How Verdict handles your data.

• Pitch deck PDFs you upload to generate reports. The deck is the input to the four-pass analyst chain.
• Fund profile datayou enter during onboarding — thesis, stage focus, sector focus, check-size range, geographic focus, dealbreakers, portfolio companies. Used to calibrate the Fund Fit Verdict.
• Generated reports— everything Verdict produces (verdicts, prose sections, sourced market sizing, risk matrix, diligence questions).
• Account info— email address (via Clerk OAuth/sign-up), display name (optional), Stripe customer ID + subscription state once you upgrade.
• Memo feedback— if you click the “Teach Verdict” button on a section to disagree with a verdict, your override + free-text reason. Used to calibrate future reports for your account.
• Telemetry— per-call cost, latency, and token usage on each chain run. Used for cost monitoring + performance optimization.

Verdict runs on four infrastructure providers. Your data transits each in the course of normal product operation. All five are well-known SOC 2 / ISO 27001 vendors with their own data-handling commitments; we link to each.

• Anthropic— the four-pass chain calls Claude (Sonnet 4.6 + Haiku 4.5). Anthropic’s API terms prohibit training on customer data. Your deck + chain prompts transit Anthropic for processing and are not retained beyond the call. Anthropic terms.
• Supabase— Postgres database + Storage bucket for deck files. Encryption at rest (AES-256) and in transit (TLS 1.3). Hosted on AWS us-east-1. Supabase security.
• Vercel— web hosting + serverless functions. Logs (timestamped, redacted) retained per Vercel defaults. Vercel privacy.
• Clerk— authentication + session management. Stores your email + OAuth tokens. Clerk privacy.
• Stripe— billing + subscription management. Receives your card details (we never store raw card numbers; tokenized via Stripe Checkout). Stripe privacy.

We do not share your data with any other third parties. Verdict will not sell, lease, license, or otherwise transfer customer data to anyone outside this sub-processor list.

Verdict does not train models on your decks, fund profile, generated reports, or memo feedback. Our chain calls Anthropic’s API under the commercial terms that prohibit training on customer data; we don’t run any training of our own.

The memo feedback you provide via the “Teach Verdict” button is used to calibrate future reports for your account specifically. Your overrides do not propagate into another customer’s chain context. User-specific calibration is the only learning loop; cross-user federated learning is a permanent decline, documented in our roadmap.

User-initiated deletion. You can delete any report at any time from the report viewer. The deck file in Supabase Storage is removed in the same transaction as the report row.

Auto-purge after 90 days. Reports older than 90 days from creation are automatically deleted by a daily cron job (04:00 UTC). The deck file in Storage is removed alongside the report row, along with chain telemetry and the coaching report (if generated).

Sensitive-tier early deck purge.When you mark an upload “Sensitive” on the upload form, the deck PDF in Storage is purged 24 hours after the most recent memo generation completes — not 90 days. Re-running the memo or resuming a failed run restarts the 24-hour window so the recovered output gets the same retention promise. The memo itself, Verdict telemetry, and any coaching report are retained for the full 90 days under the standard rule above and then purged with the row. Use this tier when the founder asked you not to retain the source deck. The 24-hour grace window lets you re-download once if you need it post-memo. The purge runs in the same daily 04:00 UTC cron pass; the “Standard” tier preserves the existing 90-day deck retention.

Memo feedback retention.One specific asymmetry to call out: the structured corrections you provide via the “Teach Verdict” button (override verdict + free-text reason + auto-tagged sector/stage) are notdeleted by the 90-day auto-purge. They persist scoped to your account so Verdict can keep calibrating to your past corrections on future reports. Per the corpus retention rule we keep them up to 7 years; the foreign-key link back to the originating report is broken at purge time so the feedback is decoupled from any specific deck. Account deletion below removes the feedback rows alongside everything else — the retention cap is account lifetime, not 7 years absolute.

If you need longer retention on a specific report, or shorter retention on your feedback rows, delete the report yourself, contact us before the 90-day window expires, or request feedback purge by email below.

Account deletion. Email lishaorui82@gmail.com from the address on your Verdict account. We’ll delete your fund profile, all generated reports, all uploaded decks, all memo-feedback rows, your Clerk session, and your Stripe customer record (if applicable) within 7 days, and confirm completion by reply.

Encryption. All deck files in Supabase Storage are encrypted at rest (AES-256). All API traffic is TLS 1.3. Stripe handles card data via tokenization; raw card numbers never touch our infrastructure.

Isolation.Decks and reports are scoped to the uploading user’s account ID. The Supabase schema enforces row-level security so a query for one user’s reports cannot return another user’s data even if our application code were buggy.

Access controls. The service role key that allows admin DB access is held only in Vercel environment secrets, never in source control, and is distinct from the dedicated INTERNAL_HMAC_SECRET used for chain self-trigger token signing.

Public sharing.Reports are private by default. Public sharing is opt-in per report — you generate a public-share UUID via the Share button on the report viewer; anyone with the URL can read the report without an account, and you can revoke the link any time. Until you generate a share-id, no public read path exists.

What we don’t have yet.SOC 2 Type I and Type II certifications. We’re not SOC 2 today and won’t be until traction warrants the audit cost (Q3 2026 trigger). For sensitive decks today, treat Verdict like any early-stage SaaS tool that handles confidential information — and let us know what additional commitments your procurement team needs.

If we discover a security incident affecting your data, you’ll get an email within 72 hours of discovery with: what happened, what data was potentially exposed, what we’re doing to contain it, and what (if anything) we recommend you do. Notification goes to the email on your Verdict account.

Email lishaorui82@gmail.com for: a lawyered version of this DPA, a custom retention schedule, a sub-processor change request, an enterprise data-handling addendum, or anything else procurement asks for that isn’t covered above.