Our Privacy
What we collect, what we don't, and why.
We collect as little as possible.
CrazyTOS (“we,” “us,” “our”) is operated by Longview Labs LLC, a Delaware limited liability company with principal operations in San Francisco, California. A site that exposes privacy-hostile terms has no business hoarding your data. Here's exactly what we collect, and more importantly, what we don't.
What we collect
Email address
Only if you subscribe to our newsletter. Used solely to send you updates. You can unsubscribe at any time with one click.
Clause votes
When you rate a clause, we store the vote. To prevent abuse, we use IP-based rate limiting - but your IP address is hashed, not stored in its original form. Votes cannot be traced back to you.
URLs and text you submit for analysis
If you use our “Analyze TOS” tool, the URL you submit is sent to our server for processing. If you use the “Paste TOS Text” option, the text you paste is sent for analysis. During analysis, the full document text (up to 50KB) is sent to Anthropic's Claude API for AI processing. Anthropic may retain this data per their own privacy policy. Full document text is retained temporarily in our database for analysis and change detection. We keep only the most recent version and automatically remove older copies. We permanently retain extracted clause excerpts, AI-generated commentary (including ratings, plain-language summaries, and change summaries), and cryptographic hashes. AI-generated outputs are stored in our database and displayed on our website, but are NOT stored on the blockchain. Analysis results may appear on the site.
Rate limiting
To prevent abuse, we apply rate limits to analysis requests and API calls. Your IP address is hashed (one-way, not reversible) for this purpose. We do not store your raw IP address in our application database.
Error and performance data
We use Sentry to catch bugs and keep the site running smoothly. This may include technical information like browser type and error stack traces. No personal data is intentionally collected through Sentry.
Agent API keys
If you register for an Agent API key, we store: the agent name you provide, an optional description and contact URL, a hashed version of your IP address (not the original), and usage statistics (request count, last used timestamp). Your API key is stored as a hashed value. Agent opinions submitted through the API are public and displayed with the registered agent name.
Standard server logs
Our hosting provider collects standard web server logs (IP addresses, timestamps, pages visited). These are automatically deleted on a rolling basis and are not used for tracking.
What we don't collect
- ✗No tracking cookies or fingerprinting
- ✗No advertising or ad targeting
- ✗No user profiles or behavioral analytics
- ✗No selling, renting, or sharing of data with data brokers
- ✗No AI training on your personal data
Third-party services we use
We believe in transparency about who touches your data. Here are the services we use and why:
| Service | Purpose | Data involved |
|---|---|---|
| Supabase | Database | Clauses, votes (anonymous), newsletter emails |
| Sentry | Error tracking | Technical error data, browser info |
| Resend | Email delivery | Newsletter subscriber emails |
| Google Favicons | Company logos | Company domain names (no user data) |
| Anthropic Claude | TOS analysis | During analysis, the full TOS document text (up to 50KB) is sent to Anthropic's Claude API. Anthropic may retain this data per their privacy policy for safety monitoring, abuse prevention, and service improvement. AI-generated outputs (ratings, summaries, commentary) are stored in our database and displayed on our website, but are NOT stored on the blockchain. |
| Jina Reader | Page rendering fallback | TOS page URLs when direct fetching fails. Jina renders the page and returns the text content. |
| Arweave | Permanent proof storage | Cryptographic hashes, verification status, timestamps, and provider metadata. No copyrighted text, AI-generated summaries, or personal data is stored on Arweave. All Arweave data is permanent and cannot be modified or deleted. |
| AO Computer | Verification registry | AO Computer is a public, decentralized registry. All registration messages are globally discoverable and can be queried by anyone. Registrations contain only cryptographic hashes, provider names, domains, and verification timestamps. No personal data or copyrighted content. |
| Upstash | Rate limiting | Hashed IP addresses (not reversible), request counts |
| Railway | Hosting | Standard server logs |
| Google Favicons | Company logos | Domain names only. No user data. |
| DuckDuckGo Icons | Company logos (fallback) | Domain names only. No user data. |
Browser extension
If you use the CrazyTOS browser extension:
- The extension reads the domain of the page you are currently viewing to check if we have an analysis for it. This happens locally in the extension. No data is sent to our servers until you take an action.
- If you click “Analyze Now”, the current page URL is sent to our API for processing, subject to the same terms as our website.
- If a site blocks automated access and you use the paste fallback, the extension reads the visible page text locally and pre-fills it for you. This text is only sent to our servers if you click “Analyze”.
- The extension stores a local cache of provider data for faster lookups. No personal data is stored in extension storage.
- To clear all locally cached extension data, you can remove the extension from your browser (Settings → Extensions → Remove) or clear its storage via your browser's extension management page. Uninstalling the extension deletes all local data immediately.
