hello@verbao.com

Privacy Notice

Your writing stays yours. Verbao is built on a simple promise: what you submit for proofreading isn't stored anywhere on our servers, and everything in your browser is wiped when you close the tab. The rest of this page sets out how Verbao handles the small amount of personal data we do process.

Last updated: 5 July 2026

We don't store your submissions

The text and documents you paste or upload are sent to our AI proofreader for that single request and are not saved to any database, log file, or backup on our side.

Everything clears when the tab closes

Your text, uploaded document, and proofreading report live only in your browser's memory. Close the tab and it's gone - nothing is written to disk beyond the session.

No training, no snooping

Your content is never used to train models and is never reviewed by a human on our team. It's processed by the AI, returned to you, and discarded.

What we do keep - and why

For signed-in accounts we store your email and a running total of how many words you've proofread (to enforce your free-tier limit). We never store the content of those words. Signed-out users have no account at all.

The technical detail

  • Uploaded documents (.txt, .md, .docx) are parsed entirely inside your browser. The raw file never leaves your device - only the extracted plain text is sent to the AI for proofreading.
  • Proofreading requests are transmitted over HTTPS to our AI provider, processed, and the response is returned. Neither we nor the provider retain the content for training.
  • Anonymous free-tier usage is tracked via sessionStorage, which browsers automatically clear when the tab closes.
  • Signed-in accounts store only your email address and a numeric word-count total. You can delete your account at any time to remove both.

1. Who is the data controller

The data controller for personal data processed through the Verbao service is Verbao ("Verbao", "we", "us"), a company registered in England and Wales, trading from FORA, Thames Tower, Reading RG1 1LX, United Kingdom. You can reach us at hello@verbao.com for any privacy question or to exercise your rights.

2. What personal data we process

  • Account data: your email address, hashed password (or OAuth identifier if you sign in with Google/Apple), and account creation date.
  • Usage data: a numeric running total of how many words you have proofread, used to enforce plan limits. We never store the text itself.
  • Support correspondence: the content of any email you send to hello@verbao.com and our replies.
  • Technical data: IP address, browser type, and basic request metadata captured transiently in server logs for security and abuse prevention.
  • Billing data: handled by Paddle as Merchant of Record - see section 4. Verbao only receives a subscription status, plan, and Paddle customer ID.

We do not store the text, documents, or images you submit for proofreading. They are processed in memory to generate a response and are then discarded.

3. Purposes and legal bases

  • Providing the Service (creating your account, running proofreading requests, enforcing plan limits) - performance of our contract with you.
  • Billing and subscription management - performance of contract, and compliance with tax and accounting legal obligations.
  • Security, abuse prevention, and service integrity (rate limiting, log review, fraud detection) - our legitimate interest in keeping the Service safe.
  • Product improvement (aggregate, non-identifying usage counts) - our legitimate interest in improving Verbao.
  • Customer support - performance of contract and our legitimate interest in helping you.
  • Marketing emails - only sent with your consent, which you can withdraw at any time by clicking unsubscribe.

4. Who we share data with

We share personal data only with the following categories of recipient:

  • Paddle.com Market Ltd - our online reseller and Merchant of Record for all Verbao purchases. Paddle collects and processes billing information (name, address, payment method, tax data) to complete your order, handle invoicing, tax compliance, refunds, and chargebacks. See the Paddle Privacy Notice.
  • Hosting and infrastructure providers that run our application, database, and edge servers under written data-processing agreements.
  • AI model provider(s) that process proofreading requests in real time. Requests are transmitted for that single call and neither the provider nor Verbao retains the submitted content for training.
  • Authentication providers (Google, Apple) if you choose to sign in with them - they see the fact of your sign-in but not the content you submit.
  • Professional advisers (legal, accounting) where reasonably necessary, and public authorities where we are required by law.

We do not sell your personal data. Where personal data is transferred outside the UK/EEA, we rely on adequacy decisions or Standard Contractual Clauses to protect it.

5. How long we keep data

  • Submitted text and documents: not stored - discarded after the proofreading response is returned.
  • Account data and usage counters: kept while your account is active, and deleted within 30 days of account closure (or sooner on request).
  • Support emails: retained for up to 24 months for reference and dispute handling.
  • Server access logs: retained for up to 30 days for security and troubleshooting.
  • Billing records held by Paddle and by us for tax purposes: retained for up to 7 years to meet accounting and tax law requirements.

6. Your rights

Subject to applicable law (including the UK GDPR and EU GDPR where relevant), you have the right to:

  • access the personal data we hold about you;
  • have inaccurate personal data corrected;
  • have your personal data erased (the "right to be forgotten");
  • restrict or object to certain processing, including processing based on legitimate interests and direct marketing;
  • receive a copy of your personal data in a portable format;
  • withdraw any consent you have given, at any time;
  • lodge a complaint with a data protection supervisory authority - in the UK, the Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email hello@verbao.com. We aim to respond within one month.

7. Security

We use appropriate technical and organisational measures to protect personal data, including HTTPS in transit, encryption at rest for stored account data, access controls, and least-privilege service credentials. No system is perfectly secure, but we take security seriously and review our practices regularly.

8. Cookies

Verbao uses only strictly necessary storage - a session cookie / token to keep you signed in, and browser sessionStorage to track anonymous free-tier usage that clears when the tab closes. We do not set advertising or cross-site tracking cookies.

9. Children

Verbao is intended for general use, including a "For Kids" mode designed to be used with a parent or guardian. We do not knowingly create accounts for children under the age required by law in their country without appropriate parental involvement.

10. Changes to this notice

We may update this Privacy Notice from time to time. Material changes will be notified through the Service or by email.

Want proof? See the actual server code that handles your text, read our Terms of Use, or check the FAQ.