Privacy

Privacy Policy

Last updated April 13, 2026

Who we are

Verify is operated by magpiexyz-lab. Contact: hello@magpiexyz.io

What we collect

  • Account: email and OAuth provider (Apple or Google), created via Supabase.
  • Checks: the URL or media you submit for verification, the synthesized result, and per-provider intermediate responses. Content is stored against your account.
  • Analytics: funnel events (page views, CTA clicks, check submissions) captured via PostHog EU. No third-party ad trackers. Anonymous until you sign up; linked to your account ID after signup.
  • Billing: Stripe stores card details — we only see the customer ID, subscription status, and invoice metadata.

Where we store it

Primary database and auth are hosted on Supabase Frankfurt (EU). Analytics on PostHog EU. Email via Resend. All data residency stays in the EU. No transfers to third countries without adequacy or SCCs.

Who we share with

When you submit content for verification, Verify sends it to the detection providers listed on the pricing page — Reality Defender, Sensity, TinEye, InVid, Google Fact Check Tools, and Anthropic (for synthesis). These providers operate under their own published terms. We link out to each provider's data handling policy from the Team-tier DPA. We do not sell personal data. We do not share data with advertisers.

How long we keep it

  • Account and checks: retained while your subscription is active, plus 30 days after cancellation.
  • Share links: public unless you delete them.
  • DSR erasure: account soft-deleted immediately, hard-purged within 30 days via a daily cron job (/api/cron/dsr-purge).

Your rights (GDPR)

Under GDPR Articles 15–22 you have the right to:

  • Access the personal data we hold about you
  • Rectify incorrect data
  • Erase your data (Article 17) — trigger via the account page; fully executed within 30 days
  • Restrict or object to processing
  • Data portability — export your checks as JSON
  • Withdraw consent at any time
  • Lodge a complaint with your local data-protection supervisory authority

Cookies

We use one session cookie (verify_cohort_pinged) for retention analytics and the Supabase auth cookie for signed-in sessions. No third-party marketing cookies.