Privacy Policy

Overview

Verak is built on the principle that your data belongs to you. Unlike traditional platforms, Verak does not store your professional profile or analytics on our servers. All profile data, career records, and analytics events are written directly to your AT Protocol Personal Data Server (PDS) — a server you control. Verak functions as a stateless interface.

What We Collect

We collect two categories of data:

Website analytics: Verak uses server-side analytics (no client-side tracking scripts) on the verak.app marketing website to understand aggregate traffic patterns. This includes anonymised page views and referrers. No personally identifiable information is stored.

PDS records: When you use the Verak application, data such as your profile, career history, analytics events, and settings are written to your own PDS via AT Protocol XRPC calls. Verak reads this data to render your profile — we do not copy or retain it on our infrastructure.

How We Use Your Data

Website analytics are used solely to understand how visitors interact with our public pages — page performance, traffic sources, and feature usage trends. PDS data is used to render your Verak profile, Embassy page, and dashboard. We do not use your data for advertising, profiling, or sale to third parties.

Data Storage & Security

Your profile and application data resides on your PDS — not Verak servers. For platform functions that require temporary server-side state (such as session tokens and labeler credentials), we use ephemeral secure storage with appropriate TTLs. Our Ozone labeler at labeler.verak.app stores signed labels tied to your DID — these are public by design and readable by any AT Protocol client.

Your Rights

You have the following rights regarding your data:

Access: Your data is readable directly from your PDS using any AT Protocol-compatible client.

Export: Use Verak's built-in data export tool (Settings → Export) to download your records at any time.

Deletion: Delete individual records via Verak's interface, or use AT Protocol tooling to delete records directly from your PDS. Removing data from Verak's UI triggers the appropriate deleteRecord XRPC call.

Migration: Because your identity is a DID — not a Verak account — you can migrate your PDS to any AT Protocol-compatible hosting provider without losing your Verak profile.

Third-Party Services

Verak integrates with third-party AT Protocol networks (Bluesky, Gander, EuroSky) to authenticate users and read public profile data. We use Keytrace for identity verification signal enrichment — this is a read-only lookup of public claims. We do not share your data with third-party advertisers or data brokers.

Cookies

Verak uses a single session cookie to maintain your authenticated state within the application. This cookie does not track you across other websites and is deleted when you log out. We do not use third-party advertising cookies.

Changes to This Policy

We may update this Privacy Policy as the platform evolves. We will notify users of material changes through in-app notice at least 14 days before the changes take effect. Continued use of the Service constitutes acceptance of the revised Policy.

Contact

For privacy questions or data subject requests, contact us at hello@verak.app. We will respond within 30 days. Verak is operated by the Verak team, Canada.