Privacy Policy

Last updated: 18 June 2026

This Privacy Policy explains how TextFormatter.ai ("we", "us", or "our") collects, uses, shares, and protects information when you use our websites textformatter.ai and app.textformatter.ai and the text-formatting service offered there (the "Service"). We have written it to meet the standards of the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA/CPRA).

The short version. TextFormatter.ai is a free tool that cleans up messy text. The text you paste in is sent to an AI provider to be formatted and is then discarded — we do not store the content of what you format. We use a few well-known analytics and contact tools, and analytics/marketing cookies load only after you consent (or, outside the EU/UK/EEA, where local law permits an opt-out). You can change your choices anytime via "Cookie settings" in the footer.

Who we are

TextFormatter.ai operates the Service. You can reach us through our contact page. (Our formal company details will be added here once company registration is complete.)

What this policy covers

This policy covers the current, free version of the Service, which does not require an account. If we add paid plans or accounts in the future, we will update this policy and tell you about any material changes before they take effect.

Information we collect

Text you submit for formatting

When you paste text into the Service and click Format, that text is sent to a third-party AI ("large language model") provider that processes it on our behalf and returns the cleaned-up result. We do not store the text you submit — it is processed to generate your result and then discarded. We do not keep a copy on our servers and do not use it to build a profile of you, and our AI provider processes it only to perform the formatting.

Information collected automatically

  • Usage and interaction data — pages viewed, features used, and aggregate behaviour, collected through Google Analytics 4 and Microsoft Clarity (which may include anonymised session recordings and heatmaps of how the page is used).
  • Device and technical data — browser type, device type, operating system, language, and similar details.
  • IP address — processed to operate the Service, apply usage/rate limits, detect and prevent abuse, and determine at a country level whether to show you a cookie banner. We do not use it to identify you personally.

Analytics and marketing technologies activate only in line with your cookie choices (see "Cookies" below).

Information you give us directly

If you contact us through our contact form, we collect what you provide — typically your name, email address, and the contents of your message — so we can respond and keep a record of the conversation.

Consent records

When you make a cookie choice, we keep a record of it (including a hashed form of your IP address, a timestamp, and the version of the banner shown) so we can demonstrate that consent was properly obtained, as GDPR requires.

How we use your information and our legal bases

Under the GDPR and UK GDPR we must have a lawful basis for each use of your information:

  • Provide the formatting service (process your text and return a result) — performance of a contract / our legitimate interest in operating the Service.
  • Keep the Service secure and prevent abuse, and enforce usage/rate limits — legitimate interest in security and reliability.
  • Measure and improve the Service (analytics, session insights) — your consent.
  • Respond to your enquiries and provide support — legitimate interest / steps taken at your request.
  • Show or suppress the cookie banner by region — legitimate interest / legal obligation.
  • Keep records of consent — legal obligation / legitimate interest in compliance.

Where we rely on consent, you can withdraw it at any time; this does not affect processing done before you withdrew it. Where we rely on legitimate interests, you can object (see "Your rights").

Cookies and similar technologies

We use cookies in three categories, matching the choices in our cookie banner:

  • Necessary — required for the site to work and to remember your privacy choices. Always on.
  • Analytics — help us understand how the Service is used so we can improve it. Off until you consent.
  • Marketing — support our contact and customer-relationship tools. Off until you consent.

We use Google Consent Mode v2. If you are in the EU, UK, or EEA, analytics and marketing cookies are not loaded until you accept them. Outside those regions, where local law permits an opt-out approach, they may be enabled by default — you can still decline or change your choice anytime via the "Cookie settings" link in the footer. Withdrawing consent is as easy as giving it.

The main cookies and technologies we use:

  • tf_cookie_consent (Necessary, ~180 days) — remembers your cookie choices across both sites.
  • tf_country (Necessary, ~1 hour) — records whether you are in a region that requires a consent banner.
  • Google Analytics 4 / Tag Manager (Analytics, e.g. _ga, up to ~2 years) — aggregate usage measurement.
  • Microsoft Clarity (Analytics, e.g. _clck / _clsk, up to ~1 year) — session insights and heatmaps.
  • HubSpot (Marketing, e.g. hubspotutk, up to ~13 months) — operates the contact form and links enquiries to our CRM.

Contact form — HubSpot

Our contact page uses HubSpot to display and process contact-form submissions. The HubSpot embed loads on the contact page regardless of your cookie choices. This is necessary so you can always reach us — blocking the form behind a marketing-consent gate would deprive you of a communication channel, which GDPR does not require. The legal basis is legitimate interest (enabling you to contact us and us to respond). HubSpot may set its own cookies when you interact with the form; see HubSpot's privacy policy.

Service providers we share data with

We share information only with service providers ("processors") who help us run the Service, and only as needed. We do not sell your personal information. Our providers are:

  • Third-party AI / large-language-model providers — process the text you submit to format it (text is not stored by us).
  • Google (Analytics 4, Tag Manager) — aggregate usage analytics. policy
  • Microsoft (Clarity) — session insights and heatmaps. policy
  • HubSpot — contact form and CRM. policy
  • Cloudflare — content delivery, DNS, and security. policy
  • Supabase — backend infrastructure, including the consent log. policy
  • Hosting providers — host the website and application.

We may also disclose information where required by law, to protect our legal rights, or in connection with a merger, acquisition, or asset sale, in which case we will continue to protect it consistent with this policy.

International data transfers

Several of our providers are based in the United States or operate globally, so your information may be processed outside your home country, including outside the EU/UK/EEA. Where information is transferred internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or an applicable adequacy decision or certification offered by the relevant provider.

How long we keep information

  • Text you submit for formatting — not stored; processed and discarded.
  • Analytics data (Google Analytics 4) — retained up to 14 months, then deleted.
  • Session insights (Microsoft Clarity) — retained per Microsoft Clarity's retention policy.
  • Contact enquiries (HubSpot) — kept as long as needed to handle your enquiry and maintain our records.
  • Consent records — kept as needed to demonstrate compliance.

Your rights

EU, UK, and EEA (GDPR / UK GDPR)

You have the right to access your personal information; have it corrected or erased; restrict or object to its processing; data portability; and to withdraw consent at any time. You also have the right to lodge a complaint with your local data protection authority (in the UK, the Information Commissioner's Office).

California (CCPA/CPRA)

You have the right to know what personal information we collect and how we use it; to access, delete, and correct it; and to opt out of the "sale" or "sharing" of personal information. We do not sell or share your personal information as those terms are defined under California law. We will not discriminate against you for exercising these rights.

How to exercise your rights

Use our contact form to make a request. We will respond within the time required by applicable law and may need to verify your identity first.

Data security

We use technical and organisational measures appropriate to the data, including encryption in transit, restricted access to our backend, and minimising what we collect (for example, by not storing the text you format). No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Children's privacy

The Service is not directed to children. We do not knowingly collect personal information from children under 16 (or the minimum age set by your local law). If you believe a child has provided us with information, contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date above and, where changes are material, provide a more prominent notice.

Contact us

Questions about this policy or how we handle your information? Reach us through our contact page.