Do audits support webhooks and async polling?

Yes. Create audits with POST /audit, poll with GET /audit/{job_id}, or register webhooks at POST /webhooks. Webhooks are HMAC-SHA256 signed.

Yes. Vertaa provides a public REST API with OpenAPI spec plus JS/TS and Python SDK scaffolds. See /developer-docs for quickstarts.

How do I handle rate limits?

On 429, respect Retry-After and backoff; SDKs include retry helpers. Check GET /quota for plan limits before bulk runs.

Privacy Policy | Vertaa

At Vertaa, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Information We Collect

Account Information

When you create an account, we collect:

Name and email address (via OAuth providers)
Profile picture (optional, from OAuth provider)
Account tier and subscription status

Usage Information

When you use our service, we collect:

URLs you submit for auditing
Audit results and scores
Share link settings (privacy, expiration)
Usage metrics (audit count, features used)

Technical Information

We automatically collect:

IP address and browser type
Device information and operating system
Cookies and session data
Log files and error reports

How We Use Your Information

We use your information to:

Provide and maintain our service
Process your audits and generate reports
Send you technical notices and updates
Respond to your support requests
Improve our service and develop new features
Prevent fraud and ensure security

Data Storage and Security

Your data is stored securely:

All data transmitted over HTTPS
Passwords never stored (OAuth authentication only)
Audit data encrypted at rest
Regular security audits and monitoring

Data Retention

We retain your data as follows:

Account data: Until you delete your account
Audit results: Until you delete them or your account
Share links: Until expiration or manual deletion
Log files: 90 days

Third-Party Services

We use the following third-party services:

Google OAuth - For authentication
GitHub OAuth - For authentication
Vercel - For hosting and analytics
Stripe - For payment processing
Resend - For transactional emails

Each service has its own privacy policy governing how they handle your data.

Cookies

We use essential cookies for:

Authentication and session management
Security and fraud prevention
Preferences and settings

You can disable cookies in your browser, but some features may not work properly.

Your Rights (GDPR & CCPA)

You have the right to:

Access - Request a copy of your data
Rectify - Correct inaccurate data
Delete - Request deletion of your data
Export - Receive your data in portable format
Opt-out - Unsubscribe from marketing emails

To exercise these rights, contact us at privacy@vertaaux.ai

Data We DON'T Collect

We do not:

Store website content from audited sites
Keep screenshots beyond audit processing
Sell or rent your personal information
Use your data for advertising
Track you across other websites

Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect information from children.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy, please contact us: