Artifake

Privacy policy

Last updated: July 2026 · applies to the Artifake browser extension and website
The short version: scanning happens on your device. We never receive the pages you visit, the content on them, or your browsing history. The only thing the extension sends is an anonymized, partial fingerprint used to check pages against the public record, a technique designed so that our server cannot tell which page you were on.

What the extension does locally

All content analysis (reading image provenance metadata such as C2PA credentials and SynthID watermarks, checking generator fingerprints, and evaluating text patterns) runs inside your browser, on your device. Page content is never transmitted anywhere.

What the extension sends, exactly

To check whether a page is on the Artifake public record, the extension computes a cryptographic hash (SHA-256) of the page's normalized address and sends only the first 8 characters of that hash to our server. The server responds with every record whose hash begins with those characters, and the matching happens on your device. Because many different addresses share the same 8-character prefix, the server cannot determine which page you actually visited. This is the same k-anonymity design used by Google Safe Browsing.

These lookup requests are not stored with any account identifier and we do not build browsing profiles from them.

What we store when you choose to act

Flagging a page or voting on a flag is a deliberate, public act, like posting a community note. When you flag or vote, we store: the flagged page's address, the evidence signals you selected, any note you wrote, a timestamp, and a random identity key that the extension generated on your device the first time it ran. That key is not linked to your name, email, or any account. We don't have accounts. It exists so the reputation system can tell contributors apart.

Flags, votes, and notes are public by design. Anyone can read the ledger. Don't put personal information in flag notes.

What we never collect

No browsing history. No page content. No names, emails, or accounts. No cookies for tracking. No advertising identifiers. No sale of data to anyone; there is nothing personal to sell.

Permissions the extension requests

The extension requests access to the pages you visit (<all_urls>) solely so it can scan content on-device and display banners on flagged pages. This permission is exercised entirely locally; it is not used to transmit page data. It also requests storage (to keep your identity key and offline flags on your device) and contextMenus (the right-click flag option).

The public ledger

The Artifake ledger is an open, permissionless database of claims about AI-generated content. Records in it are contributed by users and automated agents and are visible to everyone. If content you created has been flagged and you believe the flag is wrong, you can dispute it directly through the extension or the API. Disputed flags stop being shown once the crowd overrules them.

Data removal

To remove flags or votes associated with your identity key, or to raise any privacy concern, contact us and include the key (visible in the extension) so we can locate your contributions. It's the only way we can, since we hold nothing else about you.

Changes

If this policy changes, the date above changes with it, and material changes will be noted in the extension's update notes.