Intelexta

Privacy Policy – Intelexta

Last updated: November 26, 2025

This Privacy Policy explains how Gauge Freedom, Inc. (“Gauge Freedom”, “we”, “our”, or “us”) collects, uses, and protects information when you use:

  • Intelexta Validator at https://validator.intelexta.com
  • Any related websites, apps, and services that link to this Policy (together, the “Services”).
  • Intelexta Verifiable Summary (ChatGPT app / MCP server) at https://api.intelexta.com/mcp (and any related endpoints like downloads)

Intelexta is designed to help humans document and verify AI-assisted work using human-readable integrity reports and cryptographically signed receipts (“Intelexta AI Integrity Reports” and “Content-Addressable Receipts (CARs)”).

By using the Services, you agree to the collection and use of information in accordance with this Policy.

1. Who We Are

Gauge Freedom, Inc. is a California Benefit Corporation based in the United States. If you have questions about this Policy or how we handle your data, you can contact us at:

Contact us

2. What We Collect

We collect information in three main categories:

2.1. Information You Provide

  • Account information (Validator only – the Verifiable Summary app does not require an account; when used via ChatGPT, we generally do not receive your ChatGPT identity details (name/email) from OpenAI)
    • Name (as provided by your sign-in provider)
    • Email address
    • Profile photo (if provided by Google or another identity provider)
  • Validation content
    • Text and documents you paste, upload, or send to be analyzed
    • Titles, descriptions, or metadata you provide about your artifact
  • Feedback and communications
    • Messages you send us (support tickets, email, feedback forms)
    • Bug reports and feature requests
  • Verifiable Summary content (ChatGPT app)
    • Text you submit for summarization.
    • We generate a summary and a cryptographic receipt/bundle (CAR ZIP).
    • By default, the bundle does not include the full input text; it includes an input hash, byte count, and a short preview. If you enable an option like include_source=true, the bundle may include the full input text. Data processed via our ChatGPT App/MCP integration is processed ephemerally to generate the summary/receipt and is not used for model training, regardless of the user’s account status.

2.2. Information We Generate

When you run a validation, we generate and store:

  • Integrity analysis results
    • Scores (e.g., Factual Reliability, Heuristic Novelty, Stewardship Grade)
    • Key claims, rationales, suggested improvements, and AI-usage estimates
  • Integrity Reports and Receipts
    • Intelexta AI Integrity Reports (human-readable summaries of reliability, citations needed, AI contribution estimates, and related checks)
    • Content-Addressable Receipts (CARs) containing hash chains, policy references, and model metadata
  • Usage and quota information
    • Number of validations per tier (Flash / Deep / Journal)
    • Approximate token usage and internal “cost” metrics (e.g., USD/energy estimates)
    • Timestamps and identifiers for your runs

2.3. Information Collected Automatically

When you use the Services, we automatically collect:

  • Technical data
    • IP address
    • Browser type and version
    • Device type and operating system
    • Basic HTTP headers (referrer, user agent)
  • Usage data
    • Pages visited and UI actions (e.g., “ran Deep check”, “exported PDF”)
    • Error messages and performance logs from our backend (Cloud Run, Firestore)
  • Cookies and similar technologies
    • We use cookies and similar technologies for authentication, session security, and preferences. If we use analytics tools (e.g., Firebase Analytics) or error monitoring, they may collect usage and device data to help us improve reliability. Where required, we provide cookie controls or honor applicable opt-out mechanisms.

3. How We Use Your Information

We use your information to:

  1. Provide and operate the Services
    • Run document validations
    • Generate Integrity Reports and CARs
    • Store and display your past validation runs
  2. Maintain integrity and provenance
    • Build tamper-evident receipts for AI-assisted work
    • Support reproducibility and audit trails
  3. Manage accounts and access
    • Authenticate users via Google or email/password
    • Enforce quotas and prevent abuse
    • Distinguish anonymous from signed-in usage
  4. Improve reliability and user experience
    • Debug errors and performance issues
    • Measure feature usage to prioritize improvements
    • Spot misuse or abuse patterns (e.g., automated scraping)
  5. Legal, safety, and compliance
    • Respond to lawful requests from authorities (where required)
    • Enforce our Terms of Service
    • Protect the safety, rights, or property of our users and the public

We do not sell your personal information.

3.1 Public proof links (sharing)

If you choose to publish a “proof link,” we create a public snapshot that can be accessed by anyone with the link. Public proof links are designed to show integrity outcomes and receipt metadata, and do not include your raw artifact text. If you later unshare a proof link, we remove public access going forward; however, anyone who previously accessed the link may have saved a copy (e.g., screenshots or downloads), and third-party caching beyond our control may persist.

Verifiable Summary bundles are accessed via a unique download URL; anyone with the link may be able to download the bundle while it is available.

