← Back to EULAScout

Privacy Policy

Last Updated: January 2025

Our Commitment to Privacy

At EULAScout, your privacy is our top priority. We've built our service around the principle of client-side processing to ensure your data stays private and secure.

What We Do (and Don't Do)

✅ What We Do

  • Client-Side AI Processing: All EULA analysis happens directly in your browser using WebGPU/WebAssembly. Your EULA text never leaves your device.
  • Optional URL Fetching: If you choose to analyze a EULA from a URL, our server fetches the content on your behalf to avoid CORS issues. This content is immediately discarded after being sent to your browser.
  • Anonymous Usage: We do not require accounts, logins, or personal information to use EULAScout.

❌ What We Don't Do

  • No Data Collection: We do not collect, store, or analyze the EULA text you submit.
  • No Third-Party Sharing: We do not share your data with third parties because we don't have it.
  • No Cookies: We only use essential localStorage to remember your model download preference. Our analytics tool (Plausible) also doesn't use cookies.
  • No Personal Tracking: We do not track your browsing activity or create user profiles. Our analytics are completely anonymous and aggregated.

Information We Collect

Technical Information

When you use EULAScout, we may collect minimal technical information necessary to operate the service:

  • Server Logs: Standard server logs including IP addresses, browser type, and request timestamps for security and rate-limiting purposes.
  • Error Logs: Anonymous error reports to help us improve the service.
  • Rate Limiting Data: Temporary IP-based rate limiting to prevent abuse (10 requests per minute).

Local Storage

EULAScout uses browser localStorage to:

  • Remember if you've seen the AI model download warning (key: eulascout-model-warning-seen)
  • Cache the AI model in IndexedDB for faster subsequent loads (~650MB)

This data never leaves your device and can be cleared at any time through your browser settings.

Chrome Extension

Our Chrome extension follows the same privacy principles:

  • Only requests "activeTab" permission - we can only access content when you explicitly click the extension
  • Does not run in the background or monitor your browsing
  • Selected text is sent directly to the website via URL parameters (no server storage)

Data Security

We implement industry-standard security measures:

  • HTTPS encryption for all connections
  • Content Security Policy (CSP) headers
  • SSRF protection to prevent server abuse
  • Input sanitization to prevent XSS attacks
  • Rate limiting to prevent denial-of-service

Third-Party Services

EULAScout relies on the following third-party services:

  • Plausible Analytics: We use Plausible, a privacy-friendly analytics tool, to understand basic usage patterns (like page views and referrers). Plausible does not use cookies, does not collect personal data, and does not track you across websites. All data is anonymized and aggregated. See Plausible's Privacy Policy for details.
  • Hugging Face: AI models are downloaded from Hugging Face CDN (huggingface.co) on first use. This is a one-time download cached in your browser.
  • Netlify: Our website is hosted on Netlify. They may collect standard server logs for security and performance purposes. See Netlify's Privacy Policy for details.

Children's Privacy

EULAScout is not directed at children under 13. We do not knowingly collect information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.

Contact Us

If you have questions about this Privacy Policy, please contact us at:

Christopher Maher
Email: contact@defilan.com
GitHub: @Defilan

© 2025 EULAScout. All rights reserved.