Legal

Privacy Policy

Last updated: March 7, 2026

Introduction

Verace AGI ("Verace," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use our website (verace.in), API services, metacognitive adapter products, and related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Services.

Contact

For questions, concerns, or requests regarding your personal data, contact our Grievance Officer:

Krrish Choudhary
Founder & Grievance Officer
Verace AGI, Jaipur, Rajasthan, India

Email: krrishchoudhary109@gmail.com

Data Fiduciary

Under India's Digital Personal Data Protection Act, 2023 (DPDPA), Verace AGI acts as the Data Fiduciary for personal data collected through our website, contact forms, and direct interactions. When enterprise customers use our API or adapter products to process their end-users' data, Verace AGI acts as a Data Processor on behalf of the customer, processing data strictly according to their instructions and applicable data processing agreements.

Data We Collect

We collect the following categories of personal data depending on how you interact with our Services:

Identity Data

Name, email address, company name, job title

Technical Data

IP address, browser type, device information, operating system

Usage Data

API call metadata, feature usage patterns, error logs

Communication Data

Messages sent via contact forms, email correspondence

API Usage Data

Purpose

To provide, maintain, and improve our metacognitive adapter API, including monitoring service health, enforcing rate limits, generating usage analytics, and billing.

Categories of Data

  • API authentication tokens and keys
  • Request metadata (timestamps, endpoints, response codes)
  • Token counts and usage volume
  • Error logs and performance metrics

Legal Basis

Contractual necessity — processing is required to deliver the API service you have subscribed to, constituting a "certain legitimate use" under the DPDPA.

Retention

API usage logs are retained for 90 days for operational purposes. Aggregated, anonymized analytics are retained indefinitely.

Website & Analytics

Purpose

To understand how visitors interact with verace.in, optimize page performance, and improve user experience.

Categories of Data

  • Pages visited, time spent, scroll depth
  • Referral source and UTM parameters
  • Device type, screen resolution, browser
  • Approximate geographic location (city-level, derived from IP)

Legal Basis

Certain legitimate uses under the DPDPA — understanding website usage to improve our Services. Where required by law, we obtain consent before placing non-essential cookies.

Retention

Analytics data is retained in anonymized form for up to 24 months. Raw visitor logs are deleted after 30 days.

Contact & Communications

Purpose

To respond to inquiries submitted through our website, email, or other channels; to maintain business relationships; and to send relevant product updates to those who have opted in.

Categories of Data

  • Name, email address, company
  • Message content and attachments
  • Communication history and preferences

Legal Basis

Consent for marketing communications; certain legitimate uses under the DPDPA for responding to direct inquiries and maintaining business relationships.

Retention

Contact data is retained for the duration of the business relationship plus 12 months. Marketing preferences are deleted immediately upon opt-out.

Model Interaction Data

Purpose

When you use our API, your input prompts pass through the enhanced LLM with our metacognitive adapter layer. This is necessary to generate confidence scores and uncertainty signals.

What We Do NOT Store

  • We do not store your input prompts or model outputs after processing is complete
  • We do not use your data to train or fine-tune any models unless you explicitly opt in
  • We do not log the content of API requests or responses

Input data is processed in memory and discarded immediately upon response delivery. Only metadata (token counts, latency, confidence score distributions) is retained for service monitoring.

AI Processing

Our core product is a metacognitive adapter layer that wraps existing LLMs. Here is how AI processing works:

  • Inference only: The adapter monitors internal model states during generation to produce per-token confidence scores. No training occurs during inference.
  • No content logging: Prompts and completions are not logged, stored, or transmitted to third parties.
  • Opt-in model improvement: If you choose to participate in our model improvement program, anonymized confidence calibration data (not content) may be used to improve adapter accuracy. This is strictly opt-in and can be revoked at any time.
  • Sandboxed execution: All processing occurs in isolated compute environments. Your data is never co-mingled with other customers' data.

Data Sharing & Disclosure

We do not sell your personal data. We may share data with the following categories of recipients:

  • Infrastructure providers: Cloud hosting (for compute and storage) under strict data processing agreements
  • Analytics providers: Privacy-respecting analytics tools that process anonymized or aggregated data
  • Legal obligations: When required by law, regulation, or valid legal process
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with equivalent privacy protections

All third-party processors are contractually bound to process your data only as instructed and to maintain appropriate security measures.

International Transfers

Verace AGI is headquartered in Jaipur, Rajasthan, India. Your data is primarily processed within India. Where cloud infrastructure requires processing in other jurisdictions (e.g., the United States), we ensure appropriate safeguards are in place in compliance with India's DPDPA:

  • Cross-border transfers comply with Section 16 of the DPDPA and are limited to jurisdictions not restricted by the Central Government
  • Data processing agreements with all sub-processors
  • Technical measures including encryption in transit and at rest

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy:

Data CategoryRetention Period
API usage logs90 days
Raw visitor analytics30 days
Anonymized analytics24 months
Contact/inquiry dataDuration of relationship + 12 months
Model interaction contentNot retained (processed in memory only)
Billing and invoicingAs required by tax law (typically 7 years)

Data Security

We implement industry-standard technical and organizational measures to protect your data:

  • Encryption: TLS 1.3 for data in transit; AES-256 for data at rest
  • Access controls: Role-based access with multi-factor authentication for all internal systems
  • Isolation: Customer inference environments are sandboxed and isolated
  • Monitoring: Continuous security monitoring and anomaly detection
  • Incident response: Documented procedures for breach detection, containment, and notification within 72 hours as required by applicable law

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access

Request a copy of the personal data we hold about you

Correction

Request correction of inaccurate or incomplete data

Erasure

Request deletion of your personal data ("right to be forgotten")

Restriction

Request restriction of processing in certain cases

Portability

Receive your data in a structured, machine-readable format

Objection

Object to processing based on legitimate interest or direct marketing

To exercise any of these rights, contact us at krrishchoudhary109@gmail.com. We will respond within 30 days of receiving your verified request. Under the DPDPA, you also have the right to lodge a complaint with the Data Protection Board of India.

Cookies

Our website uses minimal cookies strictly necessary for functionality:

  • Essential cookies: Required for basic site functionality (session management, security)
  • Analytics cookies: Privacy-respecting analytics to understand aggregate usage patterns. These can be declined without impact on functionality.

We do not use advertising cookies, tracking pixels, or fingerprinting technologies. We do not participate in cross-site tracking or ad networks.

Children's Privacy

Our Services are not directed to individuals under the age of 18. Under India's DPDPA, processing of children's personal data requires verifiable parental consent. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via our website or email to registered users. We encourage you to review this page periodically.

The "Last updated" date at the top of this policy indicates when it was most recently revised.