Privacy Policy

About This Privacy Policy

This Privacy Policy ("Policy") describes how Terminal Labs LLC, a New York limited liability company ("Company," "we," "us," or "our"), collects, uses, discloses, retains, and protects personal information when you access or use the Verified AI AI-powered analysis platform, including the website at verifiedai.app, all associated mobile applications, APIs, and related services (collectively, the "Service"). This Policy also describes your rights and choices regarding your personal information.

By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with our practices, please do not use the Service. This Policy is incorporated into and subject to our Terms of Service.

1. Information We Collect

1.1 Information You Provide Directly.

• Account Registration Data: name, email address, username, and password.
• Profile Information: optional display name, bio, and avatar.
• User-Submitted Content: photographs and images of items you upload for AI-powered analysis ("Content"), community posts, captions, comments, and votes.
• Communications: messages you send to our support team, feedback, and survey responses.
• Payment Information: subscription transactions are processed by Apple App Store or Google Play; we do not directly collect or store your payment card details.

1.2 Information Collected Automatically.

• Device Information: device model, operating system and version, unique device identifiers (e.g., advertising ID, IDFV), screen resolution, and browser type.
• Usage Data: features accessed, scan frequency, session duration, referring URLs, pages viewed, and in-app actions.
• Log Data: IP address, access timestamps, app crash reports, and error logs.
• Location Data: approximate location derived from IP address. We do not collect precise GPS location.

1.3 Information from Third Parties. If you sign in using a third-party service (e.g., Apple Sign-In, Google), we receive basic profile information as authorized by your settings with that provider. We do not receive your password from any third-party provider.

1.4 Sensitive Personal Information. Under the California Consumer Privacy Act, as amended by the CPRA ("CCPA"), certain categories of personal information are classified as "sensitive personal information." We collect the following category: account login credentials (email/username in combination with password). We use this information solely for the purpose of providing and securing the Service.

2. How We Use Your Information

2.1 Service Delivery and Operations.

• Provide, operate, maintain, and improve the Service.
• Process images through our AI analysis engine and deliver Assessments.
• Enable community features, including sharing, voting, and commenting.
• Manage your account, process subscription transactions, and provide customer support.
• Send transactional notifications (e.g., account confirmation, security alerts, service updates).

2.2 Safety, Security, and Compliance.

• Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service.
• Comply with applicable legal obligations, law enforcement requests, and regulatory requirements.
• Enforce our Terms of Service and protect the rights, property, and safety of the Company, our users, and the public.

2.3 AI Model Improvement. We may use aggregated and de-identified data derived from user interactions and usage patterns to improve, train, and refine our AI models and algorithms. We do not use your personal information or identifiable Content to train our AI models without your explicit, affirmative consent. You may opt in through your Account Settings and withdraw consent at any time.

2.4 Analytics. We analyze aggregated usage trends to understand how users interact with the Service. Our analytics methods are designed to be privacy-preserving and do not create individual user profiles for advertising purposes.

3. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data based on the following legal grounds under the GDPR and UK GDPR:

• Performance of a Contract: processing necessary to provide the Service to you (Article 6(1)(b)).
• Legitimate Interests: processing for fraud prevention, security, analytics, and Service improvement (Article 6(1)(f)).
• Consent: processing based on your freely given consent, such as opting into AI model training (Article 6(1)(a)).
• Legal Obligation: processing necessary to comply with applicable laws (Article 6(1)(c)).

4. How We Share Your Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

4.1 Service Providers and Contractors. We share personal information with trusted third-party service providers who perform services on our behalf, including cloud hosting and infrastructure (e.g., Supabase, AWS), AI processing and analysis, payment processing (via Apple and Google app store platforms), customer support tools, and analytics. These providers are contractually obligated to maintain appropriate security measures.

4.2 Community Features. Content you voluntarily share through community features (posts, username, profile information, comments, and votes) is visible to other users of the platform.

4.3 Legal and Safety Disclosures. We may disclose personal information when we believe in good faith that disclosure is necessary to: (a) comply with applicable law; (b) enforce our Terms of Service; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of the Company, our users, or the public.

4.4 Business Transfers. In connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

4.5 With Your Consent. We may share your information for other purposes with your explicit consent.

5. Your California Privacy Rights (CCPA/CPRA)

This section applies to California residents and supplements the rest of this Policy.

5.1 Categories of Personal Information Collected. In the preceding twelve (12) months, we have collected: Identifiers; Internet or electronic network activity information; Photographs and images; Commercial information; Inferences; Sensitive personal information (account credentials).

5.2 Business Purposes. The categories listed above are collected for the purposes described in Section 2.

5.3 Sale and Sharing. We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.

5.4 California Consumer Rights. Subject to certain exceptions, California consumers have the right to:

• Right to Know/Access: request disclosure of the categories and specific pieces of personal information we have collected.
• Right to Delete: request deletion of personal information, subject to legal exceptions.
• Right to Correct: request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: although we do not sell or share, you may submit an opt-out request or use a Global Privacy Control (GPC) signal.
• Right to Limit Use of Sensitive Personal Information.
• Right to Non-Discrimination.

