Privacy Policy

---

Effective date: 12 June 2026
Last updated: 12 June 2026

This Privacy Policy explains how Smitten Technologies ("Smitten Technologies", "Company", "we", "our", or "us") collects, uses, processes, stores, discloses, and protects information when you access or use TruSight and any related applications, websites, APIs, software, and services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

TruSight is operated by:

Smitten Technologies
Delhi, India
Email: info@smitten.co.in
Website: https://smitten.co.in

This Privacy Policy applies to:

• Mobile applications (including the TruSight Android app)
• Websites operated by Smitten Technologies
• APIs and backend services used to provide analysis
• Customer support interactions
• Beta features and future service enhancements

This Policy does not apply to third-party websites, applications, products, or services that may be linked through the Service. Those services have their own privacy practices.

We may collect information that you voluntarily provide, including:

• Name or display name
• Email address
• Phone number (when you sign in with phone verification)
• Login credentials or authentication tokens
• Profile information from supported sign-in providers
• Support requests, feedback, and communications with us
• Text, URLs, images, screenshots, videos, links, documents, transcripts, and other content you submit for analysis

When you use the Service, you may submit:

• Text claims
• Screenshots and images
• Video files and supported video links
• URLs and documents
• OCR text extracted from images or frames
• Audio and transcripts from videos or user-initiated screen recordings
• Other media signals needed to generate results

This content is processed to provide fact-checking, media analysis, scam-risk signals, and related Service features.

You control what you submit. Do not submit content you do not have the right to analyze, including private, confidential, or illegal material.

If you create or use an account, we may collect information through supported authentication methods, including:

• Email and password (Firebase Authentication)
• Google Sign-In (name, email, account identifier, profile image where provided)
• Phone number (for SMS verification via Firebase)
• Microsoft Sign-In (name, email, account identifier where authorized by you)
• Sign in with Apple (where available on your platform)

We receive only the information made available by the authentication provider and authorized by you.

We may collect limited technical information needed to operate and secure the Service, such as:

• Device type and operating system version
• Application version
• Language and locale settings
• IP address and request metadata when you call our APIs
• Diagnostic or error information included in support requests

The current TruSight Android app does not use dedicated third-party analytics or crash-reporting SDKs (such as Firebase Analytics or Crashlytics). Operational logs may be generated on our servers when you use the Service.

We may collect information about how the Service is used, including:

• Features used and verification requests submitted
• Session and API activity needed to provide the Service
• Error events related to analysis requests
• Security and abuse-prevention signals

When you contact us, we may collect:

• Email or other communications you send
• Attachments you voluntarily provide
• Diagnostic details needed to resolve your issue

Support information may be retained for quality assurance, security, legal compliance, and dispute resolution.

TruSight provides optional Sherlock functionality that lets you submit screenshots, short screen recordings, or other captured content for analysis.

• Sherlock is activated only after explicit user action and operating-system permission approval.
• The optional floating assist bubble may require display over other apps permission so you can start analysis from other apps.
• Screen recording may require media projection permission.
• If you enable audio during screen recording, microphone audio from your device may be captured and sent for transcription and analysis.

We do not continuously monitor your device, silently record your screen, or capture content without your initiation.

You are solely responsible for ensuring that content submitted through Sherlock is lawfully obtained and may legally be analyzed.

We use information to:

• Provide, operate, and improve the Service
• Generate AI-assisted analysis, scores, summaries, and reports
• Authenticate users and maintain account security
• Prevent fraud, abuse, and misuse
• Provide customer support
• Comply with legal obligations and enforce our Terms of Use

Submitted content may be analyzed using artificial intelligence systems, machine learning models, OCR, search technologies, transcription tools, and automated analytical systems.

Outputs may include Trust Rings, authenticity or confidence indicators, summaries, fact-checking reports, and media analysis reports.

AI outputs are informational only. They are not factual determinations, legal findings, or professional advice.

To help detect phishing or malicious links in submitted content, URLs found in your submissions may be checked using Google Web Risk or similar security services. Typically only the URL (not your full message) is sent for this lookup.

To provide the Service, information may be processed by third-party providers, including categories such as:

• Authentication providers (e.g. Firebase / Google)
• Artificial intelligence providers (e.g. OpenAI, Google Gemini, Anthropic, and other configured model providers)
• Search providers (e.g. Tavily, Brave Search, Perplexity)
• Media, transcription, OCR, and video analysis providers (e.g. Supadata, Hive, YouTube API, as configured)
• URL and security services (e.g. Google Web Risk)
• Cloud hosting providers (e.g. Railway or equivalent infrastructure)

The specific providers used may change over time as we improve the Service. Providers process data only as needed to perform their role in delivering analysis, authentication, hosting, or security.

