Verdikt
TermsPrivacy

Verdikt Privacy Policy

Last updated: June 8, 2026 Effective date: June 8, 2026

This Privacy Policy explains how Meridian Studios LLC d/b/a Verdikt ("Verdikt," "we," "us") collects, uses, shares, and protects personal information when you use the Verdikt website at goverdikt.com and related services (the "Service"). It works alongside our Terms of Service at goverdikt.com/terms.

If you do not agree with this policy, please do not use the Service.

1. The Short Version

  • We collect the minimum we need to run Verdikt: an email to sign organizers in, the boards and options you create, and the votes participants cast.
  • You don't need an account to vote. Voting collects very little — only what the organizer chooses to ask for (such as a first name) plus basic technical data needed to prevent abuse.
  • We use Stripe for payments and never see or store your full card number.
  • We use Vercel Analytics (aggregated, anonymous, no cookies) and PostHog for product analytics to understand how the Service is used and improve it. PostHog uses cookies / local storage and may record pseudonymous session replays with all form inputs masked; we never sell this data.
  • We do not sell your personal information and we do not show third-party advertising.
  • You can ask us to access or delete your data — see "Your Rights" below.

2. Who Is Responsible for Your Data

Verdikt plays two different roles depending on the data:

  • For organizer accounts, Verdikt is the controller of the account data (for example, the sign-in email).
  • For data inside a board — including options, board settings, and any participant names or votes an organizer collects — the organizer who created the board is the controller, and Verdikt acts as a processor handling that data on the organizer's behalf. If you voted on someone's board and want your information removed, contact that organizer; we will assist them as needed.

3. Information We Collect

a. Information You Give Us

  • Account information: your email address (used for magic-link sign-in) and, optionally, a display name.
  • Board content: board names, descriptions, options, notes, themes, custom backgrounds, logos, uploaded images, and templates you create.
  • Participant and voting data: votes cast, and — only if the organizer asks for it — a participant's first name or chosen roster identity. Organizers decide whether names are requested, optional, or not collected at all.
  • Payments: when you subscribe to a paid plan, payment is handled by Stripe. Stripe collects your card and billing details directly; we receive limited information such as your subscription status, plan, and a customer/subscription identifier. We do not store full card numbers.
  • Communications: if you contact us, we keep your message and contact details.

b. Information We Collect Automatically

  • Technical and device data: IP address, browser type, device and operating-system information, and timestamps. IP addresses are processed transiently on our servers to prevent abuse and duplicate voting (rate-limiting and fraud prevention); they are not displayed to organizers and are not retained as part of board results.
  • Local storage: we store a small flag in your browser's local storage (for example, verdikt:voted:<board>) to enforce one-vote-per-device when an organizer enables it, and to keep you signed in. See "Cookies and Local Storage."
  • Usage data: we use Vercel Analytics to collect aggregated, anonymous data about how the Service is used. Vercel Analytics does not use cookies, does not fingerprint individual users, and does not collect personal information. This data cannot be used to identify you and helps us keep the Service reliable and improve it.

We do not intentionally collect special-category data (such as health, biometric, or precise geolocation), and you should not put such data into boards.

4. How We Use Information

We use personal information to:

  • provide and operate the Service (create boards, deliver voting links, record votes, generate results and insights);
  • authenticate organizers and keep accounts secure;
  • prevent fraud, abuse, duplicate voting, and violations of our Terms;
  • process payments and manage subscriptions (via Stripe);
  • send transactional messages (such as sign-in links and account or billing notices) via Resend;
  • respond to your requests and provide support; and
  • maintain, troubleshoot, secure, and improve the Service, including using aggregated, de-identified data that does not identify any individual or board.

We do not sell personal information, and we do not use it for third-party advertising.

