Crit

Privacy Policy

Last updated: February 2026

Who operates this

Crit is operated by Tomasz Tomczyk as an independent open-source project.

Local use

When you use Crit locally (without sharing), no data leaves your machine. Documents and comments are stored only in files on your computer.

CLI update check

On startup, the Crit CLI contacts api.github.com to check for a new version. This request includes your IP address and current Crit version as the User-Agent header. GitHub's privacy policy governs how GitHub handles this data. You can disable the update check by setting CRIT_NO_UPDATE_CHECK=1.

Shared reviews

When you share a review, the following is stored on our servers:

  • The document content (markdown text)
  • Any comments included at the time of sharing
  • The time the review was created

Comments added by anyone who visits the shared link are also stored on our servers, subject to the same 30-day retention policy.

This data is accessible to anyone with the share link. The link is a secret URL that serves as the only access control. There are no passwords or user accounts.

Anonymous session

When you view a shared review, we set a session cookie containing a randomly generated anonymous identifier. This lets you edit or delete comments you left in that session. The identifier is not linked to any personal information and is not used for tracking.

Tracking

We do not use analytics or advertising trackers on this site.

The homepage includes an embedded YouTube video. If you visit the homepage, YouTube (Google) may set cookies and collect data according to Google's privacy policy. No other third-party embeds are used anywhere on this site.

Server logs

Our server records standard HTTP access logs (IP address, timestamp, path, response code). These are used solely for debugging and abuse prevention. IP addresses are also used in memory for rate limiting. These are not persisted beyond what appears in access logs. Server logs are retained for approximately 30 days and then deleted.

Infrastructure

This service runs on Fly.io. Fly.io may retain their own infrastructure-level logs.

Data retention

Shared reviews are retained for 30 days from the date of last activity, then deleted automatically. You can delete a shared review at any time using the Unpublish button in Crit.

Contact

For privacy questions, open an issue on GitHub. For sensitive requests (such as data deletion), email tom@crit.live.