Privacy Policy
Last updated: March 29, 2026
The short version
We don't store your text. Process → return → discard.
No text is logged to any database.
No text is used for model training.
Only metadata logged: timestamp, word count, success/fail (for billing).
Section 1
When you paste text into Refrazr and click Humanize, that text is transmitted to our API over HTTPS. The API forwards the text to an LLM provider (OpenRouter), receives the humanized output, applies post-processing rules, and returns the result to your browser. After the request completes, the text is discarded. It is not written to any database, not cached to disk, and not retained in any form on our infrastructure.
Text processed by the AI Detector feature on the /ai-detector page runs entirely in your browser. It is never transmitted to our servers at all.
For billing and abuse prevention, we log the following metadata per API request:
This metadata is retained for 90 days for billing reconciliation purposes, then deleted.
If you create an account, we store your email address and hashed password (via Supabase Auth). We do not store payment card details — payment processing is handled by Stripe, which has its own privacy policy. Your email is used for account management, billing receipts, and service-related communications. We do not send marketing emails unless you opt in explicitly.
We use Google Analytics 4 (GA4) and Microsoft Clarity for usage analytics. Both tools collect anonymized behavioral data — pages visited, session duration, click patterns. Neither tool receives any text you paste into Refrazr. Analytics data is collected under IP anonymization where available and is subject to Google's and Microsoft's respective privacy policies.
Section 2
| Cookie type | Purpose | Can you opt out? |
|---|---|---|
| Session (essential) | Keep you logged in, maintain API key state | No — required for the site to function |
| GA4 Analytics | Anonymized page view and interaction tracking | Yes — decline in the cookie banner |
| Clarity | Session recordings and heatmaps (anonymized) | Yes — decline in the cookie banner |
Section 3
Text submitted for humanization is forwarded to OpenRouter, which routes it to DeepSeek V3. This is necessary for the service to function. OpenRouter's terms prohibit using submitted text for model training. We have reviewed these terms and the data flow is consistent with our no-training commitment. For the avoidance of doubt: your text passes through this service as a transit — it is not stored or retained by OpenRouter beyond the duration of the API call.
Our database is a self-hosted Supabase instance running on our own server. Your usage metadata and account data (if applicable) are stored here. This is not a shared cloud database — the server is under our operational control.
Payment processing is handled by Stripe. We never see or store your payment card details. Stripe's privacy policy governs how payment data is handled.
Section 4
Section 5
You have the right to request deletion of your account and associated metadata. You can also request a copy of your usage metadata. Since we don't store your text, there is no text data to retrieve or delete.
To exercise these rights, or for any privacy-related question, contact us at [email protected]. We respond to privacy requests within 30 days.
Section 6
All data in transit is encrypted via HTTPS (TLS 1.2+). The API is served behind Cloudflare with Full Strict SSL. API keys are stored as SHA-256 hashes — the actual key is never stored. Our database server is not exposed to the public internet. If you discover a security vulnerability, please disclose it responsibly to [email protected].
Section 7
If we make material changes to this privacy policy, we will update the "Last updated" date at the top of this page. For significant changes affecting data practices, we will notify registered users by email at least 14 days before the change takes effect.