Privacy Policy
CrossCheck AI — A Platilus Product
1. Data Controller
Platilus LLC ("Platilus", "we", "us") is the data controller for personal data collected through platilus.com and the CrossCheck AI service ("Service").
- Registered address: D. Agmashenebeli Avenue, N 177, Floor 1, Apartment N5, Kobuleti district, Georgia
- Registration number: 447010323
- General contact: [email protected]
- Data Protection contact: [email protected]
This Privacy Policy applies globally to all users of the Service, regardless of location. Where local laws provide additional or different rights, they are described in the jurisdiction-specific sections (§14). We comply with the most protective standard applicable to each user.
2. Our Role: Controller and Processor
Depending on how you use CrossCheck AI, we act in different capacities:
BYOK mode (verification session): We are NOT a data processor for your verification content. Your data travels from your browser to your chosen AI provider via our Thin Proxy. The Thin Proxy does not inspect, log, store, or modify request content — it acts solely as a network relay forwarding encrypted TLS traffic. This technical relay function does not constitute "processing" of personal data under GDPR Art. 4(2).
BYOK mode (Data Flywheel): We are the data controller for pseudonymized session records (structured disagreements without personal data) collected to improve our service. Legal basis: Legitimate Interest (see §4).
Hosted mode (verification session): We are the data processor acting on your behalf. Your text is processed on our servers with personal information automatically removed before forwarding to AI providers. A Data Processing Agreement (DPA) will be available at platilus.com/legal/dpa before Hosted mode launch.
Hosted mode (Data Flywheel): Same as BYOK — we are the controller for pseudonymized data.
Feedback (all modes): We are the data controller based on your explicit consent when you voluntarily submit ratings or corrections.
3. What We Collect
Data collection differs by service mode.
3.1. All users
- Email address — provided voluntarily through signup
- Analytics data — anonymous page views via Plausible Analytics (no personal data, no cookies)
- Cookie preferences — your consent choice (cc_consent cookie, 365 days)
- A/B test assignment — variant assignment for site functionality (cc_variant cookie, 30 days)
3.2. BYOK mode users
- Session metadata: token count, model used, latency, cost (no personal data)
- Structured disagreements: pseudonymized summaries of where AI models disagreed — extracted in your browser, personal information removed before transmission to our servers
- Feedback: ratings and corrections you voluntarily submit
We do NOT collect in BYOK mode: your task text, your documents, your API keys. API keys are stored only in your browser using WebCrypto encryption and cannot be extracted by scripts or by us.
3.3. Hosted mode users
- Task text: processed in server memory (RAM only), never written to disk, deleted immediately after processing
- PII removal: personal information is automatically detected and removed by our scrubber (NER + regex) BEFORE forwarding to AI providers. This is a best-effort pseudonymization measure using industry-standard techniques (Microsoft Presidio); it may not catch all instances of personal information. Users should avoid including highly sensitive personal information (government IDs, financial account numbers, medical records) in verification requests.
- Session metadata, disagreements, and feedback: same as BYOK mode
3.4. What we never collect
- Passwords of third-party services
- Payment card details (processed by our payment provider)
- Government-issued ID numbers
- Health or biometric data (if submitted in task text, it is scrubbed and not retained)
4. Legal Basis for Processing
Under GDPR Article 6, we process personal data on the following bases:
| Data Type | Legal Basis | GDPR Article |
|---|---|---|
| Email signup, cookie consent | Consent | Art. 6(1)(a) |
| Voluntary feedback (ratings, corrections) | Consent | Art. 6(1)(a) |
| Account data, service delivery (Hosted) | Contract | Art. 6(1)(b) |
| Pseudonymized session data (Data Flywheel) | Legitimate Interest | Art. 6(1)(f) |
| Server logs (security, debugging) | Legitimate Interest | Art. 6(1)(f) |
| Anonymous analytics | Legitimate Interest | Art. 6(1)(f) |
Legitimate Interest Assessment (Data Flywheel): We have conducted a Legitimate Interest Assessment (LIA). Processing pseudonymized disagreement data serves the purpose of improving AI verification accuracy and safety. Synthetic data is insufficient for identifying complex reasoning errors — real-world disagreements are essential. Rights of data subjects are protected through: pseudonymization, encryption, absence of direct identifiers, and easy opt-out. The risk to rights and freedoms is minimal compared to the benefit.
