Verba AI

Legal

Privacy Policy

Last updated: April 5, 2026

This Privacy Policy explains how Verba AI ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our website and services at verba-ai.com (the "Service"). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

Information you provide

  • Account information: name, email address, and password (stored as a secure hash) when you create an account, or your name, email, and profile picture when you sign in with Google.
  • Text content: essays, documents, and text you submit for AI detection, rewriting, or plagiarism checking.
  • Payment information: when you subscribe to a paid plan, payment details are collected and processed by Stripe. We never see or store your full card number. We receive only the last 4 digits, card brand, and Stripe customer ID.

Information collected automatically

  • Cookies: we use a session cookie to keep you signed in. We do not use advertising or tracking cookies.
  • Usage data: we track feature usage counts (e.g., number of analyses per day) to enforce plan limits. This data is stored in Redis and expires automatically.
  • Server logs: our hosting provider (Vercel) may collect IP addresses, request timestamps, and basic device information as part of standard infrastructure operation.

2. How We Use Your Information

  • To provide the Service: process your text through AI detection, rewriting, and plagiarism checking features.
  • To manage your account: authenticate you, maintain your session, and store your saved essays and results.
  • To process payments: manage subscriptions and billing through Stripe.
  • To enforce rate limits: track usage against your plan limits.
  • To communicate with you: send service-related emails such as password resets and billing notifications.

We do not use your submitted text to train any AI models. We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Third-Party Services

To provide the Service, we share certain data with the following third-party providers. Each processes data under their own privacy policies:

OpenAI

Text you submit for AI detection and rewriting may be sent to OpenAI's API for processing. Under OpenAI's API data usage policy, API inputs and outputs are not used to train their models and are retained for up to 30 days for abuse monitoring before deletion.

Google (Gemini API)

Text you submit may also be processed through Google's Gemini API. Under Google's API terms, data sent through paid API tiers is not used for model training.

Stripe

Stripe handles all payment processing. When you subscribe to a paid plan, Stripe receives your name, email, billing address, and payment card details. Verba AI does not store credit card numbers.

Google OAuth

If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not access any other Google account data.

Supabase

User accounts, essays, and analysis results are stored in a PostgreSQL database hosted by Supabase.

Upstash

Rate-limiting counters are stored in Upstash Redis. This data is ephemeral and expires automatically.

Vercel

The Service is hosted on Vercel. Vercel may process IP addresses and request metadata as part of standard hosting operations.

4. Data Retention

  • Account data: retained as long as your account is active. Deleted within 30 days of an account deletion request.
  • Submitted text: text submitted for analysis is processed in memory and is not permanently stored by Verba AI beyond your saved results.
  • Saved essays and results: retained in our database until you delete them or delete your account.
  • Payment records: Stripe retains billing records per their policies and applicable tax and accounting laws.
  • Rate-limiting data: expires automatically based on your plan's billing cycle.

5. Data Security

We use industry-standard security measures to protect your data, including HTTPS/TLS encryption for all data in transit and secure password hashing. Paid plans include encryption at rest for stored data. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

6. Cookies

Verba AI uses only strictly necessary cookies for authentication. We use a session cookie to keep you signed in while you use the Service. We do not use any advertising, analytics, or third-party tracking cookies.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

All users

  • Access, correct, or delete your personal information through your account settings or by contacting us.
  • Cancel your subscription at any time from your account settings.
  • Request a copy of your data by contacting us at the email below.

European Economic Area (GDPR)

  • Right to access, rectify, erase, restrict processing, and port your data.
  • Right to object to processing and to withdraw consent.
  • Our legal basis for processing is contract performance (providing the service you signed up for) and legitimate interest (security, rate limiting, fraud prevention).
  • We will respond to requests within 30 days.

California (CCPA/CPRA)

  • Right to know what personal information is collected and how it is used.
  • Right to delete your personal information.
  • Right to opt out of the sale of personal information — we do not sell your personal information.
  • Right to non-discrimination for exercising your rights.

To exercise any of these rights, contact us at verbaai.support@gmail.com.

8. Children's Privacy

Verba AI is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us.

9. International Data Transfers

Your data may be transferred to and processed in the United States, where our service providers (including Supabase, Vercel, OpenAI, and Stripe) operate. If you are located outside the United States, you consent to the transfer of your data to the United States. Our service providers maintain appropriate safeguards for international data transfers, including Standard Contractual Clauses where required.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at: verbaai.support@gmail.com