← Back to home

Privacy Policy

Last updated: May 2025 · GDPR Compliant

1. Data Controller

VerifAI is the data controller for personal data processed through this service, in accordance with the General Data Protection Regulation (GDPR, EU 2016/679).

2. Data We Collect

• Account data: Name, email address, hashed password (bcrypt).
• Content metadata: URLs, page titles, AI tool names, badge preferences.
• Billing data: Processed and stored by Stripe. We store only the Stripe Customer ID — never card numbers.
• Technical data: IP addresses (for rate limiting only, not stored), domain registrations.

3. How We Use Your Data

• Provide the labeling, certification, and reporting services.
• Process payments via Stripe.
• Send essential service notifications (plan changes, trial expiry).
• We do not sell, share, or use your data for advertising.

4. Legal Basis (GDPR Art. 6)

• Contract performance: Processing necessary to deliver the service you subscribed to.
• Legitimate interest: Security measures, fraud prevention, service improvement.

5. Data Storage & Security

Data is stored in encrypted SQLite databases on EU-hosted servers. Passwords are hashed with bcrypt. JWT tokens expire in 24 hours. All traffic is encrypted via TLS/HTTPS.

6. Third-Party Processors

• Stripe: Payment processing. Stripe Privacy Policy
• Caddy: TLS certificate management (Let's Encrypt).

7. Your Rights (GDPR Art. 15–22)

You have the right to: access your data, rectify inaccuracies, request deletion, restrict processing, data portability, and object to processing. Contact us to exercise these rights.

8. Data Retention

Account data is retained while your account is active. Upon account deletion, all personal data is permanently deleted within 30 days. Anonymized, aggregated statistics may be retained.

9. Cookies

We use only essential localStorage for authentication (JWT token). We do not use tracking cookies, analytics, or third-party trackers.

10. Contact

For privacy inquiries: privacy@verifai.com