Mandatory vs. optional data (Art. 13(2)(e)): Providing your email address is required to create an account and use the Service. If you do not provide it, you cannot access CrossCheck AI features that require authentication. All other personal data (feedback, corrections, profile details) is optional — withholding it does not restrict your access to core verification features.
5. How We Use Data
- Providing the CrossCheck AI verification service
- Improving verification accuracy through aggregated, pseudonymized disagreement data (Data Flywheel)
- Developing model reliability metrics across domains
- AI safety research using de-identified patterns
- Service improvement based on aggregated usage patterns
- Communication about product updates (only to users who opted in)
6. Data Flywheel: How We Improve Our Service
CrossCheck AI collects pseudonymized structured disagreements (points where AI models disagree) to improve verification accuracy. Important facts about this data:
- It contains NO personal information — PII is removed before collection
- It is correctly classified as pseudonymized data under GDPR, not anonymous data
- It is used to: improve verification algorithms, generate domain-specific reliability scores, and identify common AI error patterns
- It is never sold, rented, or traded to third parties
- It is never shared with AI providers for their model training
First session notice: Before your first verification session, the Service will display a notice informing you about Data Flywheel collection and your right to opt out. No pseudonymized data is collected from your session until this notice has been displayed.
Opt-out: You can disable Data Flywheel contribution in your account settings at any time. Opt-out applies to all future sessions. Previously collected pseudonymized disagreements cannot be retroactively linked to your identity and therefore cannot be selectively deleted (this is permitted under GDPR Recital 26). Opting out does not affect your access to any features or the quality of service you receive. We also offer a zero-retention option that collects no data at all — our server does not even know that a session occurred.
7. Third-Party Processors
7.1. Website infrastructure
| Processor | Purpose | Jurisdiction | Personal Data |
|---|---|---|---|
| Formspree | Email signup form | USA | Email address |
| Plausible Analytics | Privacy-friendly analytics | EU (Germany) | None (cookieless) |
| Cloudflare | Hosting, CDN, Web Analytics | Global (EU-compliant) | None |
| PCI-compliant payment processor | Payment processing | USA/EU | Payment data (not shared with us) |
7.2. AI Service Providers
In Hosted mode, your task text (with personal information removed) is forwarded to AI providers for processing. In BYOK mode, your data goes directly from your browser to your chosen provider via the Thin Proxy — we are not involved in that transfer.
Approved AI providers (Hosted mode):
| Provider | Models | Hosting | DPA | Transfer Mechanism |
|---|---|---|---|---|
| Anthropic | Claude Opus 4.6, Claude Sonnet 4.6, Claude Haiku 4.5 | USA (AWS/GCP) | Yes | SCC + Data Processing Addendum |
| OpenAI | GPT-5.3-Codex-Spark, GPT-4o | USA (Microsoft Azure) | Yes | SCC + Data Processing Addendum |
| Gemini 2.5 Pro, Gemini 2.5 Flash | EU option (GCP Frankfurt) | Yes | EU-US Data Privacy Framework + SCC | |
| Microsoft Azure | DeepSeek R1 (hosted by Microsoft) | EU (West Europe) | Yes | Microsoft Online Services DPA |
Important distinction — PRC-origin models vs. PRC-hosted endpoints:
Some AI models (such as DeepSeek R1) were originally developed by companies headquartered in the People's Republic of China. However, when these models are hosted and served by Microsoft Azure or Amazon Web Services, your data is processed by Microsoft or Amazon — not by the original Chinese developer. In these cases, a DPA exists with the hosting provider (Microsoft/Amazon), data remains in the EU/US, and standard GDPR transfer mechanisms apply. These intermediary-hosted models are treated as approved providers.
