Privacy Policy

This Privacy Policy explains how Veritas (“we”, “us”) processes personal data when you use our mobile application, website, and related services (together, the “Services”). It is intended to meet GDPR transparency requirements for users in the European Economic Area and UK, and to provide the notices required by the California Consumer Privacy Act (CCPA/CPRA) where applicable.

Data controller: Veritas Technologies Ltd., reachable at thinh@thinis.de. For EU/UK residents, privacy and data-protection inquiries may be sent to the same address.

Categories of personal data we may collect include: account identifiers (such as email address or provider subject ID), authentication tokens, device and app diagnostics (crash logs, OS version), usage events (screens viewed, feature toggles), language and topic preferences, and communications you send to support. We do not knowingly sell personal information as defined under CPRA.

We use this data to provide and secure the Services, personalize content, improve reliability, comply with law, and communicate with you. AI-assisted features process prompts and retrieved article metadata according to our infrastructure providers’ terms; we avoid using your messages to train public models where contractually prohibited.

Legal bases under GDPR include performance of a contract (Art. 6(1)(b)), legitimate interests such as fraud prevention and product improvement (Art. 6(1)(f)), and consent where required (Art. 6(1)(a)). You may withdraw consent without affecting prior processing.

We share data with subprocessors that host infrastructure, deliver push notifications, or provide analytics in aggregated form. A current list is available on request. If we undergo a merger, we will require the successor to honor this Policy or notify you of changes.

We retain account data while your account is active and for up to 24 months afterward unless law requires longer. Logs may be kept in secure backups for 90 days. Aggregated analytics may be stored indefinitely in non-identifying form.

If data is transferred outside the EEA, we rely on Standard Contractual Clauses or other approved mechanisms and perform transfer impact assessments where required.

You may request access, rectification, erasure, restriction, portability, and objection under GDPR, and lodge a complaint with your supervisory authority. California residents may request disclosure, deletion, and correction, and may opt out of sale/sharing (we do not sell personal information). We will not discriminate for exercising rights.

The Services are not directed to children under 16, and we do not knowingly collect their data. Contact us if you believe a minor provided information.

We may update this Policy and will post the new effective date. Material changes will be highlighted in-app or by email where appropriate.