Skip to main content

Privacy Policy

Last updated: December 13, 2025

Overview

This Privacy Policy explains how Lore Studio LLC d/b/a Verant ("Lore Studio," "Verant," "we," "us," or "our") collects, uses, and shares information when you visit our website or use our AI‑powered proofreading and verification services (the "Services"). This policy applies to "personal information" as defined under applicable laws (e.g., CCPA/CPRA, GDPR/UK GDPR, and the Texas Data Privacy and Security Act (TDPSA)). If you do not agree with this policy, please do not use the Services.

Contact: support@verant.ai
Mailing address: 5900 Balcones Drive #11919, Austin, TX 78731, USA.
See also our Terms of Service.

Information We Collect

  • Account Information: Email address and basic profile data when you create an account (via Supabase).
  • Payment Information: Subscriptions are processed by Stripe. We receive records such as your Stripe customer ID and subscription status, but we do not store full payment card numbers.
  • Content You Submit: URLs you scan and extracted website text blocks and proofreading results necessary to provide the Services. If your content contains personal information (e.g., names, emails), you represent that you have a lawful basis to process it. We process only what is needed to provide the Services and advise against submitting sensitive personal information (e.g., health or financial data) unless you have a lawful basis and appropriate safeguards. By default, we aim to retain scan results no longer than 90 days, after which they may be deleted or anonymized.
  • Logs and Usage Data: IP address, request identifiers, timestamps, and limited diagnostic and performance data (e.g., browser type, coarse device information) for security, fraud prevention, and reliability. We also use Vercel Analytics and Speed Insights (privacy‑aware analytics and performance telemetry) to understand aggregated usage and quality.
  • Cookies and Similar Technologies: Essential cookies (e.g., Supabase session cookies) operate the Service. We currently do not use advertising cookies. If we introduce non‑essential cookies (e.g., analytics such as Sentry or PostHog), we will obtain consent where required (e.g., under GDPR/ePrivacy) and update this policy and cookie disclosures.

How We Use Information

  • Provide, secure, and improve the Services.
  • Authenticate users and manage subscriptions and billing.
  • Process your content to generate proofreading results you request.
  • Monitor performance, debug, and prevent abuse or fraud.
  • Comply with legal obligations and enforce our Terms.
  • We practice data minimization and collect/process only what is necessary for the purposes above.
  • We do not use your data for automated decision‑making that produces legal or similarly significant effects (e.g., ADMT under CCPA/CPRA).

Use of AI and Browser Rendering

We render pages via Cloudflare Browser Rendering and route proofreading to third‑party AI providers through an AI gateway (which may include xAI, Anthropic, and OpenAI). We do not use your content to train our or third‑party foundation models, and we request provider settings that disable data retention and training where available. Providers maintain their own privacy policies; see xAI, Anthropic, and OpenAI. Where applicable, we comply with transparency obligations for general‑purpose AI (e.g., EU AI Act GPAI), including disclosing providers and intended use.

Legal Bases (EEA/UK)

  • Contract: to provide the Services you request.
  • Legitimate interests: to secure, operate, and improve the Services.
  • Consent: where required, for optional analytics or communications.
  • Legal obligation: to meet tax, accounting, and compliance requirements.

How We Share Information

  • Service Providers/Sub‑processors: Supabase (auth/data), Stripe (billing), Vercel (hosting, Analytics, Speed Insights), Cloudflare (browser rendering), and AI providers (xAI, Anthropic, OpenAI) via our gateway. We may add Sentry or PostHog for telemetry in the future and will update this policy if we do.
  • We require sub‑processors to be bound by data protection terms and implement appropriate safeguards (e.g., encryption in transit, access controls).
  • We do not sell or share personal information for cross‑context behavioral advertising.
  • Business transfers: as part of a merger, acquisition, or asset sale (we will provide notice of material changes where required by law).
  • Legal compliance and safety: to comply with law or protect rights and safety.
  • Aggregated or de‑identified data that cannot reasonably identify you may be used or shared.

International Transfers

We are based in the United States and may process information in the U.S. and other countries. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses, and where applicable, the EU‑U.S. Data Privacy Framework or UK‑U.S. extension for participating providers) and conduct transfer assessments as appropriate.

Retention

  • Account data: retained while your account is active and as needed for our records.
  • Scan results: target retention ≤ 90 days, then deletion or anonymization.
  • Server and request logs: target retention ≤ 30 days.
  • Billing records: retained as required by tax and accounting law.
  • We review retention periods at least annually to align with data minimization principles.

Security

We employ technical and organizational measures appropriate to the risk, including transport encryption, access controls, and least‑privilege principles. We conduct periodic security reviews and use pseudonymization where feasible. No method of transmission or storage is 100% secure.

Your Rights

Depending on your location, you may have rights to access, correct, delete, or receive a copy of your data, and to object to or restrict certain processing. You can exercise rights by contacting support@verant.ai. We may request information to verify your identity and will respond within 45 days (or as required by law), with a possible 45‑day extension where permitted.

GDPR/UK GDPR: You have rights of access, rectification, erasure, portability, restriction, and objection, and the right to lodge a complaint with your data protection authority.

CCPA/CPRA (California): We do not sell or share personal information for cross‑context behavioral advertising. You may request to know, delete, or correct personal information, and to limit the use and disclosure of sensitive personal information. Authorized agents may act on your behalf. We honor applicable opt‑out mechanisms (e.g., Global Privacy Control) where relevant.

TDPSA (Texas): Texas residents may have rights to access, correct, delete, and opt out of sales, targeted advertising, or profiling for decisions that produce legal or similarly significant effects, and the right to be free from discrimination for exercising rights.

Do Not Sell/Share My Personal Information; Targeted Advertising

We do not sell or share personal information for cross‑context behavioral advertising or engage in targeted advertising. If this changes, we will update this Policy and provide a "Do Not Sell/Share My Personal Information" mechanism and honor Global Privacy Control signals where applicable.

Third‑Party Links

Our Services may link to third‑party websites or services. Their privacy practices differ from ours; please review their policies.

Children's Privacy

The Services are not directed to children under 13. If we learn a child under 13 provided personal information, we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice (e.g., email, in‑app, or on our website). The "Last updated" date above reflects the effective date. Continued use of the Services after changes become effective constitutes acceptance.

Controller and Contact

Lore Studio LLC d/b/a Verant
5900 Balcones Drive #11919
Austin, TX 78731, USA
support@verant.ai