VeridexCore Privacy Policy
Effective Date: March 8, 2026 Version: 1.0 Entity: VeridexCore (operated by VeridexCore Inc.)1. Introduction
This Privacy Policy describes how VeridexCore collects, uses, and protects information when you use the Service.
2. Information We Collect
Information You Provide
- GitHub Account Information. When you sign in via GitHub OAuth, we receive your GitHub username and public profile information. We do not receive or store your GitHub password.
- SOP Content. Text, files, or structured instructions you submit for capability generation.
- Payment Information. Payments are processed by Stripe, Inc. VeridexCore does not store credit card numbers or payment credentials.
Information Collected Automatically
- IP Address. Used for rate limiting and abuse prevention. Not stored persistently.
- Request Metadata. Timestamps, request paths, and response status codes for operational monitoring.
- Capability Artifacts. Generated capabilities, cryptographic receipts, and verification records are stored as part of the Service.
3. How We Use Information
- To provide and operate the Service, including capability generation, invocation, and verification.
- To authenticate users via GitHub OAuth.
- To process payments via Stripe.
- To enforce rate limits and prevent abuse.
- To emit receipt events to the VeridexCore transparency log for durable verification.
- To respond to support requests.
We do not sell, rent, or share personal information with third parties for marketing purposes.
4. Data Storage and Retention
- Capability artifacts and receipts are stored in Google Cloud Firestore in the us-central1 region.
- Receipt events are emitted to the VeridexCore transparency log for durable truth persistence.
- SOP content is processed in memory and stored only as part of the generated capability artifact.
- We retain capability data for as long as the Service is active or as required by law.
- You may request deletion of your data by contacting us.
5. Third-Party Services
The Service uses the following third-party services:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google Cloud Platform | Infrastructure, Firestore storage | https://cloud.google.com/terms/cloud-privacy-notice |
| Stripe | Payment processing | https://stripe.com/privacy |
| GitHub | OAuth authentication | https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement |
| Vercel | Landing page hosting | https://vercel.com/legal/privacy-policy |
6. Security
We implement reasonable technical and organizational measures to protect information, including:
- HMAC-SHA256 cryptographic signatures on all artifacts.
- HTTPS encryption for all API communications.
- Environment-based secret management (no hardcoded credentials).
- Per-IP rate limiting on all public endpoints.
7. Your Rights
You may:
- Request access to your data.
- Request correction of inaccurate data.
- Request deletion of your data.
- Withdraw consent for data processing where applicable.
Contact us to exercise these rights.
8. Children
The Service is not directed at individuals under 18 years of age. We do not knowingly collect information from children.
9. Changes
We may update this Privacy Policy from time to time. Material changes will be communicated via the Service. Continued use constitutes acceptance.
10. Contact
For privacy inquiries, contact the VeridexCore team via the channels listed on the landing page.
Document Control
| Version | Date | Status |
|---|---|---|
| 1.0 | 2026-03-08 | Active |