Privacy Policy

Last updated: April 10, 2026

This Privacy Policy describes how Ekta ("we", "us", "our") collects, uses, and protects your personal data when you use the Ekta platform ("Platform", "Service"). We are committed to protecting your privacy and handling your data transparently.

1. Data We Collect

1.1 Account Data

When you create an account, we collect the following information through our authentication provider, Clerk:

• Email address
• Display name (if provided)
• Username / handle
• Profile avatar (if uploaded)
• Authentication credentials (managed securely by Clerk)

1.2 Content Data

We collect and store the content you create on the Platform, including:

• Posts in the Public Square (text, reactions)
• Long-form articles, including all draft versions and source citations
• Replies and threaded discussions

1.3 Reputation Data

We maintain a reputation score for each user based on their publishing activity. This includes:

• Your reputation score (a numerical value between 0 and 1)
• Reputation events (score changes linked to article approvals or rejections)
• Your reputation tier (derived from your score)

1.4 AI Review Data

When you submit articles for review, the following data is generated and stored:

• Extracted factual claims identified by AI analysis
• Fact verification results and confidence scores
• Bias detection results and indicators
• Aggregate review scores and editorial decisions

1.5 Technical Data

We automatically collect certain technical information, including:

• IP address
• Browser type and version
• Device information
• Pages visited and actions taken on the Platform
• Timestamps of interactions

1.6 Subscription and Payment Data

When you subscribe to Ekta Active, we store your Stripe customer ID, subscription status, and billing period dates. Payment card data is processed directly by Stripe and never touches our servers.

1.7 Creator Payout Data

If you participate in the creator monetization program, we store your Stripe Connect account ID, payout records, and reading engagement metrics used for payout calculation.

1.8 Direct Message Data

Direct messages are encrypted at rest using AES-256-GCM. We store encrypted message content, conversation metadata (participants, timestamps), and read receipts. Messages are automatically deleted after 30 days.

1.9 Error Tracking Data

We use Sentry for error monitoring. Sentry captures error reports including stack traces, browser information, and request metadata to help us diagnose and fix issues. No personally identifiable content is intentionally sent to Sentry. Error telemetry is tunneled through our application domain -- no direct requests are made from your browser to Sentry's servers.

2. How We Use Your Data

We use your personal data for the following purposes:

• Providing the Service: Operating the Platform, displaying your content, managing your account, and calculating your reputation score.
• AI content review: Processing your article submissions through our AI review pipeline (claim extraction, fact verification, and bias detection) to maintain editorial quality.
• Platform integrity: Enforcing content standards, preventing abuse, and maintaining the reputation system.
• Communication: Sending you essential notifications about your account, articles, and review decisions.
• Legal compliance: Meeting our legal obligations, including responding to lawful requests from authorities.
• Payment processing: Managing subscriptions and processing creator payouts via Stripe.
• Reading engagement tracking: Measuring article reading time and scroll depth for creator revenue sharing calculations.

3. AI Processing of Content

When you submit a long-form article for publication, your article content is processed by the following AI agents, all powered by Anthropic's Claude models via an AI gateway:

1. Claim Extractor -- identifies factual claims within your article for verification.
2. Fact Verifier -- assesses the accuracy of extracted claims against known information.
3. Source Quality Assessor -- evaluates the reliability and credibility of cited sources.
4. Bias Detector -- analyzes content for potential bias indicators, including framing and language.
5. Objectivity Scorer -- measures editorial neutrality and balance.
6. Manipulation Detector -- flags persuasion techniques and rhetorical manipulation.
7. Readability Scorer -- assesses content accessibility and readability level.
8. AI Content Detector -- identifies AI-generated content (runs only when the author declares the article is not AI-written).
9. Content Tagger -- auto-generates topic tags for article categorization.
10. Post-publication Re-scanner -- periodically re-evaluates published articles to check for emerging issues.

AI review results are stored on our servers and are visible to you as the author. For published articles, review scores are also visible to readers.

Legal basis: AI processing is performed under the legal basis of "contract performance" -- by submitting articles for publication, you agree to the AI review process described in our Terms of Service (section 5). Anthropic processes content according to their data handling policies and does not use API inputs to train their models.

