tied to any user identity
Never sent to third parties
Cleared automatically when the analysis session ends or the user closes the tab

The extension does not log browsing behavior or track navigation between sites. It only accesses content on the active tab, and only for the purpose of performing the misinformation detection feature.

Data Flow — How Information Moves Securely

The diagram below describes the lifecycle of data when TrustMeter performs an analysis. Every step is designed to prioritize transparency, user control, and privacy protection.

Page interaction: When a user opens a webpage, TrustMeter’s content layer reads only the visible text elements that make up the primary article or post. If the user has enabled automatic analysis, this text is processed immediately; if disabled, nothing is sent until the user clicks Analyze or selects specific text or an image for verification.
Session initialization: Each analysis session is assigned a short-lived, randomly generated identifier. This ID ensures that results can be routed back to the correct tab or user interface without linking any personal or identifiable information. The ID exists only within the user’s browser storage and is not used for tracking or profiling.
Secure data transmission: When an analysis is triggered, only the extracted content (text snippet or image reference) and the anonymous session ID are sent to TrustMeter’s backend API over an encrypted HTTPS connection. The transmission does not include cookies, browsing history, or other metadata about the user or their device.
Cloud-side analysis: The backend applies multiple AI-based checks to evaluate credibility — including factual verification against reliable sources, claim detection, and content scoring. These processes happen in isolated containers with strict access controls. The analyzed data is treated as ephemeral and is not stored once the response is returned.
Response delivery: The backend returns only the computed trust score, fact-check insights, and summarized evidence. These results are displayed directly in the extension interface without storing user identity or session history.
Temporary caching & domain trust updates: To improve future accuracy, the system may temporarily cache non-personal insights such as the credibility rating of public domains or common sources. These aggregated records contain no personal identifiers and cannot be used to reconstruct user behavior.
Session termination: When the user navigates away or closes the tab, the active session is automatically ended and any temporary identifiers or cached data associated with it are cleared.

At every stage, TrustMeter’s architecture ensures that only the minimal data necessary for misinformation detection is processed. No personal user data, browsing history, or identifying information is ever retained or sold.

Storage, Retention & Deletion of Data

🔒 Client-side (stored on the user’s browser)

TrustMeter stores exactly one value locally in the user's browser:

trustmeter_session_id = "randomly generated UUID"

This ID is created by the extension using the browser’s secure random generator (crypto.randomUUID()).
It is stored in localStorage so the extension can associate responses from the backend with the correct tab/session.
The ID cannot be used to identify the user personally — it contains no personal information, browsing history, or device data.
When the browser tab is closed or the user navigates away, the extension automatically ends the session and clears the ID.

🔗 Code responsible for session creation and clearing is available here:
/app/content.js

☁️ Server-side (handled by the TrustMeter backend)

The backend only receives the content required for misinformation analysis (the selected text, extracted page text, or image reference) **along with the anonymous session ID**.

Retention behavior:

Analysis data exists only temporarily — just long enough to generate a rating and deliver results back to the user.
Once the analysis is complete, the content is automatically discarded and not logged against any user or profile.
In rare cases, the backend may store aggregated source credibility scores (e.g., domain-level trustworthiness), but those values:
- contain no personal or session-level data,
- cannot be tied back to any user or analysis request.

🔗 Backend logic that handles analysis and transient processing:
/backend/misinfo_model.py

🧹 Data deletion & user rights

TrustMeter was built to avoid storing personal data. However, if you believe an analysis request should be removed (for example, if server infrastructure retained logs temporarily), you may request deletion.

To request deletion:

Open the Developer Tools → Application → Local Storage panel in Chrome.
Locate the value of trustmeter_session_id.
Email us the following:
- your trustmeter_session_id
- approximate time of the analysis

📧 aks7aynair@gmail.com
We will investigate and respond within 30 days.

No personal data is required to submit a deletion request — only the anonymous session ID.

Third-Party Services

TrustMeter uses third-party cloud and AI providers only to perform misinformation analysis (for example, verifying claims or checking credibility of a news source). These services process only the text or image content you choose to analyze. They never receive personal information about you, your identity, or your browsing history.

