Grain of Salt

Company: NOVUS DESIGN PTY LTD (ACN 695 371 236)
Location: New South Wales, Australia
Contact: admin@novusdesign.com.au

1. INTRODUCTION

This Privacy Policy explains how Grain of Salt ("we," "our," or "us") collects, uses, stores, and protects your personal information when you use our browser extension and web platform (collectively, the "Service").

We are committed to protecting your privacy and complying with:

Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth)
General Data Protection Regulation (GDPR) (EU)
California Consumer Privacy Act (CCPA) (USA)

By using Grain of Salt, you consent to the practices described in this Privacy Policy.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Information: When you create an account, we collect your email address, username, and password.
User-Submitted Content: When you use the "Analyse" feature, we collect the content you submit for fact-checking, including:
- URLs of articles or social media posts
- Text excerpts from web pages
- Screenshots you upload
- Any other content you choose to analyse

2.2 Information Collected Automatically

Usage Data: We collect information about how you interact with the Service, including:
- Analysis history (the fact-checks you run)
- Timestamps of analyses
- Credibility scores generated
Authentication Data: We use cookies and local storage to maintain your login session between the Grain of Salt web app and browser extension.
Device Information: We may collect basic device information such as browser type, operating system, and IP address for security and service improvement purposes.

2.3 The "Tabs" Permission — What We DO and DO NOT Do

IMPORTANT DISCLOSURE: The Grain of Salt browser extension requests the "tabs" permission to enable the Side Panel to function persistently across browser tabs.

What We DO NOT Do:

We DO NOT passively log, monitor, or store your browsing history.
We DO NOT track which websites you visit unless you actively choose to analyse them.
We DO NOT sell or share your browsing data with third parties.

What We DO:

We ONLY access the URL and content of the specific tab you are viewing at the moment you click "Analyse" or otherwise interact with the extension.
This data is processed solely to generate a credibility score for the content you have chosen to fact-check.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 To Provide the Service

Process your fact-checking requests and generate credibility scores.
Maintain your analysis history so you can review past fact-checks.
Sync your login session between the web app and browser extension.

3.2 AI Processing and Third-Party Services

User-submitted content (text, URLs, screenshots) is sent to our servers and third-party AI providers (including OpenAI and other large language models) strictly for the purpose of generating credibility scores.
Data is NOT used to train public AI models. We do not permit third-party AI providers to use your submitted content for model training purposes.
All AI processing is conducted in accordance with our agreements with third-party providers, which include confidentiality and data protection obligations.

3.3 To Improve the Service

Analyse aggregated, anonymised usage data to improve our algorithms and user experience.
Conduct research and development to enhance fact-checking accuracy.

3.4 To Communicate with You

Send you service-related notifications (e.g., updates to this Privacy Policy).
Respond to your enquiries and support requests.

3.5 Legal Compliance

Comply with applicable laws, regulations, and legal processes.
Protect our rights, property, and safety, and that of our users.

4. COOKIES AND TRACKING TECHNOLOGIES

4.1 Cookies We Use

We use cookies and similar storage technologies for the following purposes:

Authentication Cookies: To keep you logged in across the web app and browser extension.
Session Management: To maintain your preferences and settings.

4.2 What We DO NOT Use Cookies For

We DO NOT use cookies for advertising or ad tracking.
We DO NOT use third-party tracking cookies to monitor your behaviour across other websites.

4.3 Managing Cookies

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of the Service, particularly the ability to stay logged in.

5. DATA RETENTION AND DELETION

5.1 How Long We Keep Your Data

Account Information: Retained for as long as your account is active, or as required by law.
Analysis History: Saved to your account so you can review past fact-checks. You can delete individual analyses or your entire history at any time through your account settings.
Submitted Content: Temporarily stored on our servers for processing, then deleted within 30 days unless saved to your analysis history.

5.2 Your Right to Delete

You can delete your analysis history at any time through your account settings. To delete your entire account and all associated data, contact us at admin@novusdesign.com.au.

6. DATA SHARING AND DISCLOSURE

6.1 Third-Party AI Providers

We share user-submitted content with third-party AI providers (e.g., OpenAI) solely for the purpose of generating credibility scores. These providers are contractually obligated to:

Use the data only for the specified purpose.
Not use the data to train public AI models.
Maintain appropriate security measures.

6.2 Service Providers

We may share your information with trusted service providers who assist us in operating the Service (e.g., hosting providers, analytics services). These providers are bound by confidentiality obligations.

6.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our legal rights.

6.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6.5 What We DO NOT Do

We DO NOT sell your personal information to third parties.
We DO NOT share your browsing history with advertisers or data brokers.

7. DATA SECURITY

We implement industry-standard security measures to protect your information, including:

Encryption of data in transit (HTTPS/TLS).
Secure storage of passwords (hashed and salted).
Regular security audits and updates.

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. INTERNATIONAL DATA TRANSFERS

Our servers and third-party AI providers may be located outside Australia, including in the United States and European Union. By using the Service, you consent to the transfer of your information to these jurisdictions.

We ensure that any international data transfers comply with applicable data protection laws, including:

GDPR: Standard Contractual Clauses (SCCs) or adequacy decisions.
Australian Privacy Principles: Ensuring overseas recipients are subject to substantially similar protections.

9. YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights:

9.1 Rights Under Australian Privacy Principles (APPs)

Access: Request access to the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

9.2 Rights Under GDPR (EU Residents)

Access: Request a copy of your personal data.
Rectification: Correct inaccurate data.
Erasure: Request deletion of your data ("right to be forgotten").
Restriction: Restrict processing of your data.
Portability: Receive your data in a portable format.
Objection: Object to processing based on legitimate interests.
Withdraw Consent: Withdraw consent at any time (where processing is based on consent).

9.3 Rights Under CCPA (California Residents)

Know: Request disclosure of the categories and specific pieces of personal information we collect.
Delete: Request deletion of your personal information.
Opt-Out: Opt out of the "sale" of personal information (note: we do not sell personal information).
Non-Discrimination: You will not be discriminated against for exercising your CCPA rights.

9.4 How to Exercise Your Rights

To exercise any of these rights, contact us at admin@novusdesign.com.au. We will respond to your request within the timeframes required by applicable law (typically 30 days).

10. CHILDREN'S PRIVACY

The Service is not intended for children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Posting the updated policy on our website.
Updating the "Last Updated" date at the top of this policy.
Sending you an email notification (if you have an account).

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

12. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

NOVUS DESIGN PTY LTD

Email: admin@novusdesign.com.au

Address: 81-83 Campbell Street, Surry Hills, NSW, 2010

For Australian Privacy Complaints:

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992

For CCPA Enquiries (California Residents):

Email: admin@novusdesign.com.au (Subject: "CCPA Request")

13. JURISDICTION-SPECIFIC DISCLOSURES

13.1 Australian Privacy Principles (APPs)

This Privacy Policy complies with the 13 Australian Privacy Principles under the Privacy Act 1988 (Cth). We are committed to handling your personal information in accordance with these principles.

13.2 GDPR (EU Residents)

Legal Basis for Processing: We process your data based on:

Consent: When you create an account and use the Service.
Legitimate Interests: To improve the Service and ensure security.
Legal Obligation: To comply with applicable laws.

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

13.3 CCPA (California Residents)

In the past 12 months, we have collected the following categories of personal information:

Identifiers (email, username, IP address)
Internet or network activity (usage data, analysis history)
Inferences (credibility scores, user preferences)

We do not sell personal information. We share information with service providers and AI providers as described in Section 6.