Privacy Policy

1. Introduction

VerbaLift ("we," "our," or "us") provides a content decay scan and refresh platform for publishers. This Privacy Policy describes how we collect, use, share, and protect information when you visit our marketing site, request a free scan, or use the VerbaLift product.

2. Information We Collect

2.1 Personal Information

• Account information: name, email address, workspace details, billing contacts, tax identifiers, and payment preferences.
• Authentication data: passwords, OAuth tokens, security logs, and multi-factor authentication status.

2.2 Usage Information

• Platform activity: domains you scan, prompts you submit, automation workflows, AI drafts, approvals, and publishing events.
• Technical data: IP address, device identifiers, browser type, operating system, referral pages, and timestamps.

2.3 Content & Scan Data

• URLs, WordPress posts, images, internal metrics, and any other materials you upload or connect through third-party integrations.
• AI-generated suggestions, summaries, and structured reports produced from your prompts and scan results.

2.4 Communication Data

• Support conversations, help desk tickets, survey responses, and product feedback.
• Email engagement data and marketing preferences.

3. How We Use Your Information

• Provide, operate, and improve the VerbaLift platform.
• Generate AI-powered content decay insights and reports.
• Deliver customer support and account communications.
• Develop new functionality, monitor reliability, and enhance security.
• Comply with legal obligations and enforce our Terms.

4. Information Sharing & Disclosure

4.1 Third-Party Service Providers

• Payments: Paddle acts as our merchant of record and processes billing information, including payment method details, invoices, and tax calculations.
• Hosting & storage: Vercel and Supabase host our infrastructure and databases.
• Analytics: privacy-focused analytics providers help us understand feature adoption and performance.
• AI services: OpenAI processes prompts to generate AI suggestions.

4.2 Business Transfers

If we undergo a merger, acquisition, or asset sale, your information may transfer as part of that transaction.

4.3 Legal Requirements

We may disclose data to comply with applicable laws, legal process, or lawful government requests, or to protect the rights and safety of VerbaLift, our users, or the public.

4.4 Consent-Based Sharing

We share information outside of these purposes only with your explicit consent.

5. Data Storage & Security

Data is stored in secure cloud infrastructure located in the United States and European Union. We use encryption in transit and at rest, access controls, logging, regular audits, and incident-response procedures to protect your information.

We retain account data while your subscription or workspace remains active. Backup copies may persist for up to 90 days. Legal or contractual requirements may extend retention beyond that period.

6. Your Rights & Choices

• Access, export, or correct your personal information via account settings or by contacting us.
• Request deletion of your account and associated content.
• Opt out of marketing emails and adjust notification settings.
• Object to certain processing, withdraw consent, or request processing restrictions where applicable.

7. Cookies & Tracking Technologies

We use essential cookies for authentication and security, analytics cookies to understand product performance, and preference cookies to remember settings. You can manage cookies through your browser or use our on-site controls for non-essential cookies.

8. Children's Privacy

VerbaLift is not intended for individuals under 18. We do not knowingly collect personal information from minors. If we learn a minor has provided data, we delete it promptly.

9. International Data Transfers

VerbaLift operates globally. When information is transferred across borders, we use appropriate safeguards such as Standard Contractual Clauses and data-processing agreements.

10. Regional Privacy Rights

If you reside in the European Economic Area, United Kingdom, California, or another jurisdiction with specific privacy rights, you may have additional rights such as data portability, the right to opt out of certain processing, and the right to lodge complaints with a supervisory authority.

11. Third-Party Integrations

When you connect services like WordPress, Google Search Console, or analytics tools, we access only the data necessary to provide the requested functionality. Their privacy policies govern their use of your data, and you can disconnect integrations at any time.

11.1 Google Search Console Integration

When you connect your Google Search Console account, VerbaLift accesses the following data:

• Search performance data: clicks, impressions, click-through rates, and average position for your website's URLs
• URL-level metrics: performance data for individual pages to identify content decay patterns
• Query data: search queries that drive traffic to your pages (used to suggest content improvements)
• Site verification status: to confirm you own or manage the connected property

How we use this data: Google Search Console data is used exclusively to:

• Identify pages experiencing traffic decline (content decay detection)
• Prioritize content refresh recommendations based on traffic impact
• Track performance changes before and after content updates
• Generate ROI reports showing traffic recovery

Disconnecting Google Search Console: You can revoke VerbaLift's access to your Google Search Console data at any time by:

• Visiting your VerbaLift account settings and disconnecting the integration
• Removing VerbaLift from your Google Account permissions at myaccount.google.com/permissions

11.2 Google API Services Limited Use Disclosure

VerbaLift's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, VerbaLift:

• Limits use of Google data to providing and improving user-facing features visible in the VerbaLift application (content decay analysis, refresh recommendations, and ROI reporting)
• Does not transfer Google data to third parties except as necessary to provide our service, with user consent, for security purposes, or to comply with applicable laws
• Does not use Google data for serving ads, including retargeting, personalized, or interest-based advertising
• Does not allow humans to read Google data unless you provide affirmative consent for specific support requests, it is necessary for security purposes, or required by law

12. Data Breach Notification

We investigate security incidents immediately. When required by law, we notify affected users and regulators, and we provide guidance on protective steps.

13. Policy Updates

We may update this policy to reflect product, legal, or operational changes. We will notify you of material updates via email or in-app notices. Continued use of VerbaLift after an update constitutes acceptance.

14. Contact Information

15. Specific Use Cases

• AI content generation: prompts and generated outputs may be used to improve safety systems, but we do not review content manually unless needed for support or abuse investigation.
• Email marketing: subscriber data is used to send campaigns, track engagement, and comply with anti-spam laws.
• Automation workflows: we log execution metadata to help you audit automation results and troubleshoot errors.