Services involved in processing

AI Model Providers Used to evaluate content and produce trust / credibility analysis. (Examples: Google Gemini, Google Vertex AI)
Public Fact-Checking Aggregators Used to look up existing fact-checks published by trusted organizations. (Examples: Google Fact Check Tools API)
Search Index Providers Used to locate supporting or contradicting evidence from reputable sources. (Examples: Google Custom Search)
Cloud Compute Hosting Our secure backend infrastructure temporarily processes analysis requests. (Examples: Google Cloud Run)

These providers may temporarily process the content you send (text or image reference), but they do so only to fulfill the analysis request. They do not receive:

Your name
Your email
Your browsing history
Any data that identifies who you are

None of these services store user profiles or track behavior across websites. TrustMeter does not sell user data or share personal data with any third-party service.

🔗 For transparency, the backend logic is open-sourced:
View backend analysis code on GitHub →

If we ever add or replace third-party services, this privacy policy will be updated accordingly.

Legal basis & compliance (GDPR / CCPA)

GDPR: TrustMeter’s processing is based on user consent (explicit action to analyze content) and legitimate interest (providing the analysis feature). Users in the EU can request access or deletion as described under User rights.

CCPA: Residents of California have rights to request disclosure of categories of personal information collected, request deletion, and opt out of sale. We do not sell personal information.

This policy is not a substitute for legal advice. If you require legal compliance review for particular jurisdictions, consult with counsel.

Frequently Asked Questions (FAQ)

🔍 Does TrustMeter read everything I browse?

No. TrustMeter only reads the visible text and images on the webpage you are currently viewing, and only for the purpose of analyzing misinformation.

TrustMeter operates in two modes:

Automatic mode (default): the extension extracts readable text when a page loads and processes it to generate an initial trust score.
Manual mode (privacy-first option): no content is analyzed unless you click Analyze or highlight and select text → Verify Claim.

You can switch between these modes at any time from the extension settings.

🎯 Can I analyze only a specific part of the page?

Yes. Instead of analyzing the whole page, you can highlight a paragraph or sentence and right-click:

→ Verify Claim with TrustMeter

The extension will analyze only the text you selected instead of the full page.

🖼️ Does TrustMeter analyze images?

Yes — but only if you click the TrustMeter overlay on the image. Image URLs or encoded image bytes are sent only when you choose to verify them.

👁️ Does the extension monitor my browsing or track which websites I visit?

No. TrustMeter does not track or log your browsing activity. We do not store:

your browsing history
which websites you open
how often you visit a site

Analysis happens only on the active tab you choose.

🆔 Do you collect personal data like my name, email, IP address, or identity?

No — TrustMeter does not collect any personal information.

Standard cloud providers (such as Google Cloud) may temporarily log basic data like an IP address as part of normal network operation, but this information is:

not stored by the TrustMeter backend
not linked to analysis results or sessions
not used to profile or identify users

🔐 What is stored on my device?

Only an anonymous, temporary session ID is stored locally:

trustmeter_session_id = "randomly_generated_UUID"

This ID exists only to link backend results to your browser tab and is cleared automatically when you close the tab.

☁️ What happens to the data sent to the backend for analysis?

Text and images are processed securely, only for the duration of the analysis. Once results are returned, the content is discarded and not stored.

In some cases, high-level domain credibility scores (e.g., "nytimes.com is rated credible") may be stored — but:

these do not include your session data
these cannot be used to reconstruct what you analyzed

🚫 Do you sell or share any user data with advertisers or third parties?

No. Never.

TrustMeter does not:

sell user data
share data with advertisers
build profiles or tracking graphs

⚙️ Which services help process the analysis?

TrustMeter uses secure cloud and AI providers (e.g., Google Cloud, Vertex AI, Gemini, Fact Check APIs) only to perform misinformation evaluation. They receive only the text/image being analyzed — never personal or account data.

Backend transparency (open-source): View the processing code on GitHub →

🧹 How can I delete my data or opt out?

You can stop all analysis immediately by:

turning off auto-analysis in the extension UI, or
uninstalling the extension

If you believe a server log temporarily retained information, you may request deletion. Include your temporary trustmeter_session_id (found in browser localStorage).

📧 aks7aynair@gmail.com

We will review and respond within 30 days. No personal information is required to submit a deletion request.

Contact & reporting

For privacy or support inquiries:

Email: aks7aynair@gmail.com

Provide the session ID (if applicable) and the approximate timestamp of the analysis to help us locate any transient logs.

Changelog

10 November 2025 — Initial privacy policy for TrustMeter v1.0.