Legal

Privacy Policy

Last updated: January 1, 2025

1. Information We Collect

We collect the following types of information:

  • -Account information: Email address and display name provided during registration
  • -Memory data: Content you store through the API, including memory items, tags, and metadata
  • -Usage data: API call patterns, timestamps, and request metadata for rate limiting and analytics
  • -Audit logs: Records of authentication events and administrative actions

2. How We Use Your Information

We use collected information to:

  • -Provide, maintain, and improve the Service
  • -Generate vector embeddings for semantic search functionality
  • -Enforce rate limits and prevent abuse
  • -Send service-related notifications (e.g., magic link emails)
  • -Provide audit trails for security and compliance

3. Data Storage and Security

Your data is stored in encrypted PostgreSQL databases with pgvector extensions. File artifacts are stored in S3-compatible object storage. All data in transit is encrypted via TLS. API keys are hashed using bcrypt before storage. We implement role-based access control (RBAC) to ensure users can only access data within their authorized scope.

4. Third-Party Services

We use OpenAI's embedding API to generate vector representations of your memory items for semantic search. Content sent to OpenAI is processed according to their API data usage policy (not used for training). We do not share your data with any other third parties for marketing or advertising purposes.

5. Data Retention

Active memory items are retained for the duration of your account. Deprecated memory items are retained for 90 days before automatic cleanup. Candidate items that are not verified within the configured expiry period are automatically removed. Upon account deletion, all associated data is permanently removed within 30 days.

6. Your Rights

You have the right to:

  • -Access and export your data at any time via the API
  • -Request correction or deletion of your personal information
  • -Revoke API keys and terminate your account
  • -Object to processing where applicable under GDPR

7. Self-Hosted Deployments

If you self-host veriova, your data remains entirely on your own infrastructure. This privacy policy applies only to the hosted service at veriova.com. Self-hosted users are responsible for their own data protection and compliance measures.

8. Contact

For privacy-related questions or to exercise your data rights, contact us at hello@veriova.com.