Privacy Policy
Last updated: March 30, 2026
In short: RIFACTS does not collect, store, or transmit any personal data to external servers. It has no backend, no database, and no analytics. All processing happens within your Google Workspace session and Google's own AI infrastructure.
1. Who We Are
RIFACTS is an open-source Google Docs sidebar add-on developed by Aleodor Tabarcea ("the Developer"), distributed under the MIT License. The Developer acts as the provider of the software. You, the user, remain the sole data controller of any content processed through RIFACTS.
The Developer does not operate any servers, APIs, or infrastructure on behalf of RIFACTS. The add-on runs entirely within Google's Apps Script runtime environment, under your Google account.
2. What RIFACTS Does
RIFACTS helps investigative journalists fact-check claims by comparing highlighted text in a Google Doc against evidence files stored in Google Drive. It uses the Google Gemini API to analyse evidence and return scored results with quoted passages.
3. Data We Access
When you use RIFACTS, the add-on reads the following data through Google's OAuth APIs, only during your active session and only upon your explicit action (clicking "Verify"):
- Google Docs — The text you have highlighted in the currently open document (the claim to verify). RIFACTS can only read the document it is opened in, not any other document in your account.
- Google Drive — Files within the specific folder you select as evidence (Google Docs, PDFs, and Spreadsheets). RIFACTS has read-only access and cannot create, modify, or delete any files in your Drive.
- Google Sheets — Cell content from spreadsheet files within your selected evidence folder. Read-only access.
- YouTube — Video metadata (title, description) for YouTube URLs you provide or that appear in your evidence files. Transcripts are fetched from YouTube's public page data.
4. How Data Is Processed
Your highlighted claim text and the content of your selected evidence files are sent directly from Google's Apps Script runtime to the Google Gemini API for analysis. This is a server-to-server call within Google's infrastructure, authenticated with your personal API key.
- No data passes through any server owned or operated by the Developer
- No data is sent to any third party outside of Google
- No data is logged, cached, indexed, or stored by RIFACTS beyond the active browser session
- Analysis results are displayed in the sidebar and exist only in browser memory — they are not saved unless you manually copy them
5. Data Storage
RIFACTS has no backend server, no database, no file storage, and no logging infrastructure. It is a client-side add-on that runs entirely within Google's Apps Script environment. Your data never leaves the Google ecosystem.
The only persistent value is your Gemini API key, stored in Google Apps Script's built-in Properties Service, which is private to your Google account and inaccessible to the Developer or any other user.
6. Data Sharing
RIFACTS does not share, sell, rent, license, or otherwise disclose your data to any third parties. The Developer has no access to your data at any point.
The only external service called is the Google Gemini API, using your own API key. Your use of Gemini is governed by Google's Generative AI Terms of Service and the Google Privacy Policy.
7. Cookies and Tracking
RIFACTS does not use cookies, local storage, session storage, tracking pixels, analytics scripts, or any other tracking mechanism. There is no telemetry of any kind. The Developer has no way to know who is using the add-on, how often, or for what purpose.
8. OAuth Permissions (Scopes)
RIFACTS requests the minimum OAuth scopes necessary for its functionality:
| Scope | Purpose |
|---|---|
| documents.currentonly | Read highlighted text in the currently open Google Doc only |
| drive.readonly | Browse folders and read evidence files (read-only, cannot modify your Drive) |
| spreadsheets.readonly | Read spreadsheet data used as evidence (read-only) |
| youtube.readonly | Fetch video titles and descriptions for YouTube evidence |
| script.container.ui | Display the sidebar inside Google Docs |
| script.external_request | Call the Google Gemini API with your API key |
RIFACTS does not request write access to your documents, Drive, or spreadsheets. It cannot modify, delete, or create any files in your Google account.
9. Children's Privacy
RIFACTS is not intended for use by individuals under the age of 16. The Developer does not knowingly process data from minors. If you are under 16, do not use this add-on.
10. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):
- Right of access — RIFACTS stores no personal data beyond your API key in your own Google account. There is nothing for the Developer to provide.
- Right to erasure — You can delete your API key by clearing it in the RIFACTS settings screen. You can revoke all permissions from your Google Account Permissions page.
- Right to restriction / objection — You can stop using RIFACTS at any time. No data persists after your session ends.
- Data portability — Not applicable, as no personal data is stored.
Since the Developer does not collect or store any personal data, there is no data processing agreement required. You remain the sole controller of all content processed through the add-on.
11. Security
RIFACTS relies on Google's security infrastructure for all data handling. Your API key is stored using Google's Properties Service, which is encrypted at rest and accessible only to your Google account. All API calls use HTTPS. The source code is publicly auditable on GitHub.
12. Data Breach Notification
Because RIFACTS has no server infrastructure and stores no user data, a data breach originating from RIFACTS is not technically possible. If a vulnerability is discovered in the source code, the Developer will publish a fix on GitHub and, where feasible, notify affected users through the repository's release notes and issue tracker.
13. Changes to This Policy
If this policy is updated, the change will be reflected on this page with an updated date. Material changes will be documented in the project's GitHub repository. Continued use of the add-on after changes constitutes acceptance of the revised policy.
14. Contact
For questions about this privacy policy or to exercise your data rights, please open an issue on the GitHub repository.