Privacy Policy

The short version

Saltgrain is an iOS app that helps you make sense of short-form videos (TikTok, Instagram Reels, YouTube Shorts). When you share a video with us, the app does three things with the help of AI: it verifies factual claims to the extent they can be verified, it surfaces ideas and threads worth exploring further, and it links you to sources so you can keep learning on your own.

To do this, we send the video and the URL to third-party AI and search providers, then store the read (verdict or explore-mode summary), the sources we found, and a small device record on our server so the app can show you your history. We retain user-identifying records for at least 90 days, after which they're deleted from the user-facing surface; you can also delete everything manually any time from Settings.

We don't sell your data. We don't show ads. We don't have an account system. There's no email, name, or phone number for us to lose.

We may evolve the app over time — including, in the future, collecting more data than we do today (for example, opt-in feedback on a read, or paid subscription data once we add subscriptions). If we make a material change to what we collect, we will notify you in the app, update this policy, and ask for any required consent before the new collection takes effect.

Who we are

Saltgrain is an iOS app operated by an individual developer based in the Commonwealth of Virginia, United States. Throughout this policy, "Saltgrain," "we," "us," and "our" refer to that operator. The legal name of the developer appears on the App Store under the app listing.

Contact: nqgern411@gmail.com.

What we currently collect

Device record: when you first open the app, we generate an anonymous device identifier so the backend knows which verdicts to send back to you. We also store the Apple Push Notification token associated with that device so we can deliver verdicts to your lock screen.

Verifications: every video you share gets a record on our server with the original URL you submitted, the verdict text we produced, the claims we extracted, the sources we found, the timestamp, and the analysis latency. This is what powers the Home feed inside the app.

Audit log: short technical records (request id, timestamps, latency, error type) for debugging the pipeline. No personal identifiers.

We don't currently collect: your name, email address, phone number, precise or coarse location, contacts, photos library, calendar, health data, or any other data outside what you explicitly share with the app by submitting a URL. We don't ask for or use the iOS Identifier for Advertisers (IDFA), and we don't use the AppTrackingTransparency framework.

How we use what we collect

Service operation: producing verdicts, delivering them via push, showing them in your history, supporting the share extension and chat features.

Abuse prevention and rate limiting: caps on how many verifications a single device can run per day, detecting unusual usage patterns.

Diagnostics and reliability: the audit log lets us correlate failures with specific provider outages and improve the pipeline.

Product improvement: we may study aggregate, de-identified usage patterns (e.g., what share of verdicts time out, what proportion of claims a typical video produces) to make the app faster and more accurate. This work uses data that does not identify you.

Legal compliance: responding to lawful requests (court orders, subpoenas) where we are legally obligated. We will push back on requests we believe are improper.

Where your data goes

When you share a video, we send it through the following third-party services. Each receives only the data they need to do their job, and none of them are given device identifiers, push tokens, or any other user-identifying information beyond technical request metadata (such as our server's IP address) that they collect on their own.

• Apify (apify.com) — fetches the video file from TikTok, Instagram, or YouTube on our behalf, since direct fetches from our server are blocked by those platforms. Apify receives the URL you submitted.
• Google Cloud Vertex AI (cloud.google.com/vertex-ai) — runs Google's Gemini multimodal models to analyze the video's frames and audio and to extract the factual claims being made. Vertex AI receives the video bytes and the prompt template.
• Brave Search (brave.com/search/api) — finds web sources for each extracted claim. Brave receives the claim text only.
• Anthropic Claude (anthropic.com) — synthesizes the final verdict from the extracted claims, Brave's web results, and (for grounded verdicts) Claude's own web search tool. Anthropic receives the synthesis prompt, including the claims and source snippets.

When you view a verdict's source rows, the source-domain favicons are fetched directly from Google's public favicon service (google.com/s2/favicons). That request goes from your iPhone to Google and discloses the source domain plus your IP address. We're working on proxying these through our backend in a future version.

These providers act as our service providers / processors and are contractually limited to using your data only as needed to provide their service to us. They have their own privacy practices, which you can review on their websites.

How long we keep things

User-identifying records (verifications tied to your device record, audit log entries) are retained on our server for at least 90 days. After that window, they are deleted from the user-facing surface (your history) on a rolling basis.

Your device record itself remains as long as you have the app installed; if you uninstall the app, your push token will be marked stale and removed from our records during the next sweep.

You can delete everything immediately at any time: Settings → Delete history wipes server-side verifications, claims, audit log entries, and chat messages associated with your device.

We may retain de-identified, aggregated, or anonymized derivatives of the data we collect — for example, statistics about verdict outcomes across all users, model-quality metrics, or research datasets that have had user identifiers removed — for longer than 90 days, including indefinitely. These derivatives do not identify you and are used to improve and study the service. This carve-out is what allows us to learn from usage at all; if it ever extends to data that does identify you, we will update this policy and notify you first.

Your rights

Access: the app itself shows you the records we hold tied to your device — your history, your chat messages, your settings. If you would like a more structured export, email us.

Deletion: Settings → Delete history wipes server-side records on demand. Uninstalling the app additionally retires your push token within 30 days (when the next stale-token sweep runs).

Correction: we do not maintain user profiles, so there is nothing for you to correct about yourself. If you believe a verdict about a video misrepresents what was said in the video, email us; we will review and, where warranted, remove or annotate the verdict.

Portability: limited — most of what we hold is the verdict text plus sources, all of which is shown in the app. Email us if you need a structured export.

Non-discrimination: we will not degrade your access to the app, charge you more, or refuse service because you exercised any of these rights.

Your California privacy rights

California residents have certain rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA. We extend these rights to all users regardless of state, but to be explicit about what California law guarantees:

• Right to know what personal information we have collected about you in the preceding 12 months and how we use it. The "What we currently collect," "How we use what we collect," and "Where your data goes" sections above provide this disclosure.
• Right to delete personal information we have collected. Settings → Delete history is the in-app mechanism.
• Right to correct inaccurate personal information. We do not maintain personal profiles, but you can email us if you believe specific records about you are inaccurate.
• Right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising. There is nothing to opt out of.
• Right to limit the use of sensitive personal information. We do not collect sensitive personal information as defined by the CPRA.
• Right to non-discrimination for exercising any of these rights.

To exercise any right, email us at nqgern411@gmail.com from a phone or email associated with your device. We may need to confirm a request via the app to protect against fraudulent requests. Authorized agents may submit requests on your behalf with a signed permission and proof of identity.

Children's privacy

Saltgrain is intended for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it.

If you are a parent or guardian and you believe your child under 13 has used Saltgrain, please email us and we will delete any associated records.

App tracking and advertising identifiers

Saltgrain does not use Apple's Identifier for Advertisers (IDFA), does not use the AppTrackingTransparency framework, and does not engage in cross-app or cross-website tracking. We don't show ads, don't integrate advertising SDKs, and don't share data with advertising networks.

If this ever changes, we will update this policy, prompt you with the standard ATT system dialog, and obtain your consent before any tracking begins.

Security

All connections between the app and our backend use HTTPS with modern TLS. Server-side data is held on our infrastructure provider's encrypted disks. We use industry-standard practices to protect against unauthorized access, but no system is perfectly secure; we cannot guarantee absolute security.

If we ever experience a security incident that affects your data, we will notify affected users and applicable regulators as required by law.

International users

Saltgrain is operated from the United States and is currently distributed through the U.S. App Store. Our backend is hosted in the United States. If you use the app from outside the United States, you understand that your data will be transferred to and processed in the United States, which may have different data-protection laws than your home country.

If we expand availability into the European Union, the United Kingdom, or other regions with comprehensive data-protection regimes, we will update this policy to add the rights and notices required by those regimes (lawful bases under GDPR, UK transfer safeguards, etc.).

Aggregate, anonymized, and derived data

We may compute aggregate statistics, train and improve our AI models, build research datasets, and publish findings using data that has been de-identified and cannot reasonably be linked back to you. Examples include: the distribution of verdict outcomes across all users, average claim count per video, model accuracy metrics computed against held-out test sets, and similar.

These uses are central to making Saltgrain a better product over time. Because the data has been de-identified, it is no longer your personal information, and the retention limits and deletion rights described above don't apply to it.

If we ever propose to use data that does identify you for any of these purposes — including, for example, a future feedback feature where you opt in to rate verdicts under your device — we will update this policy, surface the change in the app, and obtain your consent before that use begins.

Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change.

For non-material changes (clarifying language, correcting typos, updating service-provider names without changing what they do), we will simply update the date. For material changes — meaning changes that expand the categories of data we collect, change the purposes of processing, change retention in a way that disadvantages you, or otherwise meaningfully affect your privacy — we will notify you in the app and, where consent is required by law, ask for your renewed consent before the change takes effect.

Continued use of Saltgrain after a non-material change becomes effective constitutes acceptance of the updated policy.

Contact

For privacy questions, requests to exercise your rights, or to report a concern, email nqgern411@gmail.com. We aim to respond within 30 days.