DebateAI is a voice-first adversarial-argument trainer. To make that work, we collect the minimum we need: a sign-in identity (if you sign in), the debate rounds you generate, and the technical signals every web app collects. We don't sell your data, we don't run ad trackers, and we don't train third-party models on your private rounds. Voice audio is streamed peer-to-peer to OpenAI's Realtime API and never stored on our servers.
DebateAI ("we", "us", "our") operates the web app at debateai.com. The service is run by an independent developer based in the United States. The contact address for privacy questions, data-access requests, and deletion requests is feedback@debateai.com.
If you sign in, we receive your Google account email address and display name via Google OAuth (handled by Firebase Authentication). We do not see, store, or transmit your Google password. We use this to identify your account across sessions, attribute usage against your free or paid quota, and let you save rounds to your profile.
You can use the app anonymously without signing in. In that case we have no identifier for you beyond a randomly generated session ID held in your browser and the technical signals listed below.
When you generate a case, run a rebuttal, request a judge ballot, or hold a typed or voice debate, we store the prompt, the AI's reply, the motion, the format, and the timestamp in our database (Google Firestore). This feeds two product features:
If you want a specific round removed from this loop, email us with the round identifier and we will delete it.
If you start a voice round, your microphone audio is captured by your browser and streamed directly to OpenAI's Realtime API over WebRTC using a short-lived ephemeral token that our server mints. Our servers are not in the audio path; we do not record, buffer, or store your raw audio. After the round ends, the text transcript produced by OpenAI's speech-to-text is sent back through our server so the same learning loop described above can apply. OpenAI's handling of audio is governed by OpenAI's privacy policy.
While the product is in public beta, every tier is free and we do not collect payment information. When billing turns on for the announced tiers (BYOK, Individual, Lifetime, Team), payment is processed by Stripe. We never see your full card number, CVC, or bank credentials. Stripe returns to us a customer ID, the last four digits of your card, your billing country, and the subscription status. Stripe's handling is governed by Stripe's privacy policy.
Every request to the site logs the standard web-server fields: IP address, user agent, the URL requested, the referrer, and a timestamp. We use these to rate-limit abuse, debug failures, and produce aggregate usage statistics. IP addresses are hashed before they are stored against your account quota. Raw access logs are retained for up to 30 days by our hosting provider (Netlify).
The app uses your browser's localStorage and sessionStorage to remember your preferences (theme, last-used format, draft text, anonymous-session quota counter) and uses cookies set by Firebase Authentication to keep you signed in. We do not set advertising cookies. We do not use Facebook Pixel or other third-party cross-site tracking pixels on the app. For first-party product analytics (which screens are visited, which features are used, where users get stuck) we use Firebase Analytics and Google Analytics 4. Microsoft Clarity is wired into the codebase for optional session-replay and heatmaps, gated behind a project ID; it is not active by default. You can clear all of this at any time by clearing site data for debateai.com in your browser, and you can opt out of GA on the broader web via Google's opt-out add-on.
We use the following sub-processors to deliver the service. Each is bound by its own privacy and security commitments at the links below. We do not authorize any of them to use your private content to train their public foundation models. Provider-side enterprise / API agreements (which we operate under) generally exclude API-submitted data from training; you should review each provider's policy for the current details.
| Provider | Purpose | Policy |
|---|---|---|
| Google Firebase | Authentication, Firestore database, hosting of your saved rounds and profile, Firebase Analytics for first-party product analytics. | Firebase privacy |
| Google Analytics 4 | First-party product analytics (pageviews, feature events). Property ID is account-scoped to DebateAI; data is not shared for advertising. | Google privacy |
| Netlify | Static site hosting, edge functions, request logs. | Netlify privacy |
| Anthropic | Claude AI brain (case generation, rebuttals, judging). | Anthropic privacy |
| OpenAI | GPT AI brain; Realtime voice; text-to-speech fallback. | OpenAI privacy |
| Google AI | Gemini AI brain. | Gemini terms |
| xAI | Grok AI brain. | xAI privacy |
| DeepSeek | DeepSeek AI brain. | DeepSeek privacy |
| OpenRouter | Open Lab brain pool (Hermes, Mistral, Qwen, Llama). | OpenRouter privacy |
| ElevenLabs | Premium text-to-speech (Pro tier). | ElevenLabs privacy |
| Inworld | Optional premium text-to-speech (Pro tier). | Inworld privacy |
| Cartesia | Optional premium text-to-speech (Pro tier A/B). | Cartesia privacy |
| Stripe | Payment processing (when billing is active). | Stripe privacy |
| Daily.co | Video rooms for live human-vs-human debates. | Daily privacy |
When you start a typed round, only one brain you select is called. When you start a voice round, only OpenAI Realtime is called. When you run an AI-judged ballot, the panel may call several brains in parallel as documented on the round page.
If you use the BYOK tier, you provide your own Anthropic API key. We store the key encrypted at rest, scoped to your account, and use it only to call the Anthropic API on your behalf for rounds you initiate. We do not use BYOK keys for other users. You can rotate or delete the key at any time from your account settings. BYOK is Anthropic-only; we will refuse cross-provider keys with a labeled error.
Our Firebase project is hosted on Google Cloud's multi-region US infrastructure. Netlify serves traffic from edge locations worldwide but persistent storage is in the United States. By using the service from outside the United States, you consent to the transfer of your data to the United States for processing. We rely on the standard contractual mechanisms each sub-processor publishes for international transfers.
Regardless of where you live, you can:
Users in the European Economic Area, the United Kingdom, Switzerland, and California have additional statutory rights under the GDPR, UK GDPR, and CCPA/CPRA. The rights above already cover the substantive list; for formal regulator-facing requests, email feedback@debateai.com with the words "data subject request" in the subject and we will respond within the statutory window. We do not sell or share personal information for cross-context behavioral advertising under the CCPA/CPRA definitions.
The service is not directed at children under 13. Do not create an account or use the voice round if you are under 13. Users between 13 and 18 should use the service with the supervision and consent of a parent or guardian; school-team accounts are intended to be administered by an adult coach. If we learn that we hold data for a user under 13, we will delete it promptly. Reports of suspected underage use go to feedback@debateai.com.
We use HTTPS everywhere, Firebase App Check on the AI brain endpoints, server-side per-IP rate limits on anonymous traffic, encrypted-at-rest storage in Firestore, and short-lived ephemeral tokens for the WebRTC voice path so the OpenAI API key is never sent to your browser. No internet service can promise perfect security; if you believe an account has been compromised, email us immediately at feedback@debateai.com.
The AI's case generation, rebuttals, judging ballots, scores, and feedback are produced by large language models. They are designed for debate practice and are not human judgments. Scores and rankings are not used to make decisions with legal or similarly significant effects on you. You should treat AI output as practice feedback, not as professional coaching, legal, academic, or admissions advice. See the Terms of Service for the full disclaimer.
If we make material changes, we will update the "Last updated" date at the top of this page and, for signed-in users, surface a notice in the app the next time you sign in. The current version is always available at debateai.com/privacy.
Questions, deletion or export requests, security reports, or regulator-facing inquiries: feedback@debateai.com. We aim to respond within 7 days for general questions and within the statutory windows (typically 30 days) for formal data-subject requests.