Privacy Policy

Last updated: May 30, 2026

1. Who we are

AiVerd("we", "us", "our") provides independent quality audits for AI chatbots. This Privacy Policy explains how we collect, use, and protect personal data when you use our website at ai-verd.comand related services (the "Service").

For the purposes of the EU/UK GDPR, AiVerd acts as the data controller for personal data we collect from account holders and visitors.

2. What data we collect

  • Account data. When you sign up, our authentication provider (Clerk) collects your email address, name (if provided), and authentication metadata (login times, session tokens, hashed passwords or third-party identity provider IDs).
  • Billing data. If you purchase a paid plan, our payment processor (Stripe) collects your billing details and payment method. We do not store full card numbers on our servers.
  • Audit content. Files, catalogs, chat transcripts, URLs, and other content you upload or submit for auditing.
  • Usage data. Log data such as IP address, browser type, pages viewed, and timestamps, collected via server logs and basic analytics.
  • Cookies. Strictly necessary cookies for authentication and session management. We do not use advertising cookies.

3. How we use your data

  • To create and manage your account and authenticate you.
  • To run audits you request and deliver reports.
  • To process payments and issue invoices.
  • To communicate with you about the Service (transactional emails, support replies, important changes).
  • To maintain security, prevent abuse, and debug issues.
  • To comply with legal obligations.

We do not sell your personal data, and we do not use your audit content to train third-party models without your explicit consent.

4. Legal bases (GDPR)

  • Contract. To provide the Service you have signed up for.
  • Legitimate interests. To secure the Service, prevent fraud, and improve our product.
  • Legal obligation. To meet tax, accounting, and other statutory requirements.
  • Consent. Where required (e.g. non-essential cookies, marketing emails). You can withdraw consent at any time.

5. Sub-processors we use

We rely on a small set of trusted vendors that process personal data on our behalf:

  • Clerk — authentication and user management.
  • Stripe — payment processing.
  • Vercel — application hosting and edge delivery.
  • Cloud database & storage providers — to store account, audit, and report data.
  • LLM providers (e.g. Anthropic, OpenAI) — to run audit evaluations on content you submit.

Each sub-processor is bound by a data processing agreement and provides appropriate safeguards for international transfers (e.g. EU Standard Contractual Clauses) where applicable.

6. Data retention

We keep account data for as long as your account is active. Audit content and reports are retained while needed to provide the Service and for a reasonable period afterwards for support and audit-trail purposes. Billing records are retained for the period required by applicable tax law (typically up to 7 years). You may request earlier deletion at any time (see Section 8).

7. Security

We use industry-standard security practices including TLS in transit, encryption at rest by our cloud providers, role-based access controls, and least-privilege engineering access. No system is perfectly secure; if we become aware of a breach affecting your personal data, we will notify you and the relevant supervisory authority as required by law.

8. Your rights

Subject to applicable law, you have the right to access, correct, delete, restrict, or port your personal data, and to object to certain processing. EU/UK residents may also lodge a complaint with their local supervisory authority.

To exercise any of these rights, email us at hello@ai-verd.com. We respond within 30 days.

9. International transfers

Some sub-processors are located outside the EEA/UK (primarily in the United States). Where we transfer personal data outside the EEA/UK, we rely on adequacy decisions or EU Standard Contractual Clauses combined with additional safeguards.

10. Children

The Service is not intended for children under 16, and we do not knowingly collect personal data from them.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via the Service or by email. The "Last updated" date at the top of this page indicates the latest revision.

12. Contact

Questions about this Privacy Policy or our data practices? Email hello@ai-verd.com.