Figleaf — Privacy Policy & Terms of Use

Last updated: March 28, 2026

Figleaf is a beta product. It has bugs. By using it, you accept the risks described below.

What Figleaf does

Figleaf re-encodes text you write — changing the words while approximately preserving the meaning — and generates a cryptographic receipt proving the output was AI-generated. The re-encoded text can be posted to social platforms or copied for use elsewhere.

What we collect

Account information. When you sign in with Google, we receive and store your email address and display name. We do not store your Google password.

Context profiles. If you provide sender or audience context (descriptions of yourself or your audience), we store these on our servers to improve re-encoding quality.

Re-encoded text. The blurred output — not your original words — is stored in our database and may be publicly visible via verification pages and post URLs.

Original message text. Your original text is sent to Anthropic's Claude API for re-encoding. It is not stored on our servers. However, a SHA-256 hash of your original text is stored as part of the attestation receipt. This hash cannot be reversed to recover your text, but if someone already knows your exact original text, they could verify it matches the hash.

Attestation receipts. Each re-encoding generates a receipt containing: hashes of the input and output, dial settings, timestamp, platform, and whether you saw the output before sending. Receipts are permanent and publicly verifiable.

Platform credentials. If you connect social media accounts for direct posting, your access tokens are stored on our servers, encrypted at rest.

Contacts and conversations. If you use the chat feature, we store conversation metadata and the re-encoded messages (not your originals). Contact information you provide (names, emails, shared context) is stored.

Third parties

Anthropic. Your original message text is sent to Anthropic's Claude API for re-encoding. Anthropic's own privacy policy (https://www.anthropic.com/privacy) governs how they handle this data. As of this writing, Anthropic states that API inputs are not used to train models, but you should verify their current policy.

Google. We use Google OAuth for authentication. Google's privacy policy applies to the sign-in process.

Social platforms. When you use direct posting (the red button), your re-encoded text is posted to the platform you chose (X, Bluesky, Reddit, LinkedIn, Telegram, Discord) using your connected credentials. The platform's own terms and privacy policy apply to that content.

Railway. Our servers are hosted on Railway (railway.app). Your data is stored on Railway's infrastructure in the United States.

What we do NOT do

• We do not sell your data.
• We do not run analytics or tracking beyond basic server logs.
• We do not store your original message text on our servers.
• We do not use your data to train AI models.
• We do not share your data with third parties other than those described above.

Public information

The following is publicly accessible to anyone with the link:

• Re-encoded text in public posts and verification pages
• Your display name on posts you create (or "Anonymous" for unauthenticated use)
• Attestation receipts including dial settings and timestamps
• The hash of your original text (within the receipt)

Data deletion

We do not currently offer a self-service data deletion tool. If you want your data deleted, email hellofigleaf@gmail.com. We intend to add automated deletion in a future update. Under GDPR and similar laws, you have the right to request deletion of your personal data.

Security

This is beta software. We make reasonable efforts to secure your data but we do not guarantee the security of any information you provide. Specifically:

• Platform credentials (social media tokens) are encrypted at rest.
• The attestation system uses a server-side signing key, not hardware-backed cryptographic attestation. You are trusting Figleaf to operate honestly. We plan to move to hardware-backed attestation (AWS Nitro Enclaves) in the future.
• The database is SQLite on a persistent volume. It is not replicated or backed up automatically.

Beta disclaimer

Figleaf is provided "as is" without warranty of any kind. This is experimental software in active development. It may contain bugs, lose data, behave unexpectedly, or become temporarily or permanently unavailable.

By using Figleaf, you agree that:

• You use the service at your own risk.
• We are not liable for any damages arising from your use of the service, including but not limited to: unintended disclosure of information, loss of data, posts made to social platforms, or reliance on attestation receipts.
• The re-encoding is not perfect. Meaning may be altered, lost, or distorted. Do not rely on Figleaf for communications where precision is critical.
• Attestation receipts are not legal proof of anything. They are a technical mechanism that may have bugs or be compromised.
• We may change, suspend, or discontinue the service at any time without notice.

Children

Figleaf is not intended for use by anyone under the age of 18. We do not knowingly collect information from minors.

Changes

We may update this policy at any time. Continued use of Figleaf after changes constitutes acceptance of the updated terms.

Operator

Figleaf is a service of Auxiliary LLC.

Contact

hellofigleaf@gmail.com

Jurisdiction

This policy is governed by the laws of the State of California, United States. If any provision is found unenforceable, the remaining provisions continue in effect.