5. Legal Bases for Processing (EEA/UK Users)

The Service is operated from the United States and is not directed at users in the European Economic Area or United Kingdom. If you access the Service from those regions, we rely on the following legal bases where the GDPR or UK GDPR applies:

  • Performance of a contract — to provide the Service you request (running your boards, processing your subscription).
  • Legitimate interests — to secure the Service, prevent abuse and duplicate voting, and improve our product, balanced against your rights.
  • Consent — where required (for example, certain non-essential cookies, if we add them). You may withdraw consent at any time.
  • Legal obligation — to comply with applicable law (for example, tax and accounting for payments).

6. How We Share Information

We share personal information only as needed to run the Service.

Service Providers and Subprocessors

The following providers process data on our behalf:

  • Supabase — database, authentication, and file storage;
  • Vercel — application hosting, delivery, and aggregated analytics;
  • Stripe — payment processing;
  • Pexels — stock-image search (image queries only; we do not send them your account data);
  • Resend — sending transactional email;
  • Sentry — error monitoring and diagnostics (technical error data only; configured to exclude IP addresses);
  • PostHog — product analytics and session replay (how the Service is used, to improve it; form inputs are masked in replays).

Other Disclosures

  • Other participants and organizers: board content and results are visible to people you share a board with, according to the board's settings. If an organizer enables name reveal, participant names may be shown in that organizer's reports.
  • Legal and safety: when we believe disclosure is required by law, or necessary to protect the rights, safety, or property of Verdikt, our users, or the public.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.

These providers may process data in countries outside your own. See "International Transfers."

7. Cookies and Local Storage

Verdikt uses a minimal set of browser storage:

  • Essential: keeping organizers signed in (authentication session) and enforcing one-vote-per-device where an organizer turns it on (the verdikt:voted flag). These are necessary for the Service to function.
  • Analytics: Vercel Analytics uses no cookies and collects no personal information. PostHog, our product-analytics tool, uses cookies / local storage to measure how the Service is used (pages viewed, features used) so we can improve it; session replays mask all form inputs. This is pseudonymous product analytics, not advertising. You can opt out of PostHog analytics by enabling "Do Not Track" in your browser or by contacting us, and you may clear these cookies at any time in your browser settings.

We currently do not use third-party advertising cookies. Where consent for non-essential analytics cookies is legally required (for example, in the EEA/UK), we will obtain it before such cookies are set.

You can clear local storage and cookies in your browser settings, but doing so may sign you out or allow re-voting on boards where dedup relies on the device flag.

8. Data Retention

We keep personal information for as long as needed to provide the Service and for legitimate business or legal purposes:

  • Account and board data: while your account is active. If you delete a board or your account, we delete the associated content within a reasonable period, except for limited copies retained in backups for a short time or where retention is legally required.
  • Inactive accounts: we may archive or delete accounts and associated content after at least 18 months of inactivity. Where practical, we will provide reasonable advance notice before doing so.
  • Payment records: retained as required for tax, accounting, and legal compliance.
  • Transient technical data (such as IP addresses used for rate-limiting): kept only as long as needed for that purpose and not retained as part of board results.

9. Security

We use reasonable technical and organizational measures to protect personal information, including encryption in transit, access controls, row-level security on our database, and handling secret keys server-side only. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

If we become aware of a breach affecting your personal information, we will notify you and relevant authorities as required by applicable law, including the Texas Business & Commerce Code Chapter 521.

10. International Transfers

We and our providers are based in and process data primarily in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the US or other countries. Where required by applicable law, we rely on appropriate safeguards for international transfers, such as the European Commission's Standard Contractual Clauses.

11. Your Rights

Depending on where you live, you may have some or all of these rights regarding your personal information:

  • access a copy of it;
  • correct inaccurate information;
  • delete it ("right to be forgotten");
  • object to or restrict certain processing;
  • portability — receive it in a portable format;
  • withdraw consent where processing is based on consent; and
  • lodge a complaint with your local data-protection authority.

California residents (CCPA/CPRA): you have the right to know what personal information we collect and how we use and disclose it, to request deletion, and to correct it, and the right not to be discriminated against for exercising these rights. We do not "sell" or "share" personal information as those terms are