Privacy Policy

This Privacy Policy describes how VeriFact (“VeriFact,” “we,” “us,” or “our”) collects, uses, and shares information when you use the VeriFact application for Zoom and related services (the “Service”). It applies to hosts who activate VeriFact in a meeting, organization members who upload reference documents, and meeting participants whose speech is transcribed while VeriFact is active.

By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

a. Information you provide

• Account information: your Zoom user ID, display name, and email address received via Zoom OAuth when you install or activate VeriFact.
• Organization membership: the organization you belong to inside VeriFact and your role within it.
• Reference documents: files your organization uploads for VeriFact to use as the source of truth (PDF, Word, Excel, PowerPoint, CSV, and plain text).
• Support communications: messages you send to support@verifact.live.

b. Information collected automatically

• Meeting metadata: meeting ID, host identity, start/end times, and the list of participants who were present while the VeriFact Bot was active.
• Transcripts: text produced from speech captured by the VeriFact Bot during meetings where the host activated it.
• Detected claims: factual statements our system identifies in the transcript.
• Verification verdicts and reasoning: the TRUE / FALSE / UNCERTAIN label for each claim, along with the supporting passages and reasoning produced by our verification pipeline.

c. Information from third parties

• Zoom: when you authenticate via Zoom OAuth, Zoom shares basic profile information (user ID, name, email) so that we can create your VeriFact account.

We use the information described above to:

• operate the Service and deliver real-time fact-checks during meetings;
• retrieve evidence from your organization’s reference documents;
• show post-meeting reports of detected claims and verdicts;
• debug, monitor, and improve the Service;
• respond to support requests and security reports.

We do not sell user data. We do not use customer data, transcripts, claims, or uploaded documents for advertising, and we do not use them to train machine-learning models.

We rely on a small number of processors to deliver the Service. Each is bound by its own data processing terms.

• Microsoft Azure (Cognitive Services — Speech): meeting audio is streamed to Azure for real-time speech-to-text transcription.
• Zoom: the meeting platform we integrate with; provides OAuth-based authentication and the surface where the VeriFact App and Bot appear.
• DigitalOcean: hosts our application servers and stores uploaded reference documents (DigitalOcean Spaces object storage).
• Self-operated language model server: a private server we operate that performs claim verification using retrieval-augmented generation (RAG) over your organization’s documents. Data sent to this server is not shared with any third-party model provider.

We may also disclose information when required by law, to protect our rights, or in connection with a corporate transaction (with notice).

Account information, organization data, uploaded reference documents, transcripts, detected claims, and verification verdicts are retained for the lifetime of the customer’s account.

We do not retain raw audio. Audio is streamed to the transcription service in real time and is not stored after transcription completes. We do not store meeting recordings or video frames.

You can request deletion of your data at any time by emailing support@verifact.live. We will complete deletion requests within 30 days.

We aim to follow GDPR and CCPA principles. Depending on where you live, you may have the right to:

• access the personal data we hold about you;
• request correction of inaccurate data;
• request deletion of your data;
• request a portable copy of your data;
• opt out of the “sale” of personal information — we do not sell personal information;
• not be discriminated against for exercising any of these rights.

To exercise any of these rights, email legal@verifact.live. We may need to verify your identity before fulfilling certain requests.

VeriFact is not intended for users under the age of 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact legal@verifact.live and we will delete it.

VeriFact is operated from the United States. Your information may be processed in any region where our processors operate, including the United States and the European Union (Microsoft Azure regions and DigitalOcean regions). Where required, we rely on appropriate safeguards for cross-border transfers.

We protect data in transit using TLS, encrypt uploaded reference documents at rest, and use scoped OAuth credentials so the Service can only access what it needs in Zoom. Internal access to customer data is limited to personnel who require it to operate or support the Service.

No system is perfectly secure. If you discover a vulnerability, please report it to support@verifact.live.

We will post any updates to this Privacy Policy on this page and update the “last updated” date above. For material changes, we will notify customers by email at the address associated with the account.

Questions about this policy or our privacy practices? Reach us by email at legal@verifact.live.

See also our Terms of Use and the VeriFact for Zoom user guide.