1. Who we are
Touchstone Labs ("Touchstone", "we") operates this site as an AI governance advisory tool. Contact:
hello@extrafemi.com.
2. What we collect
- Request-access form: name, email, company, role, project description, optional URLs and files you choose to attach.
- Survey & Checklist: your answers are stored only in your browser (localStorage). We do not receive them.
- AI keys: any AI provider API key you enter is stored only in your browser's localStorage and sent directly to that provider. Touchstone servers never see it.
- Server logs: standard request logs (IP, user-agent, timestamp) retained up to 30 days for security and abuse prevention.
3. Lawful basis (GDPR)
Legitimate interest (security, abuse prevention, responding to your access request) and consent (form submission, file uploads). You may withdraw consent at any time by emailing us.
4. Sub-processors
- Lovable / Cloudflare Workers — hosting and edge compute (EU/global).
- VirusTotal (Google) — files you upload via the request form are sent to VirusTotal for malware scanning. VirusTotal may retain uploaded files. Do not upload secrets, credentials or personal data.
- Your chosen AI provider (OpenAI, Anthropic, Google, OpenRouter) — called directly from your browser using your own key. Touchstone is not a processor for these calls.
5. Your rights
Under GDPR/UK GDPR you have the right to access, rectify, erase, restrict, port and object to processing of your personal data, and to lodge a complaint with a supervisory authority. Email
hello@extrafemi.com to exercise these rights.
6. Cookies & tracking
We do not use advertising cookies or third-party analytics. Theme preference and your locally-stored answers use localStorage, which is functional and does not require consent under ePrivacy.
7. Children
The service is not directed to anyone under 16.
8. Changes
We will update the "last updated" date when this notice changes. Material changes will be flagged on the homepage.