Privacy Policy

Last updated: February 2026

1. Who We Are

HallucProof is operated by Brightstead Technologies, Inc. (“Brightstead,” “we,” “us”). This Privacy Policy describes how we collect, use, and protect information when you use the HallucProof service at hallucproof.com.

2. Data We Collect

Quote form submissions: Name, email address, organization name, use case, and expected volume. This information is submitted voluntarily when you request a quote.

Fingerprint hash: A one-way hash derived from your browser canvas rendering, timezone, and screen dimensions. This is used solely for rate limiting and bot protection. We do not store the raw fingerprint data — only a non-reversible hash.

IP address: Logged temporarily for rate limiting and abuse prevention. IP addresses are not stored permanently or shared with third parties.

Document content: Text submitted for hallucination scanning is processed in real-time and is not stored on our servers. File uploads (PDF, DOCX) are parsed server-side for text extraction and immediately discarded.

3. How We Use Your Data

  • To respond to quote requests and communicate about our services
  • To prevent abuse and enforce rate limits
  • To improve the Service based on aggregate usage patterns

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Cookies and Tracking

HallucProof does not use tracking cookies at launch. We do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts.

CrossRef API: When you use the citation verification feature, your browser makes requests directly to the CrossRef API (api.crossref.org). These requests are made client-side from your browser, not through our servers. CrossRef's privacy policy governs their handling of those requests.

5. Data Retention

Quote form submissions are retained for up to 24 months to facilitate follow-up communications. You may request deletion at any time by contacting us.

Rate limiting data (fingerprint hashes, IP addresses) is retained in memory only and cleared automatically within 1 hour.

6. Your Rights (CCPA / GDPR)

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability (receive your data in a structured format)
  • Opt out of the sale of personal information (we do not sell personal information)

To exercise any of these rights, contact us at hello@brightstead.com. We will respond within 30 days.

7. Security

We implement appropriate technical and organizational measures to protect your data, including HTTPS encryption in transit, secure server infrastructure, and access controls. However, no method of transmission over the Internet is 100% secure.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated date. Your continued use of the Service after changes constitutes acceptance.

9. Contact

For privacy-related questions or requests: hello@brightstead.com

Brightstead Technologies, Inc.
Houston, Texas