Privacy

Who we are

VerifyLocal.ai is an early-stage, two-sided pilot platform serving Milford and New Haven, Connecticut. This policy describes how we handle personal data during the pilot. The pilot is small and hands-on, which means policies here are practical rather than institutional — we will replace this page with a counsel-reviewed document before any wider launch.

What we collect

Only what is needed to run the product:

• Account — email and password (or passkey), handled by our auth provider Clerk. Optional multi-factor secrets if you enable 2FA.
• Profile — for creators: display name, location, optional phone, optional avatar, social profile URLs, and self-reported follower counts. For businesses: business name, address, category, owner-entered description, hours, public contact details, and a phone number we verify by SMS or voice.
• Verifications — the video URL or uploaded video and the written claim you submit about a business. Uploaded videos live in private storage; only you and the business owner you submitted to can play them back.
• Foot-traffic counter events (businesses only) — if you opt in by installing one of our pilot counters, we store anonymous door transit events keyed to your business. These are visible only to you, never to creators or other businesses.
• Creator OAuth (optional) — if you connect a social platform via our partner Phyllo to substantiate your audience, we store the resulting profile metrics and audience demographics. You can disconnect at any time.
• Assistant chat — messages you send to the in-app assistant are forwarded to Google Gemini for an answer. We do not persist chat history in our database.

Who can see what

• You always see your own data. Database row-level security ensures cross-tenant isolation by default.
• Counterparties see what they need. When you submit a verification, the linked business owner can read the row and play the video. When a business accepts a creator proposal, that creator sees the campaign.
• Public directory. Business listings on /explore are intentionally public. Creator directory cards expose only display name, city, and audience reach you opted to share — never private contact details.
• Foot-traffic data is never shown to creators. This is enforced at the database layer.
• Operators (us) can read account data when necessary to support the pilot. Privileged actions are written to an audit log.

Sub-processors

We rely on the following services to run the pilot. Each is contractually a data processor for VerifyLocal.ai:

• Vercel — application hosting and edge infrastructure.
• Supabase — Postgres database and private file storage.
• Clerk — authentication, sessions, MFA, passkeys.
• Google — Places API for business search; Gemini API for the in-app assistant; optional YouTube Data API for view counts.
• Twilio — phone verification (SMS and voice).
• Phyllo — opt-in only. Used when a creator connects a social platform to substantiate audience claims.

Retention

We keep account and product data for the duration of the pilot. You can request deletion of your account and associated data at any time by emailing privacy@verifylocal.ai; we aim to honor requests within 30 days. Some records — for example audit log entries needed for security — are kept longer to satisfy our security obligations.

Your rights

You can ask us what we hold about you, ask us to correct it, or ask us to delete it. If you are in the EU, UK, or California, you have additional rights under GDPR / UK GDPR / CCPA — these are the same rights, branded differently, and we honor all of them on request. Contact privacy@verifylocal.ai.

Children's data

The pilot is not intended for users under 18. We do not knowingly collect data from children; if we learn we have, we delete it.

What we do not do

• We do not sell your personal data.
• We do not share your data with advertising networks or use it to build cross-site profiles.
• We do not run third-party analytics on the application surface during the pilot. (We may use error monitoring; that data is metadata, not message bodies.)

Updates

We may update this policy as the pilot evolves. Material changes will be flagged on the site for at least 14 days before they take effect. The "Last updated" date above always reflects the current version.