V
Get started
Privacy

Privacy Policy.

How Veridanth collects, uses, stores and protects your personal data — written under Ghana's Data Protection Act 2012, in plain English. Last updated: 30 May 2026.

1. Who we are

Veridanth is an AI-coaching and consultancy platform for Ghanaian students, researchers and founders. We are the data controller for the personal data described below. For anything in this policy, write to privacy@veridanth.app.

2. What we collect, and why

2.1 Information you give us when you sign in

To create your account we ask for your name and email address. We email you a one-time link to verify the inbox before we open a session. We do not store passwords (we don't have any), and we don't buy or sell email lists.

2.2 Information you create inside the studio

When you use the Veridanth Studio — CV Studio, SoP Studio, Grant Studio, Manuscript Builder, IRB Builder and the rest — most of what you type stays in your browser's local storage, under your own control. It only leaves your device in two situations:

  • When you ask the AI coach to draft, rewrite or critique a section. The relevant text is sent to our AI provider (see §4) and discarded after the response streams back.
  • When you export a document. The export is generated in your browser and never reaches our servers.

The Authorship Trail (Veridanth Docs) is the exception by design: keystroke batches and revision snapshots are stored on our servers so the proof you generate is independently verifiable.

2.3 Information we collect automatically when you use the platform

  • Usage counts per email (or per hashed IP if you're not signed in) so we can enforce the daily AI quota.
  • IP address, but never in the clear: we hash it with HMAC-SHA256 before storing it, so abuse-prevention works without us building a profile.
  • Standard server logs (request path, timestamp, user-agent) kept for at most 30 days for debugging and security.

2.4 Payment information

Subscriptions and engagement payments are processed by Paystack. Card numbers, mobile-money PINs and the like never touch our servers — only a reference, the amount, the currency and the channel (e.g. mobile_money) come back to us. We use that to verify the charge succeeded and to remember which account paid.

2.5 Communications

If you message us or message a booked specialist through the platform, we store the message so the other side can read it and so we can mediate disputes.

3. Our lawful bases under Ghana's Data Protection Act 2012

  • Performance of a contract — providing the Veridanth account, studio and engagements you signed up for.
  • Legitimate interests — abuse prevention (hashed-IP quota, server logs), debugging, fraud detection, and improving the service. These interests are tightly bounded; we use the minimum data needed and tell you about it here.
  • Legal obligation — tax records, anti-money-laundering checks where applicable, responding to lawful requests from Ghanaian authorities.
  • Consent — for anything that isn't one of the above (e.g. optional marketing emails), we ask first, and you can withdraw consent at any time.

4. Who else processes your data, and why

We are accountable for what these processors do with your data on our behalf. We chose them for security and reliability and we use each one for one job only:

  • Anthropic (United States) — runs the AI models behind every coach in the studio. When you ask for a draft / rewrite / critique, the relevant text plus the studio's context goes to Anthropic for that one call and is returned as a streamed response. Anthropic's commercial terms prohibit using the data to train their models.
  • Paystack (Nigeria / Ghana) — processes card and mobile-money payments. We pass them your email and the amount; they handle the rest.
  • Resend (United States) — delivers transactional email (magic-link sign-in, payment receipts, milestone notifications).
  • Vercel (United States) — hosts the website and runs serverless functions on our behalf.
  • Upstash (United States) — durable storage for subscriptions, bookings, documents and the quota counters described in §2.3.

These transfers cross from Ghana to the United States and other jurisdictions. We rely on the processor's data-processing agreements and security commitments to keep your data protected. If you object to this, do not create an account.

5. How long we keep things

  • Account profile (email, name) — for as long as your account is open, plus 60 days after you ask us to delete it (a short grace period in case you change your mind).
  • Subscription records and booking history — 7 years after the last transaction, for tax and audit obligations.
  • Quota counters — daily counters expire automatically after 24 hours; the burst counter expires in under a minute.
  • Server logs — at most 30 days.
  • Authorship Trail proofs — kept until you delete the document; once deleted, gone within 30 days.
  • Studio content in localStorage — never sent to us; it lives in your browser until you clear it.

6. Your rights

Under the Ghana Data Protection Act 2012 you have the right to:

  • Know what we hold about you (this policy + a written response on request).
  • Access a copy of your personal data.
  • Correct anything that's inaccurate.
  • Erase your account and the personal data attached to it, subject to the retention rules in §5.
  • Object to processing based on our legitimate interests.
  • Withdraw consent for any consent-based processing.
  • Complain to Ghana's Data Protection Commission if you think we've mishandled your data — see dataprotection.org.gh.

To exercise any of these, write to privacy@veridanth.app. We respond within 30 days.

7. Cookies

We use first-party cookies only, and only for the platform itself to work:

  • vd_session — proves you're signed in. HTTP-only, signed, 30-day expiry.
  • vd_quota — mirrors today's AI-usage count so the dashboard reads quickly. Server state is the source of truth; this cookie is just a display cache.

We do not run third-party analytics or advertising cookies. You can block our cookies in your browser settings, but the sign-in flow won't work without vd_session.

8. Security

  • All traffic is over HTTPS.
  • Session and sign-in tokens are HMAC-SHA256 signed with a secret that lives only on the server.
  • IPs are HMAC-hashed before they're used as quota keys, so we never persist them in the clear.
  • Payments are handled directly by Paystack — card and mobile-money credentials never touch our servers.
  • Webhook signatures are verified in constant time; in production we refuse any webhook that isn't signed.

No system is perfectly secure. If you spot a vulnerability, please write to security@veridanth.app.

9. Children

Veridanth is built for adults and older students. You must be at least 16 to create your own account. If you're under 16, please ask a parent or guardian to set up the account on your behalf.

10. Changes to this policy

We'll update this page when our practices change, and bump the “Last updated” date at the top. If a change materially reduces your rights or expands what we collect, we'll let you know by email before it takes effect, and you'll have a chance to delete your account before the new policy applies to you.

11. Contact

Privacy questions or requests: privacy@veridanth.app
Security disclosures: security@veridanth.app
Anything else: hello@veridanth.app

Read our Terms of Service Coaching policy