5.5 How to Exercise Your Rights. Contact us at privacy@verifiedai.app. We will respond within forty-five (45) days.

5.6 Authorized Agents. You may designate an authorized agent to submit a request on your behalf.

6. Additional State Privacy Rights

6.1 Virginia, Colorado, Connecticut, and Other State Laws. Residents of states with comprehensive privacy laws may have similar rights to access, delete, correct, and opt out of certain processing. Contact us at privacy@verifiedai.app.

6.2 Biometric Data Notice. Important Notice for Illinois Residents: Our AI models analyze visual characteristics of items and products — not human biometric features. We do not collect biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act (BIPA).

6.3 New York Privacy. The Service is operated by a New York limited liability company. We comply with all applicable New York consumer protection requirements. We extend the rights described in this Policy to all users regardless of location.

7. International Data Transfers

Your information may be processed and stored in the United States and other countries where our service providers operate.

7.1 Transfer Mechanisms. For transfers from the EEA or UK, we rely on: (a) Standard Contractual Clauses (SCCs); (b) the UK International Data Transfer Addendum; or (c) your explicit consent. Contact us at privacy@verifiedai.app for copies of applicable transfer mechanisms.

7.2 EEA/UK User Rights. EEA and UK users have the right to: (a) access their personal data; (b) rectify inaccurate data; (c) request erasure; (d) restrict processing; (e) data portability; (f) object to processing based on legitimate interests; and (g) lodge a complaint with a supervisory authority.

8. Data Retention

8.1 Retention Periods.

• Account Data: retained while your account is active and for a reasonable period thereafter.
• Content (Uploaded Images): stored in your scan history for the duration of your account. Deleted or anonymized within thirty (30) days of account deletion.
• Community Posts: remain visible until you or an administrator removes them. Deleted content retained in backups for up to ninety (90) days.
• Aggregated/De-identified Data: may be retained indefinitely.
• Log and Analytics Data: retained for up to twenty-four (24) months.

8.2 Account Deletion. You may delete your account at any time through Account Settings or by contacting privacy@verifiedai.app. We will delete or anonymize your personal information within thirty (30) days.

9. Data Security

We implement commercially reasonable safeguards including:

• Encryption of data in transit (TLS/HTTPS) and at rest.
• Secure access control with token-based sessions and salted, hashed passwords.
• Role-based access controls on a need-to-know basis.
• Regular security audits, penetration testing, and vulnerability assessments.
• Incident response procedures for detecting and responding to security events.

No method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Data Breach Notification

In the event of a security breach, we will: notify affected individuals without unreasonable delay (within sixty (60) days under CCPA; seventy-two (72) hours to supervisory authorities under GDPR where applicable); provide a description of the breach, categories of data affected, likely consequences, and measures taken; and notify applicable regulatory authorities as required by law.

11. Children's Privacy

The Service is not directed to anyone under the age of eighteen (18). We do not knowingly collect personal information from anyone under 18. If we learn that we have collected such information, we will delete it promptly. With respect to children under 13, we comply with the Children's Online Privacy Protection Act (COPPA). Contact us at privacy@verifiedai.app if you believe a child has provided personal information.

12. Cookies, Local Storage, and Tracking Technologies

12.1 Technologies We Use. We use local storage on your device to store session tokens, language preferences, and app settings. We may also use cookies on our website for session management and access control.

12.2 No Third-Party Advertising Cookies. We do not use third-party advertising cookies or tracking pixels. We do not participate in ad networks or serve targeted advertisements.

12.3 Do Not Track / Global Privacy Control. We honor Do Not Track (DNT) and Global Privacy Control (GPC) signals.

12.4 Analytics. If we use analytics services, they employ privacy-preserving, aggregated methods that do not create individual user profiles.

13. Third-Party Links and Services

The Service may contain links to third-party websites or services not operated by us. We have no control over, and assume no responsibility for, the content or privacy policies of third-party sites. We encourage you to review their privacy policies before providing personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Service or by email at least thirty (30) days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the changes.

15. Contact Information

For privacy-related inquiries, to exercise any of your rights, or to submit a complaint, please contact:

Terminal Labs LLC
Privacy Team
Email: privacy@verifiedai.app
Website: verifiedai.app/privacy

We will respond to all privacy-related requests within thirty (30) days, or within the timeframe required by applicable law.

Supplemental Notice at Collection

This Supplemental Notice at Collection is provided to California consumers pursuant to CCPA § 1798.100(a).

Categories of Personal Information Collected: Identifiers; internet/electronic network activity; photographs/images; commercial information; inferences; sensitive personal information (account credentials).

Purposes of Collection: Service delivery; AI-powered analysis; community features; account management; safety and security; legal compliance; analytics and Service improvement (using aggregated/de-identified data only).

Retention: As described in Section 8. Account data retained while active; deleted within 30 days of account deletion. Log data retained up to 24 months.

Sale/Sharing: We do not sell your personal information. We do not share for cross-context behavioral advertising.

Your Rights: Right to know, delete, correct, opt out, limit use of sensitive personal information, and non-discrimination.

Contact: privacy@verifiedai.app