Last updated: 28 June 2026
VerbaPulse ("we", "us", "our") provides an AI-powered language risk detection service for enterprise teams. We operate the website at verbapulse.com and related products including a Chrome Extension and Outlook Add-in.
If you have questions about this policy, contact us at [email protected].
Account data: When you register or are invited to VerbaPulse, we collect your name, work email address, company name, and a password (stored as a salted hash, never in plain text).
Email content analyzed on demand: When you click "Analyze" in the extension or add-in, the text of the email you are composing is sent to our servers for analysis. We do not read, store, or process email content unless you explicitly trigger an analysis.
Usage events: We log anonymized interaction events (whether a risk was accepted, dismissed, or ignored) linked to your organization ID and session. These events are used to power your organization's analytics dashboard.
Technical data: Standard server logs including IP addresses, browser type, and request timestamps. Retained for up to 30 days.
We do not sell your data to third parties. We do not use individual email content for advertising.
OpenAI (language analysis): When you trigger a check, the email text is sent to OpenAI's API in real time to perform the language-risk analysis, and the result is returned to you. We have configured our OpenAI account so that requests are not stored in OpenAI's logs, so no transcript of your message is retained in our provider account. OpenAI does not use API-submitted content to train its models, and retains API data only briefly (up to 30 days) for abuse monitoring before deleting it. See OpenAI's data usage policy. We are moving this processing to EU-region infrastructure (Microsoft Azure OpenAI) and will update this policy when that migration completes.
SendGrid: Used to send transactional invitation emails. Only recipient email addresses and first names are shared.
Google Analytics: We use GA4 to measure aggregate website traffic. No personally identifiable information is sent to Google Analytics.
Account data is retained for the duration of your organization's active subscription, plus 90 days following cancellation, after which it is permanently deleted.
Usage event data (accepts, dismissals) is retained for up to 12 months for analytics purposes.
Email content you submit for analysis is not persisted by us. It is processed in memory to produce the result, then discarded. It is not written to our database and does not become part of your account record. As described in section 4, it is also not retained in our analysis provider's logs.
Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
Organization administrators can remove team members and their associated data directly from the Admin panel.
All data is transmitted over HTTPS/TLS. Passwords are hashed using SHA-256 with a unique salt. We do not store payment card data; billing is handled by our payment processor.
We may update this policy from time to time. If we make material changes, we will notify administrators by email at least 14 days before the changes take effect. Continued use of the service after that date constitutes acceptance.
Privacy questions? Email us at [email protected]. We respond within 2 business days.