Privacy Policy
Last updated: 1 June 2026
1. Data Controller
Sachilo is operated by an independent team based in Kathmandu, Nepal. For data protection inquiries, contact us via our contact page or email hello@sachilo.com.
2. Information We Collect
When you use Sachilo, we collect the following limited information:
- Browser fingerprint hash — a non-reversible composite identifier generated from your browser characteristics and IP address. This is not your IP address itself; it is a one-way hash that cannot be traced back to you.
- Submitted URLs — the article links you submit for fact-checking.
- Basic request metadata — timestamps and request counts used for rate limiting.
We do not collect names, email addresses, phone numbers, or any other personally identifiable information. There are no user accounts for public visitors.
3. Legal Basis for Processing
We process data under the following lawful bases (GDPR Art. 6):
- Legitimate interest — rate limiting and abuse prevention to maintain service availability for all users.
- Performance of service — processing submitted URLs is necessary to deliver the fact-checking service you requested.
- Public interest — publication of fact-check verdicts serves the public interest in accurate information.
4. How We Use Your Information
The limited data we collect serves these purposes:
- Rate limiting — fingerprint hashes enforce fair usage limits so the service remains available for everyone.
- Abuse prevention — detecting and blocking automated or malicious submissions.
- Service improvement — understanding aggregate usage patterns (e.g., total checks per day) to improve reliability.
We never sell, rent, or share your data with third parties for marketing or advertising purposes. We do not sell or share personal information as defined by the California Consumer Privacy Act (CCPA).
5. AI Processing & Automated Decisions
Our fact-checking pipeline uses large language models (LLMs) to extract claims from articles, evaluate evidence, and generate structured verdict reports. These AI systems process only the text content of the articles you submit — never any personal data about you.
The third-party AI services we use receive article text for processing. They do not receive your fingerprint, IP address, or any identifying information.
Automated decision-making (GDPR Art. 22): Verdicts are generated entirely by automated systems without human intervention at the time of creation. These verdicts assess the veracity of published news articles, not individuals. They do not produce legal effects or significantly affect any person. You may request human review of any verdict through our corrections process.
6. Data Storage & Retention
Submitted URLs and generated verdicts are stored in a secure database. Published verdicts remain publicly accessible as part of our fact-checking archive indefinitely, as they serve the public interest.
Fingerprint hashes used for rate limiting are non-reversible — they cannot be decoded to reveal your identity or browsing habits. Rate-limiting records are retained for a maximum of 90 days, after which they are automatically purged.
7. International Data Transfers
Our infrastructure and third-party service providers may process data in jurisdictions outside Nepal, including the United States and the European Economic Area. Where article text is sent to AI services for processing, it may be transferred internationally. These transfers are necessary to deliver the fact-checking service and are made on the basis of legitimate interest and standard contractual arrangements with our service providers.
No personal data (fingerprints, IP addresses, or identifiers) is transferred internationally; only the public article text you submit.
8. Cookies & Similar Technologies
Sachilo uses minimal cookies:
- Bot protection — an invisible challenge that verifies you are human without tracking you across sites. It may set a short-lived cookie for verification purposes.
- Essential session cookies — required for basic site functionality. These are not used for tracking or advertising.
We do not use tracking pixels, third-party analytics cookies, advertising cookies, or cross-site tracking technologies.
9. Third-Party Services
We rely on the following categories of third-party services to operate:
- Bot protection service — provides human verification and may serve as a CDN.
- AI language models — process article text for claim extraction and evaluation. They receive only article content, not user data.
- Browser fingerprinting — generates a device identifier client-side. The raw fingerprint never leaves your browser; only a hashed version is sent to our server.
Each of these services has its own privacy policy. We encourage you to review them if you have concerns about their data practices. We require our service providers to protect any data they process on our behalf.
10. Children's Privacy
Sachilo is not directed at children under 16 years of age. We do not knowingly collect information from children. Since we do not collect personal information from any users, this risk is inherently minimal. If you believe a child has submitted data through our service, please contact us and we will promptly delete any associated records.
11. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your data:
- Right of access — request information about what data is associated with your fingerprint hash.
- Right to deletion — request erasure of rate-limiting records tied to your fingerprint.
- Right to object — object to processing based on legitimate interest.
- Right to restrict processing — request limitation of how your data is used.
- Right to lodge a complaint — contact your local data protection authority if you believe your rights have been violated.
- Right to non-discrimination — we will not treat you differently for exercising your privacy rights (CCPA).
To exercise any of these rights, please reach out through our contact page. We will respond within 30 days.
12. Do Not Sell or Share
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. This applies to all users regardless of jurisdiction. No opt-out is necessary because no sale or sharing occurs.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal and regulatory reasons. When we make material changes, we will update the "Last updated" date at the top of this page and, where practicable, provide notice through the service. We encourage you to review this policy periodically.
14. Contact & Complaints
If you have questions or concerns about this Privacy Policy or our data practices, please visit our contact page or email hello@sachilo.com.
Sachilo is operated from Kathmandu, Nepal. If you are unsatisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection authority.