Where you authenticate through Google, Microsoft, or Apple, information may also be processed under those providers' own privacy policies.

We retain information only as long as reasonably necessary to:

• Provide the Service
• Maintain security and prevent abuse
• Comply with legal obligations
• Resolve disputes and enforce agreements

Submitted analysis content: Our intended practice is to process user-submitted content to generate results and not retain it longer than needed for that request, except where temporary retention is required for operations, security, logging, backups, compliance, or legal purposes.

Shared results: If you choose to create a share link, a limited result summary (and related metadata) may be stored on our servers so the link can be opened. Shared content is stored only when you initiate sharing.

Local history: Analysis history may be stored on your device under your control. You can delete local history in the app where deletion controls are provided.

Account information: Authentication data is managed through Firebase. You may request account deletion as described in Section 14.

Retention periods may vary depending on the type of information, technical requirements, security needs, and applicable law.

If paid subscriptions or in-app purchases are offered in the future, payment information will be processed by the applicable app store or payment provider. We do not intentionally store complete payment card numbers. Any future billing features will be described in the app and updated in this Policy.

We may disclose information:

• To service providers that help us operate the Service (hosting, AI, search, authentication, security)
• To legal authorities where required by law or reasonably necessary to protect rights, safety, and security
• In connection with mergers, acquisitions, financing, reorganization, or business transfers

We do not sell personal information.

If Smitten Technologies is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to applicable law.

We may disclose information where reasonably necessary to comply with law, respond to lawful requests, investigate abuse, prevent fraud, or protect users and the public.

Information may be processed, stored, or transferred outside your country of residence, including in jurisdictions with different privacy laws. By using the Service, you acknowledge that cross-border processing may occur depending on the location of our infrastructure and service providers.

Subject to applicable law, you may have rights to:

• Access your personal information
• Correct inaccurate information
• Request deletion or restriction of processing
• Object to certain processing
• Withdraw consent where processing is consent-based
• Request portability of certain information

To exercise these rights, contact info@smitten.co.in or use our Data Deletion Request page.

We may need to verify your identity before processing requests.

Where applicable, users in the European Economic Area, United Kingdom, or similar jurisdictions may have additional rights under GDPR or comparable laws. We will respond to valid requests in accordance with applicable law.

Where applicable, Smitten Technologies processes digital personal data in accordance with Indian law, including the Digital Personal Data Protection Act, 2023. Users in India may contact us regarding privacy requests or concerns at info@smitten.co.in.

If you created an account, you may request deletion of your account and associated personal data.

How to request deletion:

1. Email info@smitten.co.in from your registered email address (or include your registered phone number), with subject line "TruSight account deletion request", or
2. Visit https://smitten.co.in/data-deletion

We will verify your identity and process verified requests within 30 days, unless a longer period is permitted by law.

What may be deleted: Firebase authentication record, backend profile data associated with your account, and user-initiated shared links where applicable.

What may be retained: Information we must keep for legal compliance, security, fraud prevention, dispute resolution, or limited operational logs, as described in this Policy.

Deleting your account does not automatically delete analysis history stored locally on your device; you can clear local history in app Settings.

Where applicable, California residents may have rights under California privacy laws. We do not sell personal information.

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will take appropriate steps.

We implement reasonable technical, organizational, and administrative safeguards designed to protect information, including access controls, authentication, encryption in transit (HTTPS), and security monitoring.

No system is completely secure. We cannot guarantee absolute security.

We maintain procedures to identify, assess, and respond to security incidents. If notification is required under applicable law, we will provide notice in accordance with legal requirements.

The Service may contain links to third-party websites or services. We are not responsible for their privacy practices.

The Service may use software development kits (SDKs), local storage on your device, authentication tokens, and similar technologies to:

• Maintain sign-in sessions
• Store preferences and local analysis history
• Operate core app functionality
• Maintain security

You can manage certain device permissions and local data through your device settings and in-app controls.

The Service may use system notifications related to foreground analysis or capture activities (for example, while a screen recording is in progress). You can manage notification permissions in your device settings.

We may update this Privacy Policy from time to time. We will post the updated version at https://smitten.co.in/privacy-policy and update the "Last updated" date. Continued use of the Service after changes become effective constitutes acceptance of the revised Policy.

Smitten Technologies
Email: info@smitten.co.in
Website: https://smitten.co.in

End of Privacy Policy