Privacy Policy
This policy explains how AskVerdict collects, processes, stores, and protects your personal information. It applies to all users of the AskVerdict platform, API, CLI, and related services operated by GLINCKER LLC, doing business as "GLINR Studios."
1. Data Controller
AskVerdict is a product of GLINCKER LLC, operating as "GLINR Studios" ("we," "us," or "our"). We are the data controller responsible for your personal information processed through the AskVerdict platform at askverdict.ai.
For all privacy-related inquiries, you may contact our Data Protection team at: support@glincker.com
2. Information We Collect
Account Data
When you create an account, we collect your name, email address, and hashed authentication credentials. If you authenticate via GitHub or Google OAuth, we receive your public profile information (name, email, avatar) from those identity providers. We do not receive or store your OAuth provider passwords.
Usage Data
We automatically collect information about how you interact with our platform, including:
- Debate topics, prompts, and agent configurations submitted
- Feature usage patterns, pages visited, and click events
- Timestamps, session duration, and frequency of access
- IP address, browser type, operating system, and device identifiers
- Referring URL and pages viewed before/after visiting AskVerdict
Debate Content
The questions, prompts, and topics you submit are processed to generate AI-driven debates and verdicts. We store debate content associated with your account to provide debate history, continuity, and replay functionality.
Payment Data
Subscription and credit purchases are processed by Stripe. We do not store your full credit card number, CVV, or bank account details. Stripe provides us with a tokenized reference, last four digits, card brand, and billing address for transaction records.
Communications Data
If you contact us via email, support forms, or social media, we retain the content of your communications, including any attachments, to resolve your inquiries and improve our service.
3. Legal Basis for Processing
Under the EU General Data Protection Regulation (GDPR) and similar frameworks, we process your personal data on the following legal bases:
- Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide the AskVerdict service, manage your account, process subscriptions, and deliver AI-generated debates
- Legitimate interests (Art. 6(1)(f) GDPR): Analytics, fraud prevention, service improvement, and security monitoring, where such interests are not overridden by your data protection rights
- Consent (Art. 6(1)(a) GDPR): Marketing communications, non-essential cookies, and optional data processing where we explicitly request your consent. You may withdraw consent at any time
- Legal obligation (Art. 6(1)(c) GDPR): Compliance with applicable tax, accounting, anti-money laundering, and regulatory requirements
4. Bring Your Own Key (BYOK) API Keys
AskVerdict supports a Bring Your Own Key model for connecting to third-party AI providers. This section explains exactly how we handle your API keys:
- Your API keys are NEVER stored on our servers. Keys exist exclusively in volatile memory (RAM) for the duration of a single HTTP request and are discarded immediately upon response delivery. They are never written to disk, database, logs, or any persistent storage.
- Keys are transmitted via encrypted HTTPS (TLS 1.2+) connections only. They are passed as request headers (
X-Provider-Keys) and forwarded directly to the respective AI provider's API in real time. - We do not log, cache, serialize, or persist your API keys in any form — including application logs, error reports, analytics systems, or crash dumps.
- Our server infrastructure uses memory-safe practices to ensure keys are zeroed out of memory immediately after the request lifecycle completes.
- You are solely responsible for managing, rotating, revoking, and securing your own API keys with the respective providers. If you suspect a key has been compromised, revoke it directly with the provider.
- AskVerdict is not liable for any charges, rate limits, quota consumption, or account actions taken by third-party providers in connection with your BYOK key usage through our platform.
5. How We Use Your Data
We process collected information for the following purposes:
- Service delivery: Providing, maintaining, and operating the AskVerdict platform, including processing debate requests and generating AI verdicts
- Account management: Creating and managing your account, authenticating access, and processing subscription payments
- Service improvement: Analyzing usage patterns, debugging errors, and developing new features based on aggregate insights
- Communications: Sending service-related notifications (account verification, password resets, billing receipts, security alerts, and material changes to our policies)
- Safety & compliance: Detecting, preventing, and addressing abuse, fraud, security threats, and violations of our Acceptable Use Policy
- Legal obligations: Complying with applicable laws, regulations, legal processes, and governmental requests
6. Third-Party AI Providers
AskVerdict sends your debate prompts and content to third-party AI model providers to generate multi-agent responses. Depending on your configuration and plan, data may be sent to one or more of the following providers:
- Anthropic — Claude models (Privacy Policy)
- OpenAI — GPT models (Privacy Policy)
- Google — Gemini models (Privacy Policy)
- xAI — Grok models (Privacy Policy)
- OpenRouter — Aggregated model access (Privacy Policy)
Important: Each provider processes data according to their own privacy policies and data processing agreements. When using our platform credits (non-BYOK), your debate content is sent via our API keys under our commercial API agreements, which typically include data processing terms that prohibit the provider from using your input for model training. When using BYOK, the provider's standard API terms for your key tier apply.
