Legal
Privacy Policy
Last updated: July 16, 2026
What we collect
- Account data: Your email address when you sign in. Nothing else is required.
- Content you provide: Transcripts or posts you paste in, used only to generate your output. Raw inputs are not stored beyond the immediate request.
- Voice profile data: If you save a voice profile, your exemplar posts and the extracted style fingerprint are stored in our database, linked to your account, until you delete them.
- Usage data: Which tool you used, credit balance changes, and timestamps. No raw content is stored in usage logs.
- Analytics: We use PostHog (self-hosted option available) for product analytics — page views, feature usage, funnel events. PostHog is configured with
person_profiles: "identified_only"so anonymous visitors are not profiled. - Session cookies: One httpOnly, secure, sameSite cookie holding your session ID. No third-party tracking cookies.
What we don't do
- We do not sell your data to anyone.
- We do not use your inputs to train AI models (ours or any third party's).
- We do not run third-party advertising trackers.
- We do not share your email with anyone except for sending you sign-in links.
Third-party services
We use the following sub-processors:
- OpenAI— AI inference. Your inputs are processed under OpenAI's API terms (they do not train on API data by default).
- Resend — Transactional email for sign-in links.
- Railway— Hosting and database. Data is stored in Railway's infrastructure.
- PostHog — Product analytics (EU or US hosted, depending on your region).
- Google — If you choose Google sign-in, Google authenticates you and shares your email and verification status with us. We receive nothing else.
Data retention and deletion
Your account and all associated data (voice profiles, credit ledger) are retained while your account is active. To request deletion, email hello@verbatrum.com from your registered address. We will delete everything within 14 days and confirm.
Security
Sessions use httpOnly, secure, sameSite cookies. Magic-link tokens are single-use, short-lived, and stored only as a SHA-256 hash (the raw token is never persisted). Database connections use TLS. We apply HTTP security headers (CSP, HSTS, etc.) on all responses.
Your rights (GDPR / Indian DPDP)
You have the right to access, correct, or delete your personal data at any time. Contact us at hello@verbatrum.com. We will respond within 30 days.
Changes to this policy
We may update this policy. Material changes will be communicated by email (if you have an account) and noted with a new “Last updated” date at the top.