Privacy Policy

1. Introduction

NoParrot ("we", "us", "our") is operated by SumatoSoft. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the NoParrot.ai service.

This policy applies to all users of noparrot.ai, including the web application, marketing site, and any related services.

2. Data We Collect

Account Data

When you create an account, we collect your email address and display name. Authentication is handled by Supabase, which supports Google OAuth and email/password sign-in.

Query Data

When you use NoParrot, we store the questions you ask, the AI responses generated, and the analysis results (claim extraction, agreement scores, and synthesis). This data is associated with your account so you can access your query history.

Usage Data

We track query counts, timestamps, and your subscription tier to enforce usage limits and provide account management features.

Payment Data

Payments are processed entirely by Stripe. We do not store your credit card numbers, bank account details, or other payment instrument information on our servers. Stripe provides us with a customer ID and subscription status.

Analytics

We use Plausible Analytics, a privacy-friendly, cookieless analytics service. Plausible does not collect any personal data, does not use cookies, and is fully compliant with GDPR, CCPA, and PECR. We see only aggregate statistics such as page views and referral sources.

3. How We Use Your Data

• To provide the service — your queries are sent to multiple AI providers for analysis and comparison.
• To manage your account — authentication, subscription management, and usage tracking.
• To process payments — subscription billing through Stripe.
• To improve service quality — we use aggregate, anonymized statistics to understand usage patterns. We do not use your individual queries for training or marketing purposes.

4. Third Parties We Share Data With

To provide the multi-model AI verification service, we share data with the following third parties:

AI Providers

Your query text is sent to the following AI providers for processing:

• Anthropic (Claude) — Privacy Policy
• OpenAI (GPT) — Privacy Policy
• Google (Gemini) — Privacy Policy
• xAI (Grok) — Privacy Policy

Each provider processes your query according to their own data handling practices and privacy policies. We recommend reviewing their policies to understand how they handle data.

Service Providers

• Stripe — payment processing. Stripe receives your payment information directly. Privacy Policy
• Supabase — authentication. Supabase stores your email and handles sign-in. Privacy Policy
• DigitalOcean — infrastructure hosting. Our servers run on DigitalOcean. Privacy Policy
• Cloudflare — CDN and DDoS protection. Cloudflare routes traffic to our servers. Privacy Policy

5. Data Retention

• Account data — retained for the lifetime of your account and after deactivation. When you delete your account through settings, it is deactivated and your active subscription is canceled, but your data is not automatically erased. To request full erasure of all personal data, email support@noparrot.ai.
• Query history — retained for the lifetime of your account and after deactivation. Query history is not automatically deleted upon account deactivation. To request erasure, email support@noparrot.ai.
• Payment records — retained as required by applicable tax and financial regulations (typically 7 years).
• Analytics data — Plausible retains aggregate data only. No personal data is stored.

6. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate personal data.
• Right to erasure — request deletion of your personal data ("right to be forgotten").
• Right to data portability — request your data in a structured, machine-readable format.
• Right to restriction — request that we limit how we process your data.
• Right to object — object to processing of your personal data.

To exercise any of these rights, email us at support@noparrot.ai. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority.

7. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures:

• Encryption at rest — personally identifiable information in our database is encrypted using pgcrypto (PostgreSQL).
• Encryption in transit — all connections use HTTPS with TLS/SSL certificates managed by Cloudflare.
• Access controls — database access is restricted to authorized application services with role-based permissions.
• Authentication security — handled by Supabase with industry-standard practices including password hashing and secure session management.

8. Children

NoParrot is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at support@noparrot.ai and we will delete that data.

9. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email at the address associated with your account. The "Last updated" date at the top of this page indicates when the policy was last revised.

10. Contact

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: support@noparrot.ai
Operator: SumatoSoft