Prohibited endpoints: Direct API connections to AI providers headquartered in jurisdictions without adequate data protection (as recognized by the European Commission) are PROHIBITED for Hosted mode. This currently includes all direct PRC-based endpoints:
| Restricted Endpoint | Parent Company | Jurisdiction | Status |
|---|---|---|---|
| api.deepseek.com | DeepSeek | China | Prohibited (direct) |
| dashscope.aliyuncs.com (Qwen) | Alibaba Cloud | China | Prohibited |
| api.baichuan-ai.com | Baichuan Inc. | China | Prohibited |
| api.lingyiwanwu.com (Yi) | 01.AI | China | Prohibited |
| open.bigmodel.cn (GLM) | Zhipu AI | China | Prohibited |
| api.minimax.chat | MiniMax | China | Prohibited |
| api.moonshot.cn (Kimi) | Moonshot AI | China | Prohibited |
| All other direct PRC endpoints | Various | China | Prohibited |
This restriction applies because: (a) the PRC Personal Information Protection Law (PIPL) permits government access to data without judicial oversight comparable to GDPR standards; (b) no adequacy decision exists between the EU and PRC; (c) Standard Contractual Clauses cannot effectively mitigate the risk of state access under PRC National Security Law.
BYOK users and restricted providers: The Service currently does not support direct BYOK connections to PRC-based API endpoints. If this changes in the future, the interface will display a jurisdictional warning and require explicit acknowledgment of risks before any connection is established. We reserve the right to immediately disable access to any provider that becomes subject to international sanctions, export controls, or regulatory orders.
Model training policies: Approved AI providers listed above (Anthropic, OpenAI, Google, Microsoft Azure) do NOT use data submitted via API for model training. For details on each provider's data handling, see our AI Provider Data Practices page.
This list is maintained at /legal/providers and updated when provider assessments change.
8. Data Retention
| Data Type | Retention Period | Justification |
|---|---|---|
| Email addresses | Until unsubscribe or 24 months of inactivity | Consent-based |
| Raw text (Hosted mode) | 0 — RAM only | Never written to disk, deleted after processing |
| Structured disagreements | 5 years | Model improvement, Reliability Score development |
| Session metadata (cost, tokens, latency) | 5 years | Technical statistics, no PII |
| Feedback ratings | 5 years or until consent withdrawal | Consent-based |
| Feedback correction text | 3 years or until consent withdrawal | Free text, shorter period |
| Account data (email, preferences) | Account lifetime + 30 days | Contractual basis |
| Server logs | 90 days | Security and debugging, automatic rotation |
| PII scrubber mapping table | 0 — RAM only | Exists only during Hosted session, destroyed after response |
| Analytics data | Aggregated, no personal data | Plausible does not retain individual records |
Deletion is executed by automated batch process. Each deletion operation is logged for audit trail. We conduct annual reviews of retention necessity and will reduce retention periods if the stated purpose is fulfilled earlier.
Inactivity: Accounts inactive for 24 months will be flagged for deletion with 30 days advance notice via email. If no response is received, account and associated personal data will be deleted per the schedule above.
9. Your Rights
Under GDPR and applicable data protection laws, you have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Erasure ("right to be forgotten") (Art. 17)
- Restrict processing (Art. 18)
- Data portability — receive your data in a structured format (Art. 20)
- Object to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time without affecting the lawfulness of prior processing (Art. 7(3))
How to exercise your rights: Contact [email protected]. We will respond within 30 calendar days. If we need additional time (up to 60 calendar days for complex requests), we will inform you within the initial 30-day period.
Shorter deadlines by jurisdiction: Georgia residents: 15 calendar days. Brazil residents: 15 business days. We always comply with the shortest applicable deadline for your jurisdiction.
