Privacy Policy

Last updated: 18 May 2026

This policy explains how WasThatTrue handles personal data when you use the website, sign in, manage a Pro subscription, contact support, or use the Chrome extension to fact-check YouTube claims. If anything is unclear, email support@wasthattrue.com.

Short version: WasThatTrue only checks a claim when you ask it to. We send the relevant YouTube transcript window and claim details to our backend and AI providers so a source-backed verdict can be produced. We keep a short operational record for each successful verdict request, but we do not store the verdict text or your raw claim quote, sell personal data, identify users in analytics, or use persistent analytics cookies for launch.

1. Who we are

WasThatTrue is operated by Sheen Digital Ltd (“we”, “us”), a private limited company registered in England and Wales (company number 17036653). Our registered office is at 1b Springfield Lane, Leeds, LS27 9PL, United Kingdom.

Sheen Digital Ltd is the data controller for the personal information described in this policy.

2. What we collect

Depending on how you use WasThatTrue, we may process:

Account data: your email address, Supabase user ID, login provider, and authentication session data needed to keep you signed in.
Subscription data: your plan, subscription status, Stripe customer ID, Stripe subscription ID, and billing period dates. Stripe handles payment card details; we do not receive full card numbers.
Fact-check request data: the YouTube video context, the transcript window around the current playback time, extracted claims, and the specific claim you ask WasThatTrue to verify.
Usage counters: daily counters for claim extraction and fact-check usage, plus reset times and remaining free allowance. Pro subscriptions also track a monthly fair-use counter on the subscription record.
Verdict call logs: a short operational record for each successful verdict request, containing the user ID, YouTube video ID, a one-way hash of the claim quote (not the quote itself), a timestamp, the call duration, and an estimated API token cost. We keep this so we can later judge whether a server-side verdict cache would be worth building. No product feature reads from this log today, and the raw claim text and verdict body are not stored.
Support messages: anything you include when you email support, such as browser details, a YouTube URL, account email, or a description of the issue.
Legacy waitlist data: if you joined the pre-launch waitlist, we may retain the email address and signup timestamp until you ask us to delete it or unsubscribe from product updates.

3. How fact-checking data flows

When you click Fact-check in the extension, WasThatTrue reads the relevant caption transcript window from the YouTube page and sends it to our backend. Our backend validates your account and updates the appropriate usage counter, then forwards the transcript window to Google Gemini to extract a short list of factual claims. When you select a claim to verify, the backend sends that claim, plus a short transcript context, to Perplexity to produce a source-backed verdict.

Transcript windows are used to extract and verify claims for the request you triggered. We do not use the extension to check videos automatically, and we do not read unrelated browsing activity.

We do not retain the verdict text that Perplexity returns. Each verdict is sent back to your browser and discarded by the backend. The extension keeps its own short-lived verdict cache on your device so repeat checks do not hit our backend, and that cache is under your control. For each successful verdict request we do keep a short operational record (see Verdict call logs above) so we can later judge whether to build a server-side cache; the record never contains the raw claim quote or the verdict body.

4. Analytics

For launch analytics we use PostHog to understand the public website funnel: page views, Add to Chrome clicks, and Pro subscription lifecycle events (checkout started, subscription created, cancellation scheduled, and billing-period close). Autocapture is off.

PostHog is configured with memory-only persistence for launch. That means it does not place analytics cookies, localStorage, or another persistent browser identifier on your device. We do not identify signed in users in PostHog, and we do not send your email address to PostHog.

5. Why we use the data

We process data to:

Provide the website, extension, login, and account pages.
Extract claims and return source-backed verdicts when you ask.
Apply free usage limits and Pro subscription access.
Manage checkout, billing portal access, renewals, and cancellation.
Prevent abuse, automated usage, and unexpectedly high-cost usage.
Respond to support requests and investigate technical issues.
Measure launch funnels with anonymous, explicit-event analytics.

6. Who we share data with

We use trusted service providers to operate WasThatTrue. They process data on our behalf or as independent providers for their part of the service:

Supabase for authentication, database storage, and account sessions.
Stripe for checkout, subscriptions, invoices, and the billing portal.
Google Gemini for extracting factual claims from the transcript window you submit.
Perplexity for source-backed verdict generation on the specific claim you choose to verify.
PostHog for anonymous, explicit-event launch analytics.
Vercel for hosting and operational logs.
Resend for legacy waitlist or product emails, where used.

We do not sell your personal data, share it with advertisers, or use it for third-party ad targeting.

7. International transfers

Some providers may process data outside the UK or European Economic Area, including in the United States. Where required, those providers rely on approved transfer safeguards such as standard contractual clauses or equivalent mechanisms.

8. How long we keep data

Account and subscription records are kept while your account exists and as long as needed for tax, billing, fraud prevention, support, and legal obligations. Usage counters are kept for operational and abuse-prevention purposes. Verdict call logs are kept for operational and product-quality purposes, and may be pruned once the server-side cache decision is made. We do not retain the verdict text that Perplexity returns to your browser.

Support emails are kept while needed to resolve the request and maintain a reasonable record of the conversation. Waitlist email addresses are kept until you unsubscribe, ask us to delete them, or we no longer need the waitlist.

9. Your rights

Under UK GDPR, you may have the right to access, correct, delete, restrict, object to processing, or request a portable copy of your personal data. To make a request, email support@wasthattrue.com from the email address associated with your account where possible.

If you believe we have mishandled your data, you can complain to the UK Information Commissioner's Office at ico.org.uk.

10. Security

We use HTTPS, provider access controls, server-side secrets, and database protections to reduce the risk of unauthorised access. No system is perfectly secure, but we will investigate and respond to security issues promptly.

11. Changes

We may update this policy as WasThatTrue changes, especially if we add new analytics, storage, AI providers, or Pro features. We will update the date at the top of this page when we make changes.

12. Contact and support

Questions about privacy can be sent to support@wasthattrue.com. For product or billing help, visit Support.