Privacy Policy

Last updated: March 14, 2026

WhoIsRight ("we", "us", "the service") is committed to protecting your privacy. This policy explains what data we collect, why, and how we handle it.

1. What We Collect

Data	Purpose	Storage
Debate sessions (questions, AI responses, scores)	Save & share debates via unique links	Our server (SQLite database)
Your IP address	Rate limiting & abuse prevention (max 3 sessions per IP)	Our server, stored with session
Feedback messages & email (optional)	Product improvement	Our server
OpenRouter API key	Send requests to AI models on your behalf	Your browser only (localStorage). Never sent to our server.
Theme preference, model selection	Remember your settings	Your browser only (localStorage)

2. What We Do NOT Collect

We do not use cookies for tracking or advertising
We do not use any third-party analytics (no Google Analytics, no Facebook Pixel)
We do not sell, share, or transfer your data to third parties
We do not store your OpenRouter API key on our servers

3. AI Model Providers

When you use WhoIsRight, your questions are sent directly from your browser to OpenRouter using your own API key. We do not proxy or intercept these requests. OpenRouter then routes them to the AI providers you selected (Anthropic, OpenAI, Google, etc.). Each provider has its own privacy policy — please review them if you have concerns about how they handle your data.

4. Data Retention

Debate sessions are stored indefinitely so shared links continue to work. We may delete sessions older than 12 months that have not been accessed.
Feedback is stored until reviewed and acted upon.
localStorage data (API key, preferences) stays in your browser until you clear it.

5. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

Access your data — contact us and we'll provide what we have
Delete your data — contact us with your session link(s) and we'll remove them
Rectify inaccurate data
Object to processing

To exercise these rights, email us at the address below.

6. Security

API requests to AI models go directly from your browser — we never see your API key
Session edit links and view-only links use separate random 12-character tokens
Rate limiting prevents abuse (30 requests/min per IP)
Request body size is capped at 1MB

7. Cookies

WhoIsRight does not use cookies. All preferences are stored in your browser's localStorage, which is not sent to our server with requests.

8. Children

This service is not directed at children under 16. We do not knowingly collect data from children.

9. Changes

We may update this policy. Changes will be posted on this page with an updated date.

10. Contact

Questions about privacy? Email: privacy@whoisright.org