Data portability format: Upon request, your data will be provided in machine-readable JSON format within 30 days via a secure download link.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. For Georgia: Personal Data Protection Service (PDPS) at pdps.ge. For EU residents: your local Data Protection Authority. For UK residents: Information Commissioner's Office (ICO) at ico.org.uk. See §14 for additional jurisdiction-specific authorities.
10. Automated Decision-Making
CrossCheck AI generates trust scores and identifies disagreements between AI models. These are informational tools to assist your professional judgment. No automated decisions with legal or similarly significant effects are made based on your personal data (Art. 22).
11. Cookies
We use only essential cookies by default:
| Cookie | Purpose | Duration | Category |
|---|---|---|---|
| cc_variant | A/B test assignment | 30 days | Essential (site functionality) |
| cc_consent | Your cookie preference | 365 days | Essential (consent record) |
Plausible Analytics is cookieless by default — no tracking cookies are set. We use no marketing or advertising cookies. Analytics cookies are enabled only with your explicit opt-in via the cookie banner, which defaults to "decline."
We recognize Global Privacy Control (GPC) signals broadcast from web browsers as a valid opt-out request where required by applicable law. Our Service does not respond to Do Not Track (DNT) browser signals due to the absence of an industry-standard interpretation of DNT.
12. International Transfers
Hosted mode: Your data (with personal information removed) may be processed by AI providers in the USA or EU. Transfer mechanisms in place: Standard Contractual Clauses (SCC) and EU-US Data Privacy Framework (DPF) where applicable. Specific transfer safeguards per provider are listed in §7.2.
For UK residents: Transfers are additionally protected by the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCC, as required under UK GDPR.
For Swiss residents: Transfers comply with the Swiss Federal Act on Data Protection (FADP) using SCC as recognized by the Swiss Federal Data Protection and Information Commissioner (FDPIC).
BYOK mode: You control which providers receive your data. We recommend reviewing each provider's data processing terms. Our Thin Proxy does not store or read your data — it passes through encrypted (TLS 1.3).
Website data: Cloudflare operates a global CDN with EU-compliant data processing. Plausible Analytics processes data exclusively in the EU (Germany).
13. Children
Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it promptly.
14. Jurisdiction-Specific Rights
The rights in §9 apply to all users globally. The following sections provide additional information required by specific laws.
14.1. European Union / EEA Residents (GDPR)
Your rights under GDPR are described in §9. Supervisory authority: your local Data Protection Authority (list at edpb.europa.eu). Transfer safeguards: SCC and EU-US DPF (see §12).
14.2. United Kingdom Residents (UK GDPR)
UK GDPR provides equivalent rights to EU GDPR as described in §9. Supervisory authority: Information Commissioner's Office (ICO) at ico.org.uk. Transfer mechanism: UK IDTA or UK Addendum to EU SCC (see §12).
14.3. Georgia Residents (Law on Personal Data Protection)
As a company registered in Georgia, we comply with Georgian data protection law. Supervisory authority: Personal Data Protection Service (PDPS) of Georgia. Response time for data subject requests: 15 calendar days (shorter than the 30-day GDPR default). You may lodge a complaint with the PDPS at pdps.ge.
14.4. California and US State Residents
If you are a resident of California or another US state with comprehensive privacy law (including Virginia, Colorado, Connecticut, Oregon, Texas, Montana, Delaware, New Jersey, Minnesota, and others), you have the following rights:
- Right to know what personal data we collect, use, disclose, and share
- Right to delete your personal data
- Right to correct inaccurate personal information
- Right to opt-out of sale or sharing — we do NOT sell or share personal data with third parties for cross-context behavioral advertising
- Right to limit use of sensitive personal information — we do not use sensitive personal information for purposes beyond what is necessary to provide the Service
- Right to non-discrimination for exercising your privacy rights
We recognize Global Privacy Control (GPC) signals as a valid opt-out mechanism as required by California, Colorado, Connecticut, and other state laws.
