Privacy Policy

CheatGPT ("CheatGPT," "we," "us," or "our") is a browser extension and companion web app operated by Boast Holdings. This Privacy Policy applies to the CheatGPT website at cheatgpt.app, the CheatGPT browser extension, and the CheatGPT web dashboard and chat (together, the "Service").

For privacy questions, or to exercise any of the rights described below, contact us at support@cheatgpt.app. For data-protection purposes, Boast Holdings is the controller of the personal information described here.

We collect only what we need to run the Service. In practice that is:

Account and contact information

Your email address. We use it to send you a login link, to identify your account and subscription, and to send essential account messages (such as receipts or security notices). We do not require a name, a phone number, or a password.

Payment information

Payments are processed by Stripe. Your card number and billing details go directly to Stripe and never touch our servers. We store only the identifiers and status Stripe returns to us — a Stripe customer ID, a subscription ID, your plan, and whether your subscription is active — so we know what you have access to.

Device and activation data

To unlock the extension and enforce the one-active-device limit on a subscription, we generate and store a device identifier along with its activation status and the time it was last seen. This identifier is created by the extension; it is not a government or hardware serial number.

Question content you submit for an answer

When you ask CheatGPT to answer a question, the extension reads the question text and its answer options from the page you're on and sends them to our AI provider so it can generate a response. We do not store the question content on our servers. We keep only a one-way cryptographic hash of the input (which cannot be reversed back into the original text) for abuse prevention and de-duplication, plus technical metadata such as which endpoint was used, token counts, estimated cost, latency, and a timestamp.

Chat content

If you use the CheatGPT chat or sidebar, the messages you send and the AI's replies are stored and linked to your account, so you can return to a conversation later. You can ask us to delete your conversations at any time (see Your privacy rights).

Technical, security, and log data

• IP address — stored only as a salted, one-way hash, used for rate-limiting, fraud prevention, and protecting the Service from abuse. We do not retain your raw IP address in our application database.
• Login-link tokens — stored hashed, never in plain text, and they expire after a short window.
• Basic request and error logs — needed to operate, debug, and secure the Service.

Usage analytics

Our website uses Vercel Analytics, a privacy-friendly analytics tool that measures aggregate page traffic without cookies and without building cross-site advertising profiles of you.

We use the information above to:

• Provide, operate, and maintain the Service and its core features;
• Authenticate you through login links and keep you signed in;
• Process payments, manage subscriptions, and enforce device limits;
• Generate answers and chat responses through our AI provider;
• Prevent abuse, fraud, and rate-limit violations, and keep the Service secure;
• Respond to support requests and communicate about your account;
• Understand aggregate usage so we can improve the product;
• Comply with our legal obligations and enforce our Terms of Service.

We do not use your information for third-party advertising, and we do not sell or rent your personal information.

We rely on a small set of trusted providers (sometimes called sub-processors) to run the Service. Each receives only the data it needs, and each is bound by its own privacy policy:

• OpenAI — generates answers and chat responses from the question text or messages you submit. Privacy policy.
• Stripe — processes payments and stores your billing details. Privacy policy.
• Supabase — hosts our application database and authentication. Privacy policy.
• Vercel — hosts the website and web app and provides cookieless analytics. Privacy policy.
• Resend — delivers transactional email such as login links and receipts. Privacy policy.

If you are in the European Economic Area or the United Kingdom, we process your personal data on these legal bases:

• Performance of a contract — to provide the Service you signed up for, including authentication, generating answers, and billing.
• Legitimate interests — to secure the Service, prevent abuse and fraud, and understand aggregate usage, balanced against your rights.
• Legal obligation — to keep records we are required to keep and to respond to lawful requests.
• Consent — where we ask for it; you can withdraw it at any time.

We keep cookies to a minimum. We use essentialcookies and browser local storage to keep you logged in and to run the extension. We do not use advertising or cross-site tracking cookies, and our analytics provider is cookieless. Because we don't use non-essential cookies, there's no advertising profile to opt out of.

We keep personal information only as long as we need it for the purposes above:

• Account and subscription data — for as long as your account is active, and for a reasonable period afterward to meet legal, tax, and accounting obligations.
• Chat conversations — until you delete them or close your account.
• Hashes, logs, and rate-limit records — for a limited period sufficient for security and abuse prevention, then deleted or aggregated.
• Login-link tokens— expire shortly after they're issued.

When you close your account, we delete or anonymize your personal data within a reasonable period, except where we're required to retain it by law.

We share personal information only in these limited situations:

• With the service providers above, so they can perform their function on our behalf;
• To comply with the law — in response to a valid legal request, or to protect our rights, users, or the public;
• In a business transfer — if Boast Holdings is involved in a merger, acquisition, or sale of assets, your information may transfer as part of that deal, subject to this policy.

We do not sell your personal information, and we do not share it for third-party advertising.

We take practical steps to keep your information safe, including:

• Encryption in transit (HTTPS) across the website, web app, and extension;
• Hashing of sensitive values such as IP addresses and login tokens;
• Not storing raw question content or raw payment-card details on our servers;
• Database access controls and row-level security on our data store;
• Limiting access to personal data to what's needed to operate the Service.

No method of transmission or storage is ever 100% secure, so we can't guarantee absolute security — but we work to protect your information and to respond quickly if something goes wrong.

Depending on where you live, you may have the right to access, correct, delete, or export your personal information, to object to or restrict certain processing, and to withdraw consent. To exercise any of these, email support@cheatgpt.appfrom the address on your account and we'll respond within the time required by applicable law. We won't discriminate against you for exercising these rights.

If you're in California

Under the CCPA/CPRA you can request the categories and specific pieces of personal information we've collected, request deletion, and request correction. We do not sell or share personal information as those terms are defined under California law, and we do not use sensitive personal information for purposes that would require an opt-out.

If you're in the EEA or UK

In addition to the rights above, you may lodge a complaint with your local data-protection authority. We'd appreciate the chance to address your concern first, so please reach out to us.

We're based in the United States and our providers may process data in the United States and other countries. If you access the Service from outside the U.S., you understand your information will be transferred to and processed in the U.S., where data protection laws may differ from those in your country. Where required, we rely on appropriate safeguards for these transfers.

The Service is not intended for children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us personal information, contact support@cheatgpt.appand we'll delete it.

If you are between 13 and 18, you must have permission from a parent or legal guardian to use the Service, and you are responsible for following your school's rules and any applicable law. See our Terms of Service for more.

We may update this Privacy Policy from time to time. When we do, we'll revise the "Last updated" date at the top of this page, and for material changes we'll take reasonable steps to let you know. Your continued use of the Service after an update means you accept the revised policy.

Questions, requests, or concerns about your privacy? Email us at support@cheatgpt.appand we'll get back to you. You can also review the rules for using the Service in our Terms of Service.