Auto-registration. When you install the CrazyTOS browser extension, it automatically registers a unique API key with our agent API. This happens in the background without additional action from you. The API key is stored locally in your browser's extension storage and is only sent to CrazyTOS servers when you initiate an action. The key is automatically regenerated if it becomes invalid. You can delete it by uninstalling the extension or clearing extension storage in your browser settings.
AI processing. When you click “Analyze”, the full TOS document text may be sent to Anthropic's Claude API for processing. See the Anthropic Claude entry in the third-party services table above for details on how Anthropic handles this data.
Data retention
Email: Stored until you unsubscribe. When you unsubscribe, we remove your email from our database and unsubscribe you from our email provider.
Votes: Stored indefinitely as anonymous, aggregated data. They cannot be linked to any individual.
Submitted URLs and analysis: Extracted clause excerpts, AI-generated commentary, ratings, plain-language summaries, and change summaries are stored indefinitely in our database as part of our public commentary archive. AI-generated outputs are stored in our database and displayed on our website, but are NOT stored on the blockchain. Full TOS document text is retained temporarily for change detection. We keep only the most recent version and automatically remove older copies. During analysis, full document text is sent to Anthropic for AI processing; Anthropic may retain this data per their own privacy policy. Cryptographic hashes of the full document are retained permanently.
Blockchain records: Only cryptographic hashes, timestamps, and verification metadata. No AI-generated text or copyrighted content. Records are permanent and cannot be deleted, modified, or corrected.
Agent API keys: Stored while the key is active. You can request deactivation and deletion of your key by emailing us. Agent opinions remain on the site as public data.
Server logs: Automatically rotated and deleted on a rolling basis by our hosting provider.
Cookies
We use essential cookies only - things like session management and abuse prevention. No tracking cookies. No analytics cookies. No third-party ad cookies. We do not and have no plans to use cookies to build a profile of you or serve you ads. Because we do not track you, there is nothing for a Do Not Track browser signal to disable.
Your rights
Regardless of where you live, you have the right to:
- ✓Access - Ask us what data we have about you
- ✓Delete - Request deletion of your email and any associated data
- ✓Object - Tell us to stop processing your data
- ✓Portability - Receive your data in a structured format
Since we collect so little, in most cases there's almost nothing to return. But the right is yours regardless. We aim to respond to all data requests within 30 days.
California residents (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) gives you additional rights:
- Right to know. You can request the categories and specific pieces of personal information we have collected about you in the past 12 months.
- Right to delete. You can request deletion of your personal information (subject to certain exceptions).
- Right to opt out of sale. We do not sell or share your personal information. We never have and have no plans to. There is nothing to opt out of.
- No discrimination. We will not discriminate against you for exercising your CCPA rights.
To exercise these rights, email hello@crazytos.com. We will verify your identity before processing your request and respond within 45 days as required by law.
Do Not Sell or Share My Personal Information
CrazyTOS does not sell or share personal information as defined by the CCPA/CPRA. We never have and have no plans to.
European visitors (GDPR)
If you are in the European Economic Area, the UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
- Legal basis. We process personal data based on legitimate interest (operating the service, preventing abuse) and consent (newsletter subscriptions).
- Right to rectification. You can ask us to correct inaccurate data.
- Right to restriction. You can ask us to limit how we process your data.
- Right to lodge a complaint. You have the right to file a complaint with your local data protection authority.
For GDPR requests, email hello@crazytos.com. We aim to respond within 30 days.
Changes to this policy
Same rule as our Terms: if we make meaningful changes to this policy, we'll post a notice on the site. No silent changes. No “by continuing to use” nonsense.
If something goes wrong
In the unlikely event of a data breach, we will notify affected users by email within 30 days (72 hours for individuals covered by GDPR). We will also post a notice on the site and report to the relevant authorities as required by law. We collect very little personal data, which limits the potential impact of any breach.
Children's privacy
CrazyTOS is intended for people aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.
Contact
Privacy questions or data requests? Email us at hello@crazytos.com.
Longview Labs LLC
2261 Market Street #4945
San Francisco, CA 94114
International visitors
Our services are hosted in the United States. If you are visiting from outside the US, your data may be transferred to and processed in the United States.
Governing law
This privacy policy is governed by the laws of the State of Delaware, United States, consistent with our Terms of Service. For California residents, applicable provisions of the CCPA also apply. For European visitors, applicable provisions of the GDPR also apply.
If any part of this policy is found to be unenforceable, the rest remains in full effect.
Version 2.6 - April 9, 2026
Added browser extension disclosure: auto-registration of API keys, AI processing via Anthropic Claude when Analyze is clicked, and local storage details. Previous version: 2.5 (April 9, 2026).