Privacy Policy

Last updated: March 2026

        Summary: Aletheia is privacy-first. We don't track you, and we don't sell your data. We collect only what's needed to provide the service, and we're transparent about every detail.
      

1. What We Collect

Selection-Based Analysis

When you select text and choose "Explain with AI", the following is sent to our servers:

The text you select
The surrounding context (~2,000 characters around your selection)
The page URL
The page title
Page metadata signals (such as noarchive tags indicating publisher preferences)

Full Page Analysis

When you click "Analyze Full Page", the extension extracts up to 10,000 characters of article content from the current page. Before transmission, email addresses and phone numbers found in the text are automatically redacted to protect third-party privacy.

Account Data

If you sign in with LinkedIn, we collect and store:

Your LinkedIn user ID (stable identifier)
Your display name
Your email address
Your profile picture URL

This data is stored in our database to manage your account and is retained until you delete your account or request erasure.

Payment Data

If you subscribe to a paid plan, we store a Stripe customer ID and subscription ID to manage your billing. Payment card details are handled entirely by Stripe and never touch our servers.

Local Storage

The extension stores the following locally on your device:

Authentication tokens (access and refresh tokens, cleared on browser close or logout)
Your user ID and display name (for showing logged-in state)
Your domain allowlist preferences

We do not collect:

Your browsing history across sites
Any data without your explicit action (clicking the extension or right-click menu)

2. How We Process Your Data

Your text is analyzed using AWS Bedrock, which hosts the following AI models:

Amazon Nova Micro — standard analysis
Anthropic Claude Haiku 4.5 — standard analysis
Anthropic Claude Opus 4.6 — deep poetic/literary analysis

All models are accessed through AWS Bedrock, which provides these guarantees:

Your prompts and responses are not used to train any AI models
Your data is not stored by AWS or Anthropic beyond the duration of processing
Processing occurs in secure, isolated environments

3. Data Retention

Analysis data (your selected text and AI responses) is stored for 30 days to enable conversation history, then automatically deleted.

Account data (your profile and billing information) is retained until you delete your account or request erasure via the DELETE /my-data endpoint.

Rate limit counters expire automatically within hours to days.

We never sell your data or use it to train AI models.

4. Browser Permissions

Aletheia requests only the permissions necessary for its features:

All Browsers (Chrome & Firefox)

activeTab: Access only the current tab when you explicitly invoke the extension
tabs: Detect page navigation for overlay lifecycle management and content script injection
scripting: Execute content scripts on the active tab to extract selected text and display analysis overlays
contextMenus: Add "Explain with AI" to your right-click menu
storage: Save your preferences, authentication tokens, and domain allowlist locally on your device

Chrome Only

identity: Required for the LinkedIn OAuth authentication flow
notifications: Display analysis completion notifications

Remote Server Access

api.aletheia.study: The only remote server the extension communicates with, for AI analysis and authentication

We cannot access your browsing history or data from other tabs.

5. Your Rights (GDPR/CCPA)

You have the right to:

Erasure: Request deletion of all your data at any time. The DELETE /my-data endpoint removes your data from all of our systems, including your profile, analysis history, billing references, and rate limit records. Active subscriptions are cancelled automatically.
Access: Request information about what data we hold about you.

Analysis data is also automatically purged after 30 days.

6. Third-Party Services

We use the following third-party services:

AWS Bedrock: AI processing — your selected text and page context are sent to Amazon Nova and Anthropic Claude models hosted on AWS. Neither Amazon nor Anthropic trains on your data.
AWS DynamoDB: Data storage for analysis history, user accounts, rate limits, and coupon records.
LinkedIn: OAuth authentication — if you choose to sign in, LinkedIn provides your user ID, name, email, and profile picture to Aletheia.
Stripe: Payment processing — if you subscribe to a paid plan, Stripe handles all payment card details. We store only a Stripe customer ID and subscription ID; we never see your card number.
CloudFlare: All traffic between the extension and our API is proxied through CloudFlare for performance and security. CloudFlare does not store request or response content.

We do not use user analytics, advertising networks, or tracking services. We collect anonymous operational metrics (request counts, latency, error rates) for service reliability only.

7. Open Source Transparency

Aletheia is fully open source under the PolyForm Noncommercial 1.0.0 license. You can audit our code at any time:

github.com/martymcenroe/Aletheia

8. Contact

For privacy inquiries:

Open an issue at GitHub Issues
Email: support@aletheia.study

9. Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be announced via our GitHub repository. Continued use of the extension after changes constitutes acceptance of the updated policy.