Privacy Policy

Last updated: September 5, 2025

Your privacy matters to us. This Privacy Policy explains how SourceVerify collects, uses, and protects your information when you use our reference verification service at sourceverify.ai. SourceVerify is provided by Jared Gallardo d/b/a SourceVerify. For most account and billing data we act as a controller; for verification processing of your submitted content we act as a processor/service provider on your instructions. The Service is not intended for children under 13 (or under 16 in the EEA/UK).

Information We Collect

Account Information

When you create an account, we collect basic information such as your name, email address, and a password to provide and secure access to the Service. If you purchase a plan, our payment provider (Paddle) processes billing details on our behalf.

Document Processing Data

When you upload or paste content for verification, we process it to extract and check reference information. We store only what's needed to deliver the Service:

• Document name and limited metadata (e.g., filename)
• Verification results and suggested repairs
• Processing timestamps and status

Important: We do not keep your uploaded documents themselves. They are processed and then deleted, and in any event removed within 24 hours.

Third-Party AI Processing

To provide verification, we use third-party large language model (LLM) APIs and related services. Your submitted content may be transmitted to these providers solely to perform the requested processing.

Where available, we configure providers to disable training and retention of API data and we contractually require that data be used only to deliver the Service. Provider practices may evolve; we will update this policy if our settings or subprocessors change.

Please do not upload protected health information (PHI), government IDs, or other highly sensitive personal data. If you are an educational institution subject to FERPA and wish to process student data, contact us first to establish appropriate terms.

Technical Information

We collect technical data (e.g., IP address, device and browser type, basic telemetry, and usage patterns) to secure, operate, and improve the Service and to prevent abuse.

How We Use Your Information

We use your information to:

• Provide, operate, and improve the verification Service
• Authenticate accounts and secure the Service
• Detect, prevent, and address fraud, abuse, or technical issues
• Communicate important service updates and respond to support requests
• Comply with legal obligations

Data Retention

We practice minimal retention:

• Uploaded documents: deleted after processing and in any event within 24 hours
• Verification results: retained while your account is active (deleted upon account deletion)
• Account information: retained until you delete your account or we no longer need it to provide the Service
• Security/diagnostic logs: retained up to 90 days to protect the Service

Sharing Your Information

We do not sell your personal information. We share it only in these limited cases:

• With service providers (e.g., hosting, AI processing, payments) acting on our behalf under contract
• With Paddle.com as Merchant of Record for billing and tax compliance
• When required by law, regulation, or legal process
• To protect our rights, property, users, or the public
• In connection with a business transfer (e.g., acquisition), subject to continued protections

Data Security

We use appropriate technical and organizational measures to protect your information, including encryption in transit and at rest where applicable, access controls, and regular security practices. No method of transmission or storage is 100% secure.

Your Rights

Depending on your location, you may have rights to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your account and associated data
• Export or receive a copy of your verification results and account data
• Object to or restrict certain processing
• Withdraw consent where processing is based on consent

You can exercise many of these rights in Account → Settings, or by contacting us. We may need to verify your identity before fulfilling a request.

Cookies & Tracking

We use cookies to provide and improve our Service. Here's how we use them:

Essential Cookies (Always Active)

These cookies are necessary for authentication, security, and core functionality. They cannot be disabled as the Service would not function without them.

Examples: authentication tokens (Stack Auth), session management, security features, consent preferences (sv_cookie_consent).

Analytics Cookies (Requires Consent)

With your explicit consent, we use Google Analytics 4 (via Google Tag Manager) to understand how visitors use SourceVerify. This helps us improve the Service.

Data collected includes:

• Pages visited and features used
• Time spent on the Service
• Browser and device information
• Anonymized IP addresses
• Custom events (e.g., verification started, document completed)

Google Analytics cookies include _ga and _ga_* with a typical lifespan of 2 years. Google processes this data as a data processor on our behalf. For more information, see Google's Privacy Policy.

Marketing Cookies (Not Currently Used)

We do not currently use marketing or advertising cookies. If we add them in the future, we will request your explicit consent before placing them.

Managing Your Preferences

You can manage your cookie preferences at any time by clicking the 'Cookie Preferences' link in the footer of any page. Your consent is stored in a cookie (sv_cookie_consent) and localStorage for 365 days. You can withdraw consent at any time.

We honor your cookie preferences. If you reject analytics cookies, Google Analytics will not be loaded. Note that we do not currently respond to Do Not Track (DNT) browser signals, but you can control tracking through our consent banner.

International Data Transfers & Legal Bases

Your information may be processed in the United States and other countries. When transferring personal data from the EEA/UK, we rely on appropriate safeguards (such as standard contractual clauses). Legal bases for processing (EEA/UK) include performance of contract, our legitimate interests in operating and improving the Service, compliance with legal obligations, and your consent where applicable.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through the Service. Please review this page periodically.

Contact Us

Questions or privacy requests?

Email: team@sourceverify.ai

We aim to respond within 30 days.