To exercise these rights, contact [email protected]. We will verify your identity before processing your request.
14.5. Brazil Residents (LGPD)
Under Brazil's Lei Geral de Proteção de Dados (LGPD), you have the right to: confirmation of processing, access, correction, anonymization of unnecessary data, portability, deletion, information about public and private entities with which your data is shared, information about the possibility of denying consent and its consequences, and consent withdrawal. Response time: 15 business days. Supervisory authority: ANPD (Autoridade Nacional de Proteção de Dados).
14.6. Canada Residents (PIPEDA / Quebec Law 25)
Under PIPEDA and Quebec's Law 25, you have the right to access, correct, and withdraw consent for the processing of your personal data. We process your data with your knowledge and consent, or where permitted by law.
14.7. Switzerland Residents (FADP)
Under the Swiss Federal Act on Data Protection (FADP), you have equivalent rights to those listed in §9. Supervisory authority: Federal Data Protection and Information Commissioner (FDPIC). Transfer safeguards: SCC as recognized by FDPIC (see §12).
14.8. Other Jurisdictions
If you are a resident of a jurisdiction with data protection laws not specifically listed above (including but not limited to Australia, India, Japan, South Korea, Singapore), you may exercise equivalent rights by contacting [email protected]. We will respond within the timeframe required by your local law or 30 calendar days, whichever is shorter.
15. Security Measures
We implement appropriate technical and organizational measures to protect personal data:
- Encryption at rest (AES-256) and in transit (TLS 1.3)
- API keys protected by WebCrypto API in user's browser (BYOK mode)
- PII Scrubber (NER + regex, based on Microsoft Presidio) applied before data forwarding in Hosted mode
- Access control based on least privilege principle
- Server logs monitored for unauthorized access
- Incident response plan with defined SLA (see §16)
16. Data Breach Notification
In the event of a personal data breach:
- We will notify the relevant supervisory authority within 72 hours (GDPR Art. 33)
- If the breach is likely to result in high risk to your rights, we will notify you without undue delay (GDPR Art. 34)
- All incidents are classified by severity (P0–P3) with defined response procedures
17. AI Transparency (EU AI Act)
In compliance with the EU AI Act (Regulation 2024/1689) and equivalent AI transparency regulations:
- CrossCheck AI uses third-party artificial intelligence models (from Anthropic, OpenAI, Google, and others) to generate verification results
- Verification results, trust scores, and disagreement analyses are AI-generated content and are clearly labeled as such in the interface
- CrossCheck AI is classified as a limited-risk AI system under the EU AI Act — it assists human decision-making but does not make autonomous decisions with legal or similarly significant effects
- Users must review AI-generated results with their own professional judgment before relying on them for any decision
- For details on how each AI model processes data, see our AI Provider Data Practices page
18. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated revision date.
- Material changes will be communicated via email to registered users with at least 14 days' notice before taking effect
- Previous versions will be archived and available upon request
- Continued use of the Service after the effective date of changes constitutes acceptance of changes to processing based on contract or legitimate interest. For processing based on your consent (email communications, feedback), we will request renewed consent separately if material changes affect those activities.
Business transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the successor entity as part of the transaction. We will notify you via email at least 30 calendar days before any such transfer and provide you the opportunity to export or delete your data before the transfer takes effect.
19. Data Processing Agreement (DPA)
For Hosted mode users and enterprise customers, a Data Processing Agreement will be available at platilus.com/legal/dpa before Hosted mode launch. The DPA covers: scope and nature of processing, obligations of controller and processor, sub-processor management, data breach notification procedures, and audit rights.
20. Contact
- Privacy inquiries: [email protected]
- General questions: [email protected]
- Mailing address: D. Agmashenebeli Avenue, N 177, Floor 1, Apartment N5, Kobuleti district, Georgia
This Privacy Policy should be read in conjunction with our Terms of Service.