Privacy Policy

Last updated: February 24, 2026

What Baloney Is

Baloney is an AI content detection platform consisting of a Chrome browser extension and a web dashboard at baloney.app. It analyzes images, text, and video on social media to detect AI-generated content.

Data We Collect

  • Content for analysis: Images and text on supported sites are sent to our detection API. Raw content is processed in-memory and is not stored.
  • Detection results: Verdict (e.g., AI-generated, human), confidence score, platform, content type, and timestamp are stored to power your personal dashboard.
  • Anonymous user ID: A random UUID generated locally by the extension. We do not collect your name, email, or any personally identifiable information through the extension.
  • Page URL hash: A cryptographic hash (SHA-256) of the page URL is sent with scan requests to identify unique content sightings without storing your actual browsing history.
  • Account data: If you create a web account, we store your email address and authentication credentials via Supabase Auth.

Data We Do NOT Collect

  • Browsing history or page URLs
  • Cookies or tracking pixels
  • Personal messages or private content
  • Data from sites not in your allowed-sites list

Community Data Sharing

If you opt in to community sharing (off by default), your anonymous scan results contribute to aggregate community analytics such as platform-level AI content rates. No personal information is included. You can toggle sharing on or off at any time from the extension settings.

Chrome Extension Permissions

The Baloney extension requests the following browser permissions:

  • storage: To save your extension settings, anonymous user ID, and session statistics locally in your browser.
  • contextMenus: To provide a right-click “Scan with Baloney” option for selected text and images.
  • sidePanel: To display detailed scan results and analysis in a browser side panel.
  • scripting: To programmatically inject the content scanner when you add new sites to your allowed list via the popup.
  • Host permissions (specific sites): X (x.com, twitter.com), LinkedIn, Substack, Reddit, Facebook, Instagram, Medium, TikTok, Threads, and their associated CDN domains (cdninstagram.com, pbs.twimg.com, i.redd.it) for image loading, plus baloney.app. You can add additional sites from the popup, which prompts for permission on first use.

Third-Party Services

We use the following third-party services to power detection:

  • Supabase (database and authentication) — hosted in US-East-1
  • Vercel (web hosting and API)
  • Pangram, SightEngine (image/video AI detection APIs, pro edition)
  • Railway (SynthID text detection backend)

Each service processes data according to their own privacy policies. We send only the minimum data necessary for detection.

Data Retention

Detection results are retained as long as you use the service to power dashboard analytics. You may request deletion at any time by contacting us, and we will delete your data within 30 days.

Your Rights

  • Access your scan data via the personal dashboard
  • Opt out of community sharing at any time
  • Request deletion of all your data
  • Uninstall the extension to stop all data collection

Children's Privacy

Baloney is not directed at children under 13. We do not knowingly collect data from children.

Security

All data is transmitted over HTTPS. Authentication uses industry-standard practices via Supabase Auth. Row-level security is enabled on all database tables.

Contact

For privacy questions or data deletion requests, email rrenderrdev@gmail.com.