VEROAI Privacy Policy (Informativa sulla Privacy)
Effective Date: 11/11/2025
1. Introduction
This Privacy Policy describes how VEROAI ("VEROAI," "we," "us," or "our") collects, uses, processes, and stores the personal data of Users accessing the VEROAI Platform. We are committed to protecting your privacy in full compliance with the General Data Protection Regulation (GDPR - Regulation (EU) 2016/679) and the Italian Privacy Code (D. Lgs. 196/2003, as amended).
2. Data Controller
The Data Controller responsible for the processing of your personal data is:
VEROAI
Milano, Italy.
Privacy@veroai.app
3. Data We Collect and Purposes of Processing
We collect and process personal data for the following purposes and legal bases:
|
Category of Data |
Data Collected |
Purpose of Processing |
Legal Basis (GDPR Art. 6) |
|
Registration Data |
Name, Email Address, Password (hashed) |
To manage your account, verify your identity, and provide access to the services. |
Performance of a contract (TOS). |
|
Usage Data |
Log data (IP address, browser type, timestamps, pages visited). |
To monitor service performance, diagnose technical issues, and improve the Platform experience. |
Legitimate interest of the Controller (security and service improvement). |
|
Input & Output Content (Artifacts) |
Text prompts, generated results (text, images, code, audio), user preferences, and data persistence records. |
To fulfill your request (generate content), save your work using Firebase/Firestore, and improve AI model accuracy (as per TOS 3.6). |
Performance of a contract (TOS). |
|
Payment Data |
Subscription tier, transaction history (Processed via a third-party gateway; we do not store full credit card details). |
To manage payments, billing, and subscription access. |
Performance of a contract (TOS). |
4. How We Store and Protect Your Data
4.1 Data Persistence: User Artifacts (Input and Output) are stored using Firebase Firestore.
* Private Data: Stored in secure collections linked to your unique User ID: /artifacts/{appId}/users/{userId}/...
* Public Data: Stored in collaborative collections: /artifacts/{appId}/public/data/...
4.2 Security Measures: We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access control mechanisms, and regular security assessments, to protect against unauthorized access, alteration, disclosure, or destruction of your personal data.
4.3 Location of Processing: Your data may be processed and stored within the European Union (EU) or the European Economic Area (EEA). If data is transferred outside the EEA, we ensure the transfer is protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs).
5. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purpose of satisfying any legal, accounting, or reporting requirements.
-
Account Data: Retained for the duration of your active account and for a reasonable period thereafter to meet legal obligations.
-
Artifacts (Input/Output): Retained as long as your account is active to provide the service persistence feature. Upon account deletion, we will initiate the deletion of your Artifacts within a maximum of [e.g., 90 days], subject to backup retention policies.
6. Your Rights Under GDPR (Articoli 15-22)
As a User, you have the following rights regarding your personal data:
-
Right of Access (Diritto di Accesso): To obtain confirmation whether your data is being processed and to access it.
-
Right to Rectification (Diritto di Rettifica): To have inaccurate or incomplete data corrected.
-
Right to Erasure ('Right to be Forgotten' - Diritto all'Oblio): To request the deletion of your data under certain conditions.
-
Right to Restriction of Processing (Diritto di Limitazione): To restrict the processing of your data under certain conditions.
-
Right to Data Portability (Diritto alla Portabilità): To receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
-
Right to Object (Diritto di Opposizione): To object to the processing of your personal data based on legitimate interest or for direct marketing purposes.
To exercise any of these rights, please contact us using the contact details provided in Section 2.
7. Right to Lodge a Complaint
If you believe that the processing of your personal data infringes GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement. In Italy, the supervisory authority is the Garante per la protezione dei dati personali.
8. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on the Platform and updating the "Effective Date" at the top of the policy.