We built CRITH to protect your thinking, not to harvest your data. This policy explains exactly what we collect, how we use it, and what we never do.
Your email address, full name if provided, and an encrypted password that is never stored in plain text. If you sign in with Google, we store your OAuth token.
When CRITH intercepts a prompt, we store the prompt you typed at that moment, your answer in the CRITH overlay, whether you attempted, skipped or reflected, which AI platform you were using, the timestamp of each interception, and your Thinking Strength Score for that session.
We collect your IP address, browser type and version, device type and operating system, session duration, and the version of the CRITH extension you are running.
We track how often you use CRITH, which AI platforms you use it on, and your session frequency and patterns to improve the product experience.
We never collect the AI's response to your prompt, your browsing history outside of AI platforms, any content from pages you visit that are not AI platforms, or audio or screen recordings. We also never collect credit card or payment information directly. We use Stripe for payments and never see your full card details. We collect no data from outside the CRITH interception moment.
Your data is used to calculate and display your Thinking Strength Score, sync your stats across devices when logged in, improve interception accuracy and classification, send account confirmation and product update emails, analyze usage patterns to improve the product, and prevent abuse and enforce rate limits.
We never sell your data to third parties. We never use your prompts to train AI models. We never share your data with advertisers. We never share individual user data with any third party except as required by law.
Supabase handles our database and authentication storage. Google OAuth is available if you choose to sign in with Google. Anthropic API classifies your prompts. Prompts are sent to Anthropic for classification but are not stored by Anthropic beyond their standard API terms. Stripe processes payments for Pro subscriptions. We never see or store your full card details. Vercel hosts and deploys the CRITH website.
Your account data is kept as long as your account is active. You can delete your account at any time from your account settings. All associated data including prompts and scores is permanently deleted within 30 days of account deletion. We may retain anonymized aggregate data that cannot be linked back to you.
All data is encrypted in transit via HTTPS. Passwords are never stored in plain text. We use Supabase's enterprise-grade security infrastructure. We will notify you by email within 72 hours if we become aware of a data breach affecting your account.
CRITH is not intended for users under 13. We do not knowingly collect data from anyone under 13. If you believe a child under 13 has created an account, contact us and we will delete it immediately.
You have the right to access all data we hold about you, correct any inaccurate data, delete your account and all associated data, export your data in a readable format, and opt out of product update emails at any time. For European users, all GDPR rights apply.
We will notify you by email if we make any significant changes to this policy. Continued use of CRITH after changes means you accept the updated policy.
For any privacy questions or data requests, email us at team@crith.app