VERIFIED — AI GOVERNANCE TOOLKIT
How Verified collects, uses, and protects information about the organizations and individuals who use it.
Effective Date: March 2026
This Privacy Policy describes how Nothaft Media Innovation ("we," "us," or "our") collects, uses, and protects information in connection with Verified, our AI governance toolkit for journalism organizations (verified.nothaftmedia.com). By using Verified, you agree to the practices described in this policy.
01
This policy applies to:
Verified is designed for use by journalism organizations and media companies. If you are a team member accessing Verified through your organization's workspace, your organization (as Workspace Admin) is responsible for determining how Verified is used within your organization and for communicating this policy to you.
02
Account and Identity Information
When you create an account or are invited to a workspace, we collect your name, email address, and your role within the platform (Workspace Admin or team member).
Governance and Assessment Data
Verified is designed to help organizations assess and improve their AI governance. In the course of using the platform, you may enter information about your organization's AI tools, governance practices, risk assessments, team structures, and policy approaches. This information is stored on your behalf and used to power the platform's tools and reporting features.
Uploaded Documents
Some features of Verified allow you to upload documents — for example, existing AI policies or governance materials — to provide context for the platform's AI-assisted features. These documents are stored securely and used only to generate responses within your workspace.
Usage Data
We collect basic information about how you use Verified, including which tools you access, when you log in, and general usage patterns. This information is used to maintain and improve the platform.
Payment Information
If you subscribe to a paid plan, payment is processed by Stripe. We do not store credit card numbers or payment credentials. We receive limited transaction information (subscription status, billing history) from Stripe to manage your account.
03
We use information collected through Verified to:
We do not sell your information. We do not use your governance data or uploaded documents to train AI models. Your organization's governance information is yours.
04
Verified uses a small number of third-party services to operate. Each is bound by its own privacy policy and data processing terms.
| Service | Purpose | Data Involved |
|---|---|---|
| Supabase | Database and authentication | All platform data, including account info, governance inputs, and uploaded documents. Hosted on AWS infrastructure. |
| Resend | Transactional email delivery | Name and email address for sending platform notifications and digest emails. |
| Stripe | Payment processing | Billing information for paid subscriptions. Stripe processes payment data directly and is PCI-compliant. |
| Netlify | Platform hosting | Standard web server logs (IP addresses, browser type, pages accessed). |
| Anthropic (Claude API) | AI-assisted features | Text inputs submitted to AI-assisted features (such as document context and Policy Builder) are processed by Anthropic's API in accordance with Anthropic's privacy policy. |
05
We retain account and workspace data for as long as your account is active or as needed to provide services. If you close your account or your organization ends its subscription, we will retain your data for 30 days to allow for reactivation, after which it will be deleted from our systems.
Uploaded documents may be deleted from the platform at any time by a Workspace Admin. We do not retain deleted documents.
Payment records are retained as required by applicable financial regulations.
06
Verified stores all data using Supabase, which provides row-level security, encrypted connections, and access controls. Authentication is handled via Supabase Auth with email and password or magic link. We use role-based access controls within the platform to ensure team members can only access the workspace they have been invited to.
While we take reasonable measures to protect your information, no system is completely secure. If you become aware of any security concerns related to your account, please contact us immediately.
07
You have the right to:
To exercise any of these rights, contact us at keiranothaft@gmail.com. We will respond within 30 days.
08
Verified uses cookies and local storage to maintain authentication sessions and basic platform functionality. We do not use third-party advertising cookies or cross-site tracking technologies. We do not use analytics platforms that track individual user behavior across sessions.
09
Verified is designed for use by professionals at journalism organizations. We do not knowingly collect information from individuals under 18 years of age. If we become aware that we have collected information from a minor, we will delete it promptly.
10
We may update this policy as the platform evolves. If we make material changes, we will notify Workspace Admins by email before the changes take effect. Continued use of Verified after the effective date of a revised policy constitutes acceptance of the updated terms.
The current version of this policy is always available at verified.nothaftmedia.com/privacy.
If you have questions about this policy or how we handle your information, reach out directly.