Veritas EngineVERITASEngine
Home/Privacy Policy

Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both within the scope of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services").

The terms used are not gender-specific.

Status: June 12, 2026

Controller

Udo Gryt
Bürgermeister-Igl-Straße 29
93142 Maxhütte-Haidhof
Germany

Email address: contact@veritas-engine.com

Legal Notice (Impressum): veritas-engine.com/impressum

Overview of Processing Operations

The following overview summarizes the types of data processed, the purposes of their processing, and refers to the data subjects.

Types of Processed Data:

  • Inventory data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.
  • Log data.

Categories of Data Subjects:

  • Service recipients and clients.
  • Interested parties.
  • Communication partners.
  • Users.
  • Business and contractual partners.

Purposes of Processing:

  • Provision of contractual services and fulfillment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Office and organizational procedures.
  • Organizational and administrative procedures.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online services and user experience.
  • Information technology infrastructure.
  • Public relations.
  • Sales promotion.
  • Business processes and economic procedures.

Relevant Legal Bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR upon which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection requirements may apply in your or our country of residence or domicile.

  • Consent (Art. 6 (1) (a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of a contract and prior requests (Art. 6 (1) (b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 (1) (c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 (1) (f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

Securing online connections using TLS/SSL encryption technology (HTTPS): To protect users' data transmitted via our online services from unauthorized access, we use TLS/SSL encryption.

Transmission of Personal Data

In the course of our processing of personal data, it may happen that data is transferred to or disclosed to other entities, companies, legally independent organizational units, or persons (e.g., IT service providers or web hosts). In such cases, we comply with legal requirements and conclude appropriate contracts or agreements that serve to protect your data.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), this is always done in compliance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), recognized by the EU Commission as a safe legal framework. Additionally, we have concluded Standard Contractual Clauses (SCCs) as a reliable fallback option.

General Information on Data Storage and Deletion

We delete personal data in accordance with statutory provisions as soon as the underlying consent is revoked or there are no longer any legal bases for the processing. Exemptions exist if legal obligations (e.g., commercial or tax retention laws of 6 to 10 years in Germany) require longer storage.

Rights of Data Subjects

As a data subject, you have various rights under the GDPR, in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data.
  • Right of withdrawal of consent: You have the right to withdraw given consents at any time.
  • Right of access: You have the right to request confirmation as to whether data in question is being processed and to request access to this data.
  • Right to rectification: You have the right to demand the completion or correction of inaccurate data.
  • Right to erasure and restriction of processing: You have the right to demand that data be deleted immediately or restricted in its processing.
  • Right to data portability: You have the right to receive your data in a structured, common, and machine-readable format.
  • Right to lodge a complaint with a supervisory authority.

Commercial Services

We process data of our contractual and business partners to initiate, perform, and execute contractual relationships (Art. 6 (1) (b) GDPR).

AI Detection Service (AI or Not API): To analyze user-uploaded content (images, audio, video, and text) for AI generation, we transmit the file or text to an external analysis service solely for the purpose of performing the requested analysis. No permanent storage of the transmitted content by the service provider takes place; use for training purposes is contractually excluded. Service provider: Optic, Inc. (AI or Not), USA; Website: https://aiornot.com; Privacy Policy: https://aiornot.com/privacy-policy; Terms of Service: https://aiornot.com/terms-of-service; Safeguard: Standard Contractual Clauses.

Payment Procedures

We offer secure payment options and use payment service providers. The data entered is processed and stored exclusively by the payment providers; we only receive information confirming or declining the payment.

  • Stripe: Payment services (technical integration of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Website: https://stripe.com; Privacy Policy: https://stripe.com/privacy; Safeguard: Data Privacy Framework (DPF).

Provision of Online Services and Web Hosting

To provide our online services securely and efficiently, we use web hosting services. This includes the processing of IP addresses and server log files.

  • Vercel (Hosting & Edge Network): Serverless infrastructure, CDN, and edge functions. Technical access data (IP addresses, user agent, request URLs, timestamps) is processed in the course of hosting. Service provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA; Website: https://vercel.com; Privacy Policy: https://vercel.com/legal/privacy-policy; Data Processing Agreement: https://vercel.com/legal/dpa; Safeguard: Standard Contractual Clauses.
  • Supabase (Authentication & Database): We use Supabase for user management (registration, login) and to store application-related data (scan logs, credit balances). Account data (email address, encrypted password) and usage metadata are processed. Service provider: Supabase, Inc., 970 Toa Payoh North #07-04, Singapore 318992; Website: https://supabase.com; Privacy Policy: https://supabase.com/privacy; Data Processing Agreement: https://supabase.com/legal/dpa; Safeguard: Standard Contractual Clauses.

