VERACHI
Sign In Book a Demo
Privacy Policy

Insight, not surveillance.

Verachi tracks decisions and operational context — never employee productivity, keystrokes, or individual performance. Trust is a product feature, not a marketing claim.

Effective: March 15, 2026 · Last updated: March 15, 2026
The Verachi Trust Contract

What we track — and what we never will.

This is the foundation of everything we build. If a feature contradicts these principles, the feature doesn't ship.

What we track

Decision context

We capture decisions, their rationale, source artifacts, linked projects, and confidence scores. This is operational context — the "why" behind the "what."

  • Decision records and rationale
  • Source citations (Slack threads, Jira tickets, GitHub PRs)
  • Project linkages and dependency graphs
  • Citation confidence scores
  • User-initiated chat queries and reports
What we never track

Individual productivity

Verachi has no concept of "employee performance." We don't measure who types more, who ships faster, or who asks the most questions.

  • Keystrokes, mouse movements, or screen time
  • Individual commit frequency or lines of code
  • Message volume or response times
  • Personal browsing or application usage
  • Manager dashboards comparing team members
Architecture

Data boundaries

Every workspace is cryptographically isolated. We use Postgres Row-Level Security (RLS) to enforce strict multi-tenant isolation at the database level.

  • Row-Level Security enforced on every query
  • Workspace data never co-mingles, even in caches
  • API keys scoped to individual workspaces
  • Encryption at rest (AES-256) and in transit (TLS 1.3)
External write-backs

Conservative and reviewable

Verachi reads from your tools far more than it writes. When we do write back — for example, adding a decision tag to a Jira ticket — the action is always:

  • Explicit: You initiate the write-back, or a workspace admin configures the rule
  • Reviewable: Every external write is logged in a user-visible audit trail
  • Reversible: Write-backs are designed to be non-destructive and can be undone
  • Scoped: OAuth tokens request only the minimum permissions needed
Audit Trail

Always user-visible

Every action Verachi takes on your behalf — every read, every write, every AI-generated summary — is logged in an audit trail that workspace members can access at any time. There are no hidden actions.

1. Information We Collect

Account information: Name, email address, workspace name, and role when you create an account or are invited to a workspace.

Demo request information: Name, work email, company, role, region, and the context you share when you request a demo or pilot.

Integration data: When you connect Slack, Jira, GitHub, or other tools, we access messages, tickets, and pull requests that your workspace admin has authorized. We store cited excerpts and metadata — not full message archives.

Usage data: Pages visited within Verachi, search queries, feature usage patterns, and error logs. This helps us improve the product and diagnose issues.

Payment information: Processed by our payment provider (Stripe). We do not store credit card numbers on our servers.

2. How We Use Your Information

  • To provide and maintain the Verachi service
  • To generate cited decision records and summaries
  • To improve product quality and fix bugs
  • To communicate service updates and security notices
  • To comply with legal obligations

We do not use your data to train machine learning models. Your workspace data is yours.

3. Data Sharing and Disclosure

We do not sell your data. We share data only in these limited circumstances:

  • Service providers: Infrastructure (cloud hosting, CDN), payment processing, and analytics, all bound by data processing agreements
  • Legal requirements: When required by law, subpoena, or governmental request
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with advance notice to customers

4. Data Retention

We retain your data for as long as your account is active or as needed to provide services. When you delete a workspace, we remove all associated data within 30 days. Backups are purged within 90 days.

5. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access and export your data
  • Correct inaccurate information
  • Request deletion of your data
  • Object to or restrict certain processing
  • Data portability

Contact privacy@verachi.io to exercise these rights.

6. Cookies and Tracking

We use essential cookies for authentication and session management. We use a single analytics service (Google Analytics) with IP anonymization enabled. We do not use advertising cookies or cross-site tracking.

7. International Data Transfers

Verachi infrastructure is hosted in the United States and the European Union. We use Standard Contractual Clauses (SCCs) for transfers outside the EU/EEA where applicable.

8. Security

We implement industry-standard security measures including encryption at rest and in transit, regular penetration testing, and SOC 2 Type II compliance (in progress). See our Trust page for technical details.

9. Changes to This Policy

We'll notify you of material changes via email and a banner in the application at least 30 days before they take effect.

10. Contact

For privacy inquiries, contact us at privacy@verachi.io.

Verachi, Inc.
Tokyo, Japan