Privacy Policy
Last updated: July 2026
Who we are
ByHuman (byhuman.ink) is a proof-of-writing service that generates verifiable receipts of how text was composed. This policy covers both the website and the ByHuman Chrome extension.
What the Chrome extension collects
When you write in a supported composer (currently X/Twitter and Gmail), the extension tracks the following locally in your browser:
- Number of characters typed, pasted, and deleted
- Timing of input events (relative timestamps within the session)
- Whether individual characters were typed or pasted
The extension does not read your browsing history, other tabs, or any content outside the active composer.
When you post a tweet, the extension sends the following to byhuman.ink:
- Your message text — used solely to compute a SHA-256 hash. The text is not stored on our servers; only the hash is kept.
- The input event log (counts and timings described above)
- The tweet URL / ID
When you send an email in Gmail, the receipt is sent the same way (text hashed, not stored) and no email URL or ID is sent. Unlike X/Twitter receipts, the Gmail proof page is unlisted — it's left out of search indexing and off any public listing, but anyone you send the direct link to can view it (there's nothing sensitive on the page: no email body, subject, or address — only the hash, verdict, and signature).
Feed Shield and the Deep Filter
Feed Shield is the extension's content-quality filter for the X/Twitter feed. By default it works entirely inside your browser: posts visible on your screen are checked against local rules, and nothing about the posts you read leaves your device.
If you switch the filter engine to AI (Deep Filter) — an explicit opt-in that also requires signing in — the text of posts visible in your feed is sent to byhuman.ink for classification. For each analyzed post we store:
- A SHA-256 hash of the post text (used as a cache key so the same post is never analyzed twice) — not the text itself
- The classification scores returned by the model
The post text is passed to an AI model solely to produce the classification and is not stored by us or used to train models. Deep Filter analyses are capped per month per account; the extension shows your remaining quota. Turning the engine back to Local stops all network classification immediately.
What the website collects
- Account data— email address and name via Clerk (our authentication provider). Clerk's privacy policy applies to data they process.
- Writing sessions — the same event log and hash described above, when you use the in-browser editor at byhuman.ink/editor. Like extension receipts, editor posts store only the SHA-256 hash of your text, never the text itself. To re-verify later, paste your copy of the text into the verify page; its hash is checked against the signed receipt.
- Error data — anonymous crash reports via Sentry, if you consent to error tracking via the cookie banner.
Cookies
We use two types of cookies:
- Strictly necessary — Clerk session cookies required for authentication. These cannot be declined without breaking login.
- Error tracking — Sentry, used to diagnose crashes. You can decline these via the cookie banner; we will not set them.
How we use your data
- To generate and verify writing receipts
- To display your proof history in your profile
- To compute effort scores and leaderboard rankings
- To classify feed posts when you opt into the Deep Filter engine (hash and scores only, as described above)
- To diagnose technical errors (Sentry, with consent)
We do not sell your data. We do not use it for advertising.
Data retention
Receipts and event logs are stored until you delete them or close your account. You can request deletion at any time by contacting us.
Your rights
You may request access to, correction of, or deletion of your personal data at any time. Contact us at byhumanink@proton.me.
Changes to this policy
We will update the “Last updated” date above when this policy changes. Continued use of ByHuman after changes constitutes acceptance.