4. Cookies and Local Storage

Ekta uses a minimal set of cookies and browser storage, all of which are strictly necessary for the service to function. No consent is required for these cookies under ePrivacy Directive Article 5(3).

Cookie Inventory

Ekta does not use advertising cookies, tracking pixels, social media widgets, or third-party analytics. No consent is required for the cookies listed above as they are strictly necessary for the service to function (ePrivacy Directive Article 5(3)).

5. Third-Party Services

We share your data with the following third-party service providers, each of which is necessary for operating the Platform:

5.1 Clerk (Authentication)

Clerk manages user authentication, including account creation, sign-in, and session management. Clerk receives your email address, display name, and authentication credentials. See Clerk's Privacy Policy.

5.2 Supabase (Database Hosting)

Supabase hosts our PostgreSQL database, which stores your account information, content, reputation data, and AI review results. Data is stored in the EU (AWS eu-central-1 region). See Supabase's Privacy Policy.

5.3 Anthropic (AI Review)

Anthropic provides the Claude AI models used in our content review pipeline. When you submit an article, the article text is sent to Anthropic's API for analysis. Anthropic does not use API inputs to train their models. See Anthropic's Privacy Policy.

5.4 Vercel (Hosting)

Vercel hosts the Platform. Vercel processes requests and may collect technical data such as IP addresses and request logs. See Vercel's Privacy Policy.

5.5 Stripe (Payments)

Stripe processes subscription payments and creator payouts. Stripe receives payment card data directly -- Ekta's servers never see your card numbers. We store only Stripe customer IDs and subscription status. See Stripe's Privacy Policy.

5.6 Resend (Email)

Resend delivers notification emails, including instant notifications and daily and weekly digests. Resend receives your email address for delivery purposes. See Resend's Privacy Policy.

5.7 Sentry (Error Monitoring)

Sentry receives error telemetry for debugging purposes, including stack traces, browser information, and request metadata. Error data is tunneled through our application domain -- no direct requests are made from your browser to Sentry's servers. See Sentry's Privacy Policy.

6. Data Retention

• Account data: Retained for as long as your account is active. Upon account deletion, personally identifiable information is removed within 30 days.
• Content data: Published content remains on the Platform as part of the public record. Drafts are deleted when you delete your account. Upon account deletion, published content is anonymized (author information removed).
• AI review data: Retained for as long as the associated article exists on the Platform.
• Reputation data: Removed upon account deletion.
• Technical logs: Retained for up to 90 days for security and troubleshooting purposes.
• Subscription data: Retained for as long as your account is active. Stripe customer and subscription records are deleted when your account is permanently removed.
• Creator payout records: Retained for 7 years for tax and audit purposes, even after account deletion. Records are anonymized (author information removed).
• Direct messages: Automatically deleted after 30 days. On account deletion, any remaining messages are immediately removed.
• Error tracking: Sentry retains error events per their data retention policy (default 90 days).

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with applicable data protection laws, you have the following rights:

• Right of access: Request a copy of all personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): Request deletion of your account and personal data. You can initiate this through your account settings or by contacting us. We will process deletion requests within 30 days.
• Right to data portability: You can download all your personal data at any time from Account Settings > Security > Download My Data. The export is provided in JSON format and includes your profile, posts, articles, reactions, follows, reputation history, and activity data. You may also request your data by contacting us directly.
• Right to restrict processing: Request that we limit the processing of your data in certain circumstances.
• Right to object: Object to processing of your data for specific purposes.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@ekta.digital. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

8. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract performance: Processing necessary to provide the Service you have signed up for (account management, content hosting, reputation system).
• Legitimate interest: Processing necessary for platform integrity, security, and abuse prevention.
• Legal obligation: Processing required to comply with applicable laws.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption in transit (HTTPS/TLS) for all data transmission.
• Encryption at rest for database storage.
• Secure authentication through Clerk with session management.
• Input validation and rate limiting on all API endpoints.
• Regular security reviews of our codebase and infrastructure.

10. International Data Transfers

Your data may be processed in countries outside of your jurisdiction. Our primary database is hosted in the EU (Frankfurt, Germany). Third-party services may process data in other regions. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses where applicable.

11. Children's Privacy

The Platform is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that data promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Platform or by email at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

• Email: privacy@ekta.digital
• Legal inquiries: legal@ekta.digital