We only send the minimum data necessary to fulfill your debate request. We do not send your account information, email, or personal identifiers to AI providers.
7. Automated Decision-Making & AI Processing
AskVerdict uses artificial intelligence as its core service feature. The following automated processes occur:
- Debate generation: AI agents analyze your submitted topic and produce arguments, counterarguments, and a synthesized verdict. This is the primary service function, not a decision made about you.
- Content moderation: We may use automated systems to detect and flag content that violates our Acceptable Use Policy.
- Usage monitoring: Automated systems monitor for abuse patterns, rate limit violations, and security threats.
No automated decisions are made that produce legal effects or similarly significant effects on you solely through automated processing. Account suspension or termination decisions always involve human review.
8. Data Sharing & Disclosure
We do not sell your personal information. We may share data with:
- Service providers: Third-party vendors who assist in operating our platform (hosting, payment processing, analytics, email delivery), bound by data processing agreements
- AI providers: As described in Section 6, debate content is sent to AI providers to generate responses
- Legal requirements: When required by law, court order, or governmental regulation, or to protect our rights, safety, or property
- Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity
- With your consent: In any other circumstances where we have obtained your explicit consent
9. International Data Transfers
AskVerdict operates globally, and your data may be processed in countries outside your jurisdiction, including the United States, where our primary infrastructure is hosted. When transferring personal data internationally, we implement appropriate safeguards including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all sub-processors
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- Assessment of the legal frameworks in recipient countries
You may request a copy of the safeguards we apply to international transfers by contacting us at support@glincker.com.
10. Data Security
We implement industry-standard technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS 1.2+) and at rest (AES-256) for all stored data
- Hashed and salted password storage using bcrypt
- Role-based access control for internal systems
- Regular security audits and dependency vulnerability scanning
- Automated intrusion detection and rate limiting
- Secure, isolated database environments with automated backups
- CSRF protection and secure session management
While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any vulnerability or breach.
11. Data Retention & Deletion
We retain your data according to the following schedule:
- Account data: Retained for as long as your account is active, plus 30 days after deletion request
- Debate history: Retained while your account is active. Deleted within 30 days of account deletion
- Payment records: Retained for 7 years as required by tax and accounting regulations
- Server logs: Automatically purged after 90 days
- Analytics data: Aggregated and anonymized; retained indefinitely in non-identifiable form
- Backup copies: Purged within 90 days of the original data deletion
You may request deletion of your account and associated data at any time by contacting support@glincker.com or using the account deletion feature in your settings.
12. Cookies & Tracking
We use cookies and similar technologies to maintain your session, remember preferences, and analyze usage. For full details on the types of cookies we use, their purposes, durations, and how to manage them, please see our Cookie Policy.
Do Not Track: Our platform does not currently respond to "Do Not Track" (DNT) browser signals, as there is no uniform industry standard for interpreting DNT. We will update this policy if a standard is established.
13. Your Rights (GDPR — EEA/UK Residents)
If you are located in the European Economic Area or United Kingdom, you have the following rights under the GDPR:
- Right of access (Art. 15): Request a copy of the personal data we hold about you
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
- Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
- Right to restriction (Art. 18): Request restriction of processing in certain circumstances
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format (JSON)
- Right to object (Art. 21): Object to processing based on legitimate interests
- Right to withdraw consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent
- Right to lodge a complaint: File a complaint with your local data protection supervisory authority
To exercise any of these rights, contact us at support@glincker.com. We will respond within 30 days.
14. Your Rights (CCPA/CPRA — California Residents)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected
- Right to delete: Request deletion of your personal information
- Right to correct: Request correction of inaccurate personal information
- Right to opt-out of sale/sharing: We do not sell or share your personal information for cross-context behavioral advertising
- Right to non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights
- Right to limit use of sensitive personal information: Direct us to limit the use and disclosure of sensitive personal information
To submit a verifiable consumer request, contact support@glincker.com. We will verify your identity and respond within 45 days.
15. Children's Privacy
AskVerdict is not intended for use by individuals under 13 years of age (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child below the applicable age threshold, we will take steps to delete that information within 30 days.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@glincker.com.
16. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Art. 33)
- Notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms
- Document the breach, its effects, and the remedial actions taken
- Implement measures to mitigate the effects and prevent future occurrences
17. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will update the "Last updated" date at the top of this page
- We will notify you via email or a prominent in-app banner at least 30 days before material changes take effect
- For significant changes to how we process your data, we will request renewed consent where required
Your continued use of AskVerdict after the effective date of changes constitutes acceptance of the revised policy.
18. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: support@glincker.com
- Company: GLINCKER LLC, operating as GLINR Studios
- Website: glincker.com
See also: Terms of Service · Cookie Policy · Acceptable Use Policy