Back to tool

04 / Tools

Tool Privacy

Privacy notice for the Injection Risk Scorer — a free utility with optional bring-your-own-key (BYOK) live probing, published on richvoller.com.

Last updated: June 2026

Summary

The Injection Risk Scorer runs a deterministic heuristic in your browser. An optional dual-model live probe uses your own OpenAI and Anthropic API keys. We do not run user accounts, we do not use analytics or advertising trackers on the tool itself, and we do not store your passages or API keys on richvoller.com or in any database.

What we store

  • Heuristic scoring (your browser only): Passage analysis runs locally. No content is sent to richvoller.com unless you explicitly run the optional live probe.
  • Your API keys (your browser only, optional): By default keys stay in page memory for your session. If you opt in to "Remember on this device", they are saved in localStorage on that browser. They are never written to richvoller.com.
  • Tool servers: When you run the live probe, your passage and keys are processed in memory to call OpenAI and Anthropic, then discarded. We do not log request bodies.

What is sent to third parties

When you run the optional live probe, your browser sends your passage and API keys to the tool's API route. The server forwards requests to OpenAI and Anthropic using your own API keys. Each provider processes data under its own terms and privacy policy.

The heuristic scorer does not call any third-party API. It runs entirely in your browser.

Hosting

The tool is hosted on Vercel. Standard request metadata (such as IP address and user agent) may appear in hosting logs for security and operations when you use the probe route. We do not use this data for marketing.

Lawful basis (GDPR)

We process the minimum data needed to provide the tool (legitimate interest in operating a free utility). We do not sell personal data or use it for advertising. Passages you enter may constitute personal data if they relate to an identifiable person; you control what you submit.

Your choices

  • Use without API keys: Heuristic scoring works with no keys and sends nothing to our servers.
  • Clear API keys: Settings → Clear keys removes them from memory and localStorage.
  • Do not remember on shared devices: Leave "Remember on this device" unchecked on shared or untrusted machines.

Security

Traffic is encrypted in transit (HTTPS). API keys travel only between your browser and the tool's probe API route, then onward to the providers. Avoid saving keys on shared devices.

Contact

For privacy questions about this tool, contact [email protected] or use the contact form on this site.