VeracityAPI runs only when you or your app explicitly submit content.
VeracityAPI is built for content trust workflows where users may submit sensitive drafts, source text, or public image URLs. The default request mode avoids storing raw text; image analysis never stores raw bytes, base64 payloads, or full URLs.
Last updated: May 25, 2026. Privacy contact: hello@veracityapi.com. Security disclosures: security@veracityapi.com.
Chrome extension data
The Veracity Chrome extension only checks content when a user explicitly chooses Veracity from the right-click menu. Text checks send selected text, up to 4,000 characters. Image checks send the selected public HTTPS image URL. The extension may include basic page/source domain context when available.
Extension non-collection
The extension does not automatically scan pages, collect browsing history, run content scripts, capture screenshots, upload local image bytes, or bypass private/login-gated images. Private, embedded, blob:, data:, local-file, or non-HTTPS images may fail by design.
Extension storage
The extension stores an extension-scoped account API key in Chrome local extension storage. It also stores temporary local job/result metadata so the result popup can display the active check; these local jobs/results are cleaned up after 24 hours.
API data we process
Requests may include text, HTTPS media URLs, optional transcript/context, account email, API-key metadata, billing records, user agent, hashed IP, latency, model version, and response JSON. Do not submit secrets or regulated personal data unless your policy permits it.
Default API retention
store_content=false is the default. Raw submitted text is stored as null; Veracity logs metadata, hashes, context, response JSON, latency, and model version for debugging, billing, abuse prevention, and product quality. Response JSON can include evidence snippets, recommended fixes, and policy matches, so do not submit sensitive content unless your policy permits that derived-output retention.
Image handling
Image requests fetch the submitted URL transiently for model analysis. Veracity does not persist raw image bytes, base64 payloads, or full URLs. Logs keep a URL hash and hostname so issues can be debugged without storing the full URL.
Subprocessors
Current subprocessors include Cloudflare for hosting, D1, Workers, logs, and edge delivery; Anthropic for text scoring/revision and image vision scoring; Stripe for billing; Resend for login email; GitHub/npm/PyPI for source and package distribution; and Google Analytics / Google Ads tags for website analytics and conversion measurement where enabled.
Your controls
You can revoke API keys, delete your account, request deletion/export, and ask privacy questions by emailing hello@veracityapi.com. Public demos force privacy-safe defaults and rate limits.
Limitations
Veracity is a focused v0.1 service, not a regulated-data platform, DPA-backed enterprise contract, forensic lab, or legal/compliance decision system. Scores are probabilistic workflow-risk signals and should be paired with local policy and human escalation for high-stakes uses.