Back to GauntletScore

GauntletScore Privacy Policy

Effective Date: March 16, 2026 Last Updated: March 16, 2026

1. Overview

Genstrata, Inc. ("Genstrata," "we," "us") operates the GauntletScore service ("Service"). This Privacy Policy explains what data we collect, how we use it, how long we retain it, and your rights regarding your data.

We are committed to minimizing data collection to what is necessary to operate the Service.

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Payment information (processed by our payment provider; we do not store credit card numbers)

2.2 API Usage Data

When you use the API, we collect:

  • API key identifier (hashed; we do not store your plaintext API key after initial generation)
  • Timestamp of each API request
  • Document size (character count, not the document itself)
  • Analysis configuration (thoroughness setting, number of rounds)
  • Gauntlet Score, grade, and component scores
  • Vote tally
  • Number and types of claims found
  • Elapsed time and verification tool cost
  • Error messages (if any)

2.3 Cryptographic Hashes

For each analysis, we store:

  • SHA-256 hash of the submitted document
  • SHA-256 hash of the generated transcript
  • The Gauntlet Verification Certificate (which contains hashes, not content)

These hashes cannot be reversed to reconstruct your document.

2.4 Verification Results (Anonymized)

When our system verifies a factual claim (e.g., whether a legal citation exists), the verification result may be retained in anonymized form in our Knowledge Layer. This includes:

  • The canonical form of the claim (e.g., "Henderson v. Frontier Airlines, 847 F.3d 1129")
  • The verification result (debunked, verified, inconclusive)
  • The source of verification (e.g., CourtListener, eCFR)
  • Confidence score

This data is separated from your account, your document, and your API request. It contains no customer-identifiable information. It is used to improve the speed and accuracy of future verifications for all users.

3. Data We Do NOT Collect or Store

  • We do not store your submitted documents. Documents are processed in memory during analysis and are not written to persistent storage. After the analysis completes and results are delivered, the document text is discarded.
  • We do not store analysis transcripts permanently. Transcripts are available for retrieval while the job is active. After a configurable retention period (default: 24 hours), transcripts are deleted from our systems.
  • We do not store your plaintext API key. We store a SHA-256 hash of your key for authentication. The plaintext key is shown to you once at creation and is not retrievable afterward.
  • We do not share your data with third-party AI model providers. Documents submitted to GauntletScore are sent to cloud AI providers (Anthropic, OpenAI, Google, xAI) for analysis as part of the Gauntlet debate process. These providers process the data according to their respective API data policies, which generally prohibit using API inputs for model training. We do not separately share, sell, or provide your data to any other third party.
  • We do not use your submitted content to train AI models. Your documents and code are not used by Genstrata to train, fine-tune, or improve any AI model.

4. How We Use Your Data

We use collected data to:

  • Authenticate your API requests
  • Process your analyses and deliver results
  • Generate and store Gauntlet Verification Certificates
  • Track your credit balance and usage
  • Improve verification accuracy through anonymized Knowledge Layer data
  • Monitor Service performance and reliability
  • Detect and prevent abuse
  • Communicate with you about your account and the Service

5. Data Retention

| Data Type | Retention Period | |-----------|-----------------| | Account data | Until account deletion | | API usage logs | 12 months | | Document text | Not retained (processed in memory only) | | Transcripts | 24 hours after job completion (configurable) | | Document hashes | Indefinite (cannot be reversed) | | Verification Certificates | Indefinite (publicly verifiable) | | Anonymized verification results | Indefinite |

6. Data Security

We protect your data using:

  • TLS encryption for all API communications
  • Ed25519 cryptographic signing for Verification Certificates
  • SHA-256 hashing of API keys (plaintext never stored)
  • SHA-256 hashing of documents (text never stored)
  • Row-level security in our database (tenant isolation)
  • Environment-variable-based secrets management (no credentials in code)

7. Third-Party Services

The Service uses the following third-party services to operate:

| Service | Purpose | Data Shared | |---------|---------|-------------| | Anthropic (Claude) | AI agent for document analysis | Document text (per-request, not stored by provider for training via API) | | OpenAI (GPT) | AI agent for document analysis | Document text (same) | | Google (Gemini) | AI agent for document analysis | Document text (same) | | xAI (Grok) | AI agent for document analysis | Document text (same) | | Supabase | Database and authentication | Account data, usage logs, certificates | | Railway | Application hosting | Application code and environment variables | | CourtListener | Legal citation verification | Citation text only (public legal database) | | eCFR | Regulatory reference verification | Regulation identifiers only (public government database) | | PubMed | Scientific claim verification | Search queries only (public NIH database) | | SEC EDGAR | Financial filing verification | Filing identifiers only (public SEC database) |

8. Sovereign Edition

For organizations that cannot send data to cloud services, Genstrata offers the Sovereign Edition — a fully air-gapped deployment that runs entirely on your hardware with no external network connections. The Sovereign Edition processes all data locally using open-weight AI models. No data leaves your premises. Contact sales@genstrata.com for details.

9. Your Rights

You have the right to:

  • Access your account data and usage history
  • Delete your account and associated data (email privacy@genstrata.com)
  • Export your analysis results and certificates
  • Opt out of anonymized Knowledge Layer contributions (contact privacy@genstrata.com; note that this may reduce verification speed for your analyses)

For users subject to GDPR, CCPA, or similar data protection regulations, additional rights may apply. Contact privacy@genstrata.com with your request.

10. Children

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect data from children.

11. Changes

We may update this Privacy Policy from time to time. We will notify you of material changes by email. Your continued use of the Service after notification constitutes acceptance.

12. Contact

Genstrata, Inc. Privacy inquiries: privacy@genstrata.com General: support@genstrata.com Web: gauntletscore.com

Genstrata, Inc. — Patent Pending (USPTO #63/967,169)