Use of Cookies

We use temporary and permanent cookies in accordance with legal regulations. If consent is required, we obtain it beforehand (Art. 6 (1) (a) GDPR). Otherwise, cookies are used based on our legitimate interests (Art. 6 (1) (f) GDPR) to ensure the functionality and security of our online services.

Registration, Login, and User Account

Users can create a user account. Mandatory information is processed to provide the account (Art. 6 (1) (b) GDPR). Profiles are not publicly visible. Data is deleted upon account termination, subject to legal retention periods.

Contact and Request Management

When contacting us (e.g., via contact form or email), the user's details are processed to handle the request (Art. 6 (1) (b) GDPR, Art. 6 (1) (f) GDPR).

Email Delivery – Resend: Contact form submissions are delivered via Resend Inc., 2261 Market Street #5252, San Francisco, CA 94114, USA. Your name, email address, and message are transmitted to Resend's servers for delivery. Resend is certified under the EU–US Data Privacy Framework (DPF), ensuring an adequate level of data protection for transfers to the US. A Data Processing Agreement (DPA) under Art. 28 GDPR is automatically in effect upon acceptance of Resend's Terms of Service. Legal basis: legitimate interests (Art. 6 (1) (f) GDPR). Privacy policy: https://resend.com/legal/privacy-policy.

Newsletters and Promotional Communication

We send newsletters and promotional communications only with the recipient's consent (Art. 6 (1) (a) GDPR) or a legal basis. You can unsubscribe at any time (Opt-Out). Unsubscribed email addresses may be stored for up to three years to prove prior consent.

Web Analysis, Monitoring, and Optimization

We use web analytics to evaluate visitor traffic. Only pseudonymous data is processed; IP addresses are masked.

  • Vercel Web Analytics & Speed Insights: Cookieless reach and performance measurement. Visitors are recognized via a pseudonymous hash generated from the incoming server request, which is automatically reset daily. No information is stored on or read from users' devices. § 25 TDDDG is not applicable due to the absence of device access; a cookie banner is not required for this service. Service provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA; Website: https://vercel.com/docs/analytics; Privacy Policy: https://vercel.com/legal/privacy-policy; Safeguard: Standard Contractual Clauses.

Social Media Presences

We maintain online presences on social networks to communicate with users and provide information about our services. Data may be processed outside the EU. For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

  • Instagram / Facebook Pages: Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Privacy Policy: https://privacycenter.instagram.com/policy/; Safeguard: Data Privacy Framework (DPF).
  • LinkedIn: Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Safeguard: Data Privacy Framework (DPF).
  • X: Service provider: X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland; Privacy Policy: https://twitter.com/privacy.
  • YouTube: Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Privacy Policy: https://policies.google.com/privacy; Safeguard: Data Privacy Framework (DPF).

Plugins and Embedded Functions

We integrate functional and content elements from third-party servers. The providers process the user's IP address to deliver the content.

  • Google Fonts: Fonts are loaded to ensure uniform and technically reliable display. IP addresses may be processed on a Google server in the USA. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Privacy Policy: https://policies.google.com/privacy; Safeguard: Data Privacy Framework (DPF).

Changes and Updates

We kindly ask you to regularly inform yourself about the content of our privacy policy. We will adjust it as soon as changes in data processing make this necessary.

Additional Privacy Rights for U.S. Residents (California CCPA/CPRA & COPPA)

If you are a resident of California or other U.S. states with applicable comprehensive privacy laws, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and similar state laws provide you with specific rights regarding your personal information.

1. Your Rights under the CCPA/CPRA

  • Right to Know: You have the right to request information about the categories of personal information we have collected about you, the categories of sources from which the information is collected, the business purpose for collecting or sharing the information, and the categories of third parties with whom we share that information.
  • Right to Deletion & Correction: You have the right to request that we delete or correct any inaccurate personal information we have collected from you, subject to certain exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not be denied goods or services, nor will you be charged different prices.

2. "Do Not Sell or Share My Personal Information"

We do not sell your personal information for monetary compensation. We do not use cookies or tracking technologies for targeted advertising. We use only cookieless analytics (Vercel Analytics) and functional session cookies required for login. You may contact us directly to exercise any opt-out rights.

3. How to Exercise Your Rights

To exercise your rights to know, delete, or correct, please submit a verifiable consumer request to us by sending an email to: contact@veritas-engine.com. We will verify your request by matching the identifying information you provide with the personal information we already maintain.

4. Children's Privacy (COPPA)

Our online services are not directed to children under the age of 13. In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect or solicit personal information from anyone under the age of 13. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at the email address provided above.

(Note on Definitions: Standard GDPR terminology such as "Personal Data," "Controller," "Processing," and "Usage Data" apply as defined in Art. 4 GDPR).

Created with the free privacy policy generator at Datenschutz-Generator.de by Dr. Thomas Schwenke.