4. AI Models and Third-Party Providers

When used through ChatGPT, requests originate from the ChatGPT platform; OpenAI may process the conversation/tool invocation under their policies. We process the tool input to generate the summary and receipt.

4.1. AI Processing (private vs community mode)

We use third-party AI providers to generate integrity analyses.

  • Signed-in “Private Workspace” validations (Vertex AI): Your content is processed to provide the service and return results to you. We configure enterprise APIs where available to limit provider training on your content.
  • Anonymous “Community Mode” validations (Gemini / AI Studio): If you use community mode, your content may be processed under provider terms that allow prompts and outputs to be used to improve their systems. We label community mode in the UI so you can choose what to paste.

4.2. Infrastructure and Analytics

We rely on:

  • Google Cloud Platform (Cloud Run, Firestore, Cloud Storage, logging)
  • Firebase (Authentication, Hosting, possibly Analytics)

These providers process technical data and logs to help us operate the service. They may also collect and process some data under their own privacy policies.

4.3. Payments and subscriptions

If you purchase a paid plan, payments and subscription management are handled by third-party billing providers (for example, Lemon Squeezy and its payment partners). We receive subscription status and identifiers (e.g., customer/subscription IDs) to provision access. We do not store full payment card numbers; payment details are handled by the billing provider.

5. Legal Bases (EEA/UK Users)

Where applicable (e.g., for users in the European Economic Area or UK), we process your personal data on the following legal bases:

  • Contract – To provide the Services you request (running validations, storing your Integrity Reports and CARs).
  • Legitimate interests – To secure and improve the Services, prevent abuse, and understand usage patterns.
  • Consent – Where required (for example, certain cookies or when you explicitly choose an anonymous “community mode” that allows provider training).

You can withdraw consent at any time, but this will not affect processing that has already occurred.

6. How Long We Keep Your Data

We keep data only as long as reasonably necessary to:

  • Provide the Services,
  • Maintain an audit trail and reproducibility for Integrity Reports/CARs,
  • Comply with legal obligations, resolve disputes, and enforce agreements.

In practice, this means:

  • Validation runs (reports/receipts/history): retained until you request deletion, or until we discontinue the feature and provide reasonable notice.
  • Logs and security events: typically retained for a limited period (e.g., 30–180 days) unless needed longer for security investigations or legal compliance.
  • Backups: deleted on a rolling schedule.

We may store aggregated or de-identified data (that cannot reasonably be linked back to you) for longer to track usage trends and inform system design.

Verifiable Summary download bundles are stored until deleted/rotated to support downloads, then removed.

7. How We Share Your Information

We share information in these limited ways:

  • Service providers (processors)
    • Cloud hosting, storage, email, and logging providers that help us run the Services.
  • Identity providers
    • Google (for sign-in).
  • Research and analytics (aggregated)
    • We may share aggregated, de-identified statistics (e.g., number of validations per month, average scores) that do not identify individuals.
  • Legal and safety
    • With law enforcement or other parties if required by law, regulation, or court order, or if we believe it’s necessary to protect our rights, users, or the public.

We do not sell user data.

7.1 Organization visibility

If you use organization features (projects, org dashboards), organization admins may be able to view organization-level analytics and validation metadata (e.g., counts over time, average scores, project breakdown). By default, organization dashboards are not intended to expose raw artifact text.

8. Your Rights and Choices

Depending on your location, you may have some or all of the following rights:

  • Access – Request a copy of the personal data we hold about you.
  • Correction – Ask us to correct inaccurate or incomplete data.
  • Deletion – Ask us to delete certain personal data (subject to legal and contractual limits).
  • Restriction – Request that we limit processing in certain circumstances.
  • Data portability – Request an export of your data in a machine-readable format.
  • Objection – Object to processing based on legitimate interests.
  • Withdraw consent – Where we rely on consent, you can withdraw it at any time.

To exercise these rights, contact us at support@intelexta.com.

We may need to verify your identity before fulfilling your request.

You may also have the right to lodge a complaint with your local data protection authority.

9. Children’s Privacy

The Services are intended for adults and older students, not children. We do not knowingly collect personal data from children under the age of 13 (or the minimum age required by local law). If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Security

We use reasonable technical and organizational measures to protect your information, including:

  • HTTPS/TLS for data in transit
  • Access controls and IAM roles in Google Cloud
  • Limiting internal access to production data to appropriate personnel

However, no system is perfectly secure, and we cannot guarantee the absolute security of information transmitted or stored via the internet.

Please do not submit passwords, API keys, private keys, authentication tokens, or other sensitive secrets. While we use reasonable safeguards, no system is perfectly secure.

11. International Transfers

We operate primarily from the United States, and your data may be processed in the U.S. or other countries where our providers operate. These locations may have different data protection laws than your home country.

Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Change the “Last updated” date at the top, and
  • Where appropriate, notify you via the Services or by email.

Your continued use of the Services after an update means you accept the revised Policy.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, you can contact us at:

https://www.intelexta.com/contact