Privacy Policy

1. Introduction

Veristrom ("we," "us," or "our") operates the website and application at veristrom.ai. This Privacy Policy explains how we collect, use, store, and share your information when you use our privacy-first AI chat platform.

By using Veristrom, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address — required for both Google Sign-In and guest (email PIN) authentication
• Display name — provided by Google if you use Google Sign-In, or derived from your email address for guest accounts
• Authentication provider — whether you signed in with Google or email PIN

2.2 Chat Data

When you use Veristrom to chat with AI models, we store:

• Customer data silo approach — ensures each customer data is structurally protected and walled off from other customers data via tight coupling of authentication, encryption and other data security mechanisms
• Your messages — the text you send after making your redaction/approval choices in encrypted format
• AI responses — replies from the AI model you selected are stored in encrypted format
• Conversation metadata — topic titles, the AI model used (ChatGPT, Claude, or Gemini), and timestamps

2.3 Files You Upload

When you attach files (PDF, DOCX, CSV, JSON, TXT, and others) for PII scanning:

• File content is processed and scanned for PII data entirely in your browser
• Only after the redaction/approval/modification process, the content in the file be sent to the AI vendor.
• This content will be saved in encrypted format on the server.

2.4 PII Detection

Our PII scanning engine runs entirely client-side in your web browser. No text is sent to any external service for scanning. The detection uses pattern-matching rules to identify items such as email addresses, phone numbers, Social Security numbers, credit card numbers, API keys, passwords, physical addresses, and other sensitive data types.

2.5 Security and Log Data

For security and abuse prevention, we collect:

• Hashed IP address — your IP address is one-way hashed with a secret salt and truncated. We never store your raw IP address.
• User-Agent string — your browser identifier, truncated to 200 characters, recorded at login
• Login timestamps — when you signed in and how many times

3. How We Use Your Information

We use the information we collect to:

• Authenticate you and maintain your session
• Route your messages to the AI model you selected (ChatGPT, Claude, or Gemini)
• Store your chat history so you can return to previous conversations
• Monitor security using hashed IPs and login events to detect abuse
• Send transactional emails — one-time login PINs for email-based authentication

4. Third-Party Services

Veristrom integrates with several third-party services. When you use our platform, your data may be shared with these providers as described below:

Service	Data Shared	Purpose
Anthropic (Claude)	Chat messages and conversation history (up to 50 prior messages)	AI model responses
OpenAI (ChatGPT)	Chat messages and conversation history (up to 50 prior messages)	AI model responses
Google (Gemini)	Chat messages and conversation history (up to 50 prior messages)	AI model responses
Google Sign-In	Email address, display name	Authentication
Transactional email provider	Email address, login PIN	Transactional email delivery
Cloud infrastructure provider	All server-side data	Infrastructure hosting (US-based data centers)
CDN and security provider	Network traffic metadata (IP address)	Content delivery, DNS, and DDoS protection
Font delivery services	IP address (standard HTTP request)	Font delivery

Your chat messages are sent only to the AI model provider you select. If you choose Claude, your messages are not sent to OpenAI or Google, and vice versa.

Each third-party provider processes your data under their own privacy policies. For details on how each AI provider handles data, please refer to the privacy policies of Anthropic, OpenAI, and Google respectively.

5. Data Storage and Retention

5.1 Server-Side Storage

Your data is stored in a fully managed, encrypted cloud database hosted in US-based data centers. All data is encrypted at rest using industry-standard encryption keys.

We retain your account information, chat history, and login events until you delete them or delete your account. There is no automatic expiration on this data.

Login PINs are temporary and automatically expire after 10 minutes.

5.2 Client-Side Storage

Veristrom stores the following in your browser:

• Your session token and basic account information
• A local cache of your chat history for faster loading
• Your current conversation topic selection

All client-side data is cleared when you log out.

5.3 Server Logs

Our application generates security audit logs stored in a secure cloud logging service. These logs may include your email address, hashed IP address, and event metadata (such as login events and scan activity summaries). Logs are retained per our cloud provider configuration and are not accessible to end users.

6. Your Rights and Choices

You have control over your data. Veristrom provides the following in-app capabilities:

• Delete individual conversations — remove a specific topic and all its messages
• Delete all chat history — clear all stored conversations at once
• Delete your account — permanently remove your account and all associated data, including your user profile, chat history, conversation topics, and login event history

For any additional data requests — including data export, correction, or questions about your data — contact us at [email protected].

7. Cookies and Tracking

Veristrom does not set any cookies and does not use any analytics or tracking tools. We do not use Google Analytics, Facebook Pixel, or any similar services.

However, third-party scripts loaded on our platform (specifically for social sign-in) may set their own cookies under their respective domains. These are governed by the respective provider's privacy policy.

8. Security

We implement the following measures to protect your data:

• Encryption in transit — all communication uses HTTPS (TLS)
• Encryption at rest — data is encrypted with industry-standard encryption keys
• Token-based authentication — security tokens expire after 24 hours
• IP hashing — IP addresses are one-way hashed and never stored in raw form

No system is 100% secure. If you discover a security vulnerability, please report it to [email protected].

9. Children's Privacy

Veristrom is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us at [email protected] and we will take steps to delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective Date" at the top of this page. We encourage you to review this page periodically to stay informed about how we protect your data.

11. Contact Us

If you have any questions about this Privacy Policy or your data, please contact us:

• Email: [email protected]