Verdict

Privacy Policy

Last Updated: January 2025

1. Introduction

Verdict ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multi-LLM consensus research platform ("Platform", "Service"). Please read this Privacy Policy carefully. By using the Platform, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, username, password, and profile information
  • API Keys: Encrypted API keys for AI providers (stored using AES-256-GCM encryption)
  • Documents: Files you upload for RAG integration (PDF, TXT, DOCX, MD)
  • Debate Content: Questions, messages, and other content you create in debates
  • Preferences: Language preferences, notification settings, and other user preferences

2.2 Automatically Collected Information

When you use the Platform, we automatically collect certain information, including:

  • Usage Data: How you interact with the Platform, features used, and time spent
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP address, access times, pages viewed, and referring URLs
  • Cookies and Tracking: Cookies, web beacons, and similar tracking technologies

2.3 Information from Third Parties

We may receive information from third-party services you connect to the Platform, including:

  • Authentication Providers: Information from Google, X (Twitter), or other OAuth providers
  • AI Providers: Usage data and billing information from AI service providers when using your API keys

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Platform and its features
  • Process and facilitate debates, including orchestrating AI model interactions
  • Store and process your documents for RAG integration
  • Manage your API keys securely and use them to access AI services on your behalf
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our Terms of Use
  • Personalize your experience and provide content relevant to your interests

4. How We Share Your Information

4.1 Public Content

Content you mark as "public" may be visible to all Platform users and may be indexed by search engines. This includes:

  • Public debates and their transcripts
  • Your public profile information
  • Public messages and contributions

4.2 Service Providers

We may share your information with third-party service providers who perform services on our behalf, including:

  • AI Providers: When you use your API keys, we transmit requests to AI providers (OpenAI, Anthropic, Google, etc.) on your behalf
  • Cloud Services: Hosting, database, and storage providers (e.g., Vercel, PostgreSQL, Pinecone)
  • Analytics: Services that help us understand how users interact with the Platform
  • Email Services: For sending notifications and invitations (e.g., AWS SES)

4.3 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities, including:

  • To comply with legal obligations or court orders
  • To protect our rights, privacy, safety, or property
  • To prevent or investigate possible wrongdoing in connection with the Platform
  • To protect the personal safety of users or the public

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: API keys and sensitive data are encrypted using AES-256-GCM encryption
  • Secure Connections: All data transmission uses HTTPS/TLS encryption
  • Access Controls: Strict access controls and authentication mechanisms
  • Database Security: Encrypted database connections and secure storage
  • Regular Audits: Security audits and vulnerability assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. API Key Security

Your API keys are handled with the highest level of security:

  • API keys are encrypted at rest using AES-256-GCM encryption
  • Keys are never transmitted to the frontend or exposed in client-side code
  • Keys are only used server-side to make API calls on your behalf
  • You can revoke or update your keys at any time through workspace settings
  • We do not access or use your keys except as necessary to provide Platform services
  • Keys are scoped to your workspace and accessible only by workspace members

7. Data Retention

We retain your information for as long as necessary to:

  • Provide the Platform services to you
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements
  • Maintain security and prevent fraud

When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal or legitimate business purposes. Note that:

  • Public debates may remain visible even after account deletion
  • Some information may be retained in backup systems for a limited period
  • We may retain anonymized, aggregated data for analytics purposes

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

8.1 Access and Portability

You can access and download your data through your account settings or by contacting us.

8.2 Correction and Deletion

You can update your account information at any time. You can request deletion of your account and data by contacting us.

8.3 Opt-Out

You can opt out of certain communications and data processing activities through your account settings.

8.4 GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

8.5 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and authentication state
  • Remember your preferences and settings
  • Analyze Platform usage and performance
  • Provide personalized content and features

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of the Platform.

10. Children's Privacy

The Platform is not intended for users under the age of 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately, and we will take steps to delete such information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the Platform, you consent to the transfer of your information to these countries. We take appropriate safeguards to ensure your information receives adequate protection in accordance with this Privacy Policy.

12. Third-Party Services

The Platform integrates with third-party services, including AI providers, cloud services, and authentication providers. These services have their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of third-party services.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: privacy@verdict.ai
  • Platform: Through the contact form or support channels on the Platform

15. Data Protection Officer

For users in the European Economic Area (EEA), if you have questions or concerns about our data processing activities, you may contact our Data Protection Officer at dpo@verdict.ai.