Privacy Policy

Last updated: 2026-04-20

This policy explains what information WormGPT collects, why, and how you can control it. By using this site or our bots you agree to the terms below.

1. Data we collect

• Account data. API key, subscription plan, and RevenueCat customer ID — stored in our MongoDB to authenticate you and enforce quotas.
• Chat content. Messages you send to the assistant and the responses it produces. Conversations are persisted in encrypted browser storage on your device; the server only retains short-term transcripts needed to operate tools (web search, leak check, etc.).
• Technical data. IP address (anonymized before analytics), user agent, referrer, page URL, device class, and timestamps. Used for security, abuse prevention, and error diagnostics.
• Analytics. When you accept the consent banner we load Google Analytics 4 (measurement ID G-T6G8S8S8LQ). GA4 collects pseudonymous identifiers (GA cookie), page views, events, and Core Web Vitals. IP is anonymized and Google Signals / ad personalization are disabled.

2. Legal basis (GDPR / UK GDPR)

• Contract: to deliver the service you paid for.
• Legitimate interest: fraud prevention, security logging, anti-abuse, and service health.
• Consent: analytics cookies — only set after you click Accept. Until then GA4 runs in cookieless Consent Mode v2.

3. Cookies & similar tech

• Functional (always on): theme preference, session token, PWA offline queue.
• Analytics (opt-in): _ga, _ga_<ID> set by GA4 after consent.
• Advertising: none.

4. Sharing

We share data only with processors strictly necessary to run the service: Google (Analytics), RevenueCat (billing), MongoDB Atlas / our infrastructure providers, and the upstream model providers that generate AI responses. We do not sell personal data.

5. Retention

Chat transcripts: up to 30 days on the server, then deleted. Error logs: 30 days. GA4 user-level data: 14 months (the minimum Google allows). Billing records: as required by tax law.

6. Your rights

Under GDPR / UK GDPR / CCPA you can access, correct, export, or delete your data, and withdraw consent at any time. Email [email protected].

7. Managing analytics consent

Your current choice is stored in your browser. Clear it below to see the banner again:

8. Contact

WormGPT / CheckLeaked — [email protected]