Privacy Policy
Last updated: January 2025
1. Introduction
This Privacy Policy explains how Verso collects, uses, stores, and protects your personal information. We are committed to complying with the Protection of Personal Information Act 4 of 2013 ("POPIA") and other applicable data protection laws.
By using Verso, you consent to the collection and processing of your personal information as described in this policy.
2. Who We Are
Verso is operated by Coding Everest (Pty) Ltd, a company registered in the Republic of South Africa. We are the "responsible party" as defined under POPIA.
3. What We Collect
3.1 Information You Provide
- Account information: Display name, email address, and password (hashed — we never store plaintext passwords)
- Book generation parameters: Styles, moods, lengths, ratings, and optional descriptions you provide when creating a book
- Book content: The AI-generated stories stored in your library
- Reports: If you report a book, the reason and any details you provide
- Support correspondence: Emails or messages you send to us
3.2 Information Collected Automatically
- Reading preferences: Theme, font size, and reading progress (stored locally on your device and in your account)
- Reading sessions: Timestamps of when you open a book (used for reading statistics)
- Credit and subscription data: Balance, transaction history, and plan status
3.3 Information We Do Not Collect
- We do not use third-party analytics or tracking services
- We do not collect IP addresses for tracking purposes (IP addresses may be temporarily processed for rate limiting)
- We do not collect payment card details directly — payment processing is handled by third-party providers
- We do not use advertising cookies or trackers
4. How We Use Your Data
We process your personal information for the following purposes:
- Providing the service: Creating your account, generating books, storing your library, and managing your subscription
- Improving the service: Analysing aggregated, anonymised usage patterns to improve book generation quality and platform features
- Communication: Sending password reset emails, subscription notifications, and important service updates
- Safety & enforcement: Enforcing our Terms of Service and Acceptable Use Policy, reviewing reports, and preventing abuse
- Legal compliance: Meeting our obligations under South African law
We will not use your personal information for purposes other than those listed above without your consent.
5. Where We Store Your Data
Your data is stored using Supabase, a cloud database platform. Our Supabase instance is hosted in the European Union (Ireland).
This means your personal information is transferred to and stored in the EU. The EU maintains data protection standards that are recognised as adequate under POPIA. By using Verso, you consent to this transfer.
Some data (reading preferences, reading progress, and credit balances) is also cached locally on your device using browser localStorage for performance purposes.
6. Data Sharing
We do not sell, rent, or trade your personal information. We may share data with:
- Service providers: Supabase (database hosting), AWS (AI processing), and payment processors — only to the extent necessary to provide the service
- Legal authorities: If required by law, court order, or to protect the rights and safety of Coding Everest, our users, or the public
When you share a book with another user, only the book content and metadata (title, author, styles, moods, rating) are shared. Your personal information (email, account details) is never disclosed to other users.
7. Cookies & Local Storage
Verso does not use traditional browser cookies for tracking or analytics.
We use browser localStorage to store:
- Authentication session tokens (managed by Supabase)
- Reading preferences (theme, font size)
- Reading progress per book
- Credit balance cache
- Active generation job status
- Profile selection (Adult/Kids)
This data is stored only on your device and is not transmitted to third parties. You can clear this data at any time through your browser settings.
8. Data Retention
- Account data: Retained for as long as your account is active. Upon account deletion, all personal data is permanently removed within 30 days.
- Book content: Retained for as long as your account is active. Trashed books are permanently deleted when you empty the trash.
- Reading sessions: Retained for statistical purposes for the lifetime of your account.
- Reports: Retained for moderation and safety purposes, even after account deletion.
- Suspended accounts: Account data is retained for 30 days following suspension to allow for appeals. If no appeal is submitted within 30 days, the account and all associated data are permanently deleted.
9. Your Rights (POPIA)
Under the Protection of Personal Information Act, you have the right to:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete personal information
- Deletion: Request deletion of your personal information (subject to legal retention requirements)
- Objection: Object to the processing of your personal information on reasonable grounds
- Withdraw consent: Withdraw your consent to processing at any time (this may affect your ability to use Verso)
- Complaint: Lodge a complaint with the Information Regulator of South Africa if you believe your rights have been violated
To exercise any of these rights, contact our Information Officer at the details below.
10. Children's Privacy
Verso accounts may only be created by individuals aged 18 or older. The Kids Profile feature is designed for children aged 5–12 and operates under the parent or guardian's account.
We do not knowingly collect personal information directly from children. All data associated with a Kids Profile is linked to the parent's account and subject to the parent's control.
The Kids Profile applies additional content restrictions to ensure age-appropriate content generation. Parents are responsible for supervising their child's use of the Kids Profile.
11. Security
We take reasonable technical and organisational measures to protect your personal information, including:
- Passwords are hashed and never stored in plaintext
- All data transmission uses HTTPS encryption
- Database access is controlled through Row Level Security (RLS) policies
- Server-side operations use restricted service role keys
- Rate limiting is applied to prevent abuse
While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will make reasonable efforts to notify you via email or an in-app notice.