Privacy Policy

Last updated: May 6, 2026

This Privacy Policy explains how Auberon LLC ("we," "us," or "our"), which operates GPTypo (the "Service"), collects, uses, and protects your information when you use gptypo.com or our browser extensions.

1. Text Submissions

When you paste text into GPTypo for scanning, your text is sent to our servers for analysis. For free-tier users, text is processed using our heuristic scoring engine. For Pro and Team users, text is sent to our cloud-hosted AI detection model for neural model verification.

For free-tier users, text is held in memory only for the duration of the scoring request and is discarded after the response is returned. For Pro and Team users with scan history enabled, the scanned text (up to 10,000 characters), overall score, sentence-level scores, and signal data are stored in our database so you can review past scans. You can delete individual scans or clear your entire history at any time from the scan history page. Deleting scans removes the stored text and results permanently.

2. Rewrite Suggestions

When you request rewrite suggestions for flagged sentences, your sentence and surrounding context are sent to Anthropic's Claude API for processing. Anthropic's data retention and privacy policies apply to this processing. We do not store the suggestions after they are returned to you.

3. Account Information

If you create an account, we collect your name, email address, and profile image from your authentication provider (Google or email magic link). This information is stored in our database hosted on Supabase (Postgres) and is used to manage your account, subscription, and session.

We store the following account-related data: email, name, profile image URL, subscription tier, Stripe customer and subscription IDs, trial dates, monthly usage counts (words scanned), and lifetime aggregate statistics (total scans, words, and suggestions). Lifetime statistics are retained even if you delete your scan history.

4. API Keys

Team-tier users can generate API keys for programmatic access. We store a one-way HMAC-SHA256 hash of your key — never the plaintext. The full key is shown to you once on creation; afterward we display only a short prefix for identification. Because we do not retain the plaintext, we cannot recover a lost key. If you lose your key you must regenerate it, which invalidates the old one. You can revoke a key at any time from the API keys management page.

5. Browser Extension

Our Chrome extension is built to be invoked explicitly by you and to act only on text you choose to scan. It does not read or transmit page content in the background.

When you invoke a scan — by selecting text and using the context menu, the keyboard shortcut, or the side panel — the selected text (or, for page-scan, the article content extracted by Mozilla Readability) is sent to our servers using the same scoring pipeline described in Section 1. The extension uses Chrome's built-in storage (chrome.storage) to hold a session token issued by our OAuth flow and your local preferences. The session token is bound to your GPTypo account and can be revoked at any time from the Connected Apps page on gptypo.com.

The extension requests broad host permissions (<all_urls>) because scanning user-selected text on any webpage is its core function. It does not collect browsing history, telemetry, analytics events, or anything beyond the scans you explicitly request.

6. Usage Tracking

We track the number of words you scan each month to enforce tier-based volume limits. This counter resets automatically at the start of each calendar month (UTC). We also track aggregate statistics (total scans, total words, total suggestions) for your account. These counts are independent of your scan history and are not affected by deleting scans.

We log anonymous score divergence data (estimated vs. verified scores, word count, and detected tone) to evaluate and improve our scoring accuracy. This data is not linked to your account or text content.

7. Billing

Payment processing is handled entirely by Stripe. We do not store your credit card number, expiration date, or CVC on our servers. We store only your Stripe customer ID, subscription ID, price ID, and billing period end date to manage your subscription across our Free, Pro, and Team tiers.

8. Cookies and Analytics

We use session cookies to maintain your authentication state. We use Vercel Analytics for anonymous, aggregated usage metrics. We do not use Google Analytics or any third-party advertising trackers.

9. Third-Party Services

We use the following third-party services to operate GPTypo:

• Supabase — database hosting (account data)
• Stripe — payment processing
• Anthropic (Claude API) — rewrite suggestions
• Replicate (replicate.com) — AI detection model hosting
• Vercel — application hosting and analytics
• Google OAuth — authentication
• Resend — magic link emails

10. Data Deletion

You can delete individual scans or clear your entire scan history at any time from within the Service. You can revoke API keys from the API keys page and revoke connected extensions or apps from the Connected Apps page. To request complete deletion of your account and all associated data, email us. Upon account deletion, we remove your account record, scan history, usage data, and API keys from our database and cancel any active Stripe subscription.

11. Contact

Auberon LLC is the data controller for the Service. For privacy questions, data deletion requests, or other inquiries:

• Product support: support@gptypo.com
• Privacy & legal: hello@auberon.dev

Mailing address:
Auberon LLC
522 W Riverside Ave STE N
Spokane, WA 99201-0581
United States