Privacy Policy
Last updated: 19 June 2026
This Privacy Policy explains how Verbatik Technologies Limited (“Verbatik AI”, “we”, “us”, or “our”) collects, uses, shares, and protects personal data when you visit verbatik.com, use our application at app.verbatik.com, our desktop and mobile apps, our API, and related services (together, the “Services”).
We act as a data controller for personal data about our visitors and account holders, and as a data processor for the content you submit to generate audio, voices, images, video, and other media. If you have any questions, contact us at support@verbatik.com.
1. Data we collect
Information you provide
- Account & identity: name, email address, password (stored only as a salted hash), and profile image.
- Authentication: when you sign in with Google, Microsoft Entra ID, or Apple, we receive basic profile data and OAuth tokens from those providers.
- Onboarding profile: optional details such as company name, company size, industry, how you discovered us, your primary use case, goals, and monthly content volume.
- Billing: handled by Stripe. We store your Stripe customer and subscription identifiers, plan, and status; we do not store full card numbers.
- Content you submit: text to synthesise, prompts, chat messages, uploaded images and audio, and—if you use voice cloning—voice samples.
- Communications: messages you send us through contact forms or support email.
Information collected automatically
- Device & network data: IP address, user agent, approximate location (city/region/country derived from IP), and device identifiers used for security and fraud prevention.
- Usage & analytics: pages viewed, features used, and events—collected via the tools listed in our Cookie Policy, and only where you have consented to analytics or advertising cookies.
- Cookies & similar technologies: see the Cookie Policy for the full inventory and how to manage your choices.
Biometric data (voice cloning)
If you use voice cloning, we process the voice samples you upload to create a voice model. Depending on your jurisdiction, a voice print may be treated as biometric data (for example under the EU GDPR Article 9 or the Illinois Biometric Information Privacy Act). We process this data only on your explicit instruction and with your consent, use it solely to provide the cloning feature, and delete the underlying samples and model when you delete the custom voice or close your account. Do not clone a voice you do not own or have written permission to use.
2. How we use your data
- Provide, operate, secure, and maintain the Services.
- Generate the media you request and deliver it to you.
- Process payments, manage subscriptions, and prevent fraud.
- Authenticate you and keep your account secure.
- Provide customer support and respond to your enquiries.
- Send service and transactional messages, and—where permitted— lifecycle and marketing emails you can opt out of at any time.
- Measure and improve our Services and marketing, subject to your cookie choices.
- Comply with legal obligations and enforce our terms.
3. Legal bases (EEA/UK)
Where the GDPR or UK GDPR applies, we rely on:
- Contract: to provide the Services you sign up for.
- Consent: for analytics and advertising cookies, marketing emails, and biometric (voice) processing. You may withdraw consent at any time.
- Legitimate interests: to secure our Services, prevent fraud and abuse, and improve our products—balanced against your rights.
- Legal obligation: to meet tax, accounting, and other legal requirements.
4. Sharing & service providers
We do not sell your personal data in the everyday sense. We share data with vendors who process it on our behalf under contract, including:
| Provider | Purpose |
|---|---|
| Stripe | Payments & subscriptions |
| Amazon Web Services (S3) | Storage of generated media and uploads |
| PostgreSQL host & Upstash Redis | Database and rate-limiting/cache |
| Resend, Loops, Bouncer | Transactional & lifecycle email and deliverability |
| DataFast | Cookieless, privacy-first traffic analytics (essential, no consent required) |
| Google (Analytics & Ads), Meta (Pixel & Conversions API), Affonso, PostHog | Analytics & advertising (only with your consent) |
| Sentry | Error monitoring |
We may also disclose data to comply with the law, enforce our agreements, protect rights and safety, or as part of a corporate transaction such as a merger or acquisition.
5. Advertising & analytics
Non-essential analytics and advertising technologies load only after you consent. We implement Google Consent Mode v2, and where you decline, advertising and analytics tags are held in a denied state. For server-side advertising measurement (such as the Meta Conversions API) we transmit data only when you have allowed advertising cookies. US residents can opt out as described in Section 9.
6. International transfers
We are based in the United Kingdom and use providers located in the UK, EEA, United States, and elsewhere. Where we transfer personal data across borders, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum.
7. Data retention
We keep personal data for as long as your account is active and as needed to provide the Services, then for the period required to meet legal, tax, and accounting obligations. Generated content and voice models are retained until you delete them or close your account. Backups are purged on a rolling schedule.
8. Your rights (EEA/UK)
You may have the right to:
- Access a copy of your personal data.
- Correct inaccurate data.
- Delete your data (“right to be forgotten”).
- Restrict or object to certain processing.
- Port your data to another provider.
- Withdraw consent at any time.
- Lodge a complaint with a supervisory authority (in the UK, the ICO).
To exercise these rights, email support@verbatik.com. We respond within the timeframes required by applicable law.
9. US state privacy rights
If you are a resident of California or another US state with a privacy law, you may have the right to know, access, delete, and correct your personal information, and to opt out of the “sale” or “sharing” of personal information for cross-context behavioural advertising. Our use of advertising pixels may qualify as a sale or share. To opt out, use the Cookie Settings link in our footer, decline advertising cookies, or enable a Global Privacy Control (GPC) signal in your browser, which we honour automatically. We do not discriminate against you for exercising your rights.
10. Children
The Services are not directed to children under 18, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.
11. Security
We use technical and organisational measures—including encryption in transit, access controls, and monitoring—to protect personal data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will post the new version here and update the “Last updated” date, and for material changes we will provide additional notice where required.
13. Contact us
Verbatik Technologies Limited
71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Email: support@verbatik.com