Caveat AI

Privacy Policy

How Caveat AI handles your information.

Last updated: 13 June 2026

Caveat AI is designed to help people review AI generated answers more carefully. We take privacy seriously and aim to collect and store as little data as reasonably possible to provide the service.

This Privacy Policy explains what information we process, why we process it, how we protect it, and the choices you have.

1. Who we are

Caveat AI provides a browser extension and related web services that help users challenge and review AI generated answers.

For privacy questions, contact us at:

support@askcaveat.com

2. What Caveat AI does

Caveat AI allows you to request a critical review of an AI generated answer. When you choose to challenge an answer, the relevant text is processed so Caveat AI can generate a review.

Caveat AI does not read or process every webpage you visit. It is designed to work only on supported AI platforms and only for the purpose of providing its user facing review feature.

3. What we do not store

We designed Caveat AI to minimise retention of your AI content.

Caveat AI does not:

  1. store challenged AI answer text in our database;
  2. store generated critiques or review results in our database;
  3. store full page content, chat history or browsing history;
  4. log full user prompts, AI answers or provider responses in our operational logs.

4. What is processed transiently

When you click “Challenge this answer”, the extension sends the selected AI answer text to our backend so we can request a structured critical review from our AI processing provider.

That text is used only to produce the review for you in that session. We do not write that answer text or the resulting critique into our database.

5. Data we store

We store only what is needed to run the service, enforce plan limits and manage accounts.

Usage counters

We may store a browser or account identifier, plan tier, usage period and monthly review count.

We do not attach answer content to these records.

Browser link

If you link the extension to your account, we store the association between your browser identifier and your account identifier.

Subscription and billing metadata

We may store plan status, Stripe customer and subscription identifiers, and top up purchase metadata, such as credits granted and checkout session ID.

We do not store card numbers or full payment details. Stripe processes payments.

6. Chrome extension

The extension runs only on supported AI chat sites: ChatGPT, Claude, Gemini, CoPilot and Perplexity.

API requests from the extension are sent to Caveat AI’s backend. The extension does not contain our provider’s keys or database service credentials.

7. Website and authentication

The website uses Supabase for magic link sign in.

Privileged service credentials remain on the server only.

8. Payments

Paid plans and top ups are handled by Stripe.

Payment card details are collected and stored by Stripe, not by Caveat AI directly.

9. Operational logging

Server logs may include non content metadata such as request status, error type, route, timestamp and anonymised or shortened identifiers needed to debug issues.

We do not intentionally log full user content in these logs.

10. Information we process

We may process the following categories of information.

Account information

If you create an account or sign in, we may process information such as your email address, authentication status, plan type and account settings.

Challenge content

When you choose to challenge an AI answer, Caveat AI processes the text needed to generate the review. This may include the AI answer text and limited surrounding context required for the feature to work.

We do not use challenged content for any other purpose and it is not read by any humans. It is not used for advertising, training or any other purpose.

Technical and security information

We may process limited technical information such as error type, request status, device or browser information, IP derived security signals and server logs. This is used to keep the service secure, reliable and functioning properly.

Payment information

If you purchase a paid plan or top up, payment is handled by our payment provider. We do not intentionally store full card numbers or full payment credentials on our own systems.

Support messages

If you contact us, we may process your name, email address, message content and any information you choose to provide so we can respond.

11. What we do not do

Caveat AI does not:

  1. sell your personal data;
  2. use your data for third party advertising;
  3. track your general browsing history;
  4. collect passwords or payment card numbers through the extension;
  5. process webpage content unrelated to the extension’s core review feature;
  6. allow humans to read challenged content except where necessary for security, legal compliance, abuse investigation or support with your permission.

13. Legal bases for processing

Where UK GDPR or similar laws apply, our legal bases may include:

  1. Contract: to provide Caveat AI to you, including account access, usage limits and paid features.
  2. Legitimate interests: to secure, maintain and improve the service, prevent abuse and respond to business enquiries.
  3. Consent: where required, for optional communications or optional features.
  4. Legal obligation: where we need to comply with applicable law.

15. Chrome Web Store Limited Use statement

Caveat AI’s use of information received from Chrome extension permissions is limited to providing and improving the extension’s single purpose: helping users critically review AI generated answers.

Caveat AI does not transfer user data to third parties except where necessary to provide or improve that purpose, comply with applicable law, protect against fraud or abuse, or as part of a business transfer where legally permitted.

Caveat AI does not use or transfer user data for unrelated purposes or advertising.

16. Data retention

We keep personal information only for as long as reasonably necessary for the purposes described in this policy.

17. Security

We use reasonable technical and organisational measures to protect information, including secure transmission, restricted access and separation of sensitive backend credentials from the browser extension.

21. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and, where appropriate, provide additional notice.

22. Contact

For privacy questions or requests, contact:

support@askcaveat.com