← Back to Verigate

Privacy Policy

Last updated: June 2026

What We Collect

Verigate collects the minimum data necessary to operate the authorization service:

• Account data — tenant name and API key hash (SHA-256; we never store your raw API key)
• Authorization receipts — agent ID, action, resource, decision, Ed25519 signature, and hash chain linkage
• Usage metrics — request counts per billing cycle
• Payment data — processed by Stripe; we store only Stripe customer/subscription IDs, never card details

How We Use It

• Enforce authorization policies and issue cryptographic receipts
• Generate compliance reports (Gemini-powered; agent metadata is sent to Vertex AI)
• Track usage for billing and rate limiting
• Log AI operations for audit transparency (ops log)

What We Don't Do

• We do not sell your data
• We do not use your authorization data to train AI models
• We do not track you with cookies or third-party analytics on the landing page

Data Storage

All data is stored in Google Cloud Firestore (us-central1) with encryption at rest. Ed25519 signing keys are stored in Google Secret Manager. Merkle roots may be anchored on Base L2 (public blockchain).

Data Retention

Authorization receipts are retained for the lifetime of your account. You can request deletion by contacting privacy@verigate.cloud.

Contact

For privacy inquiries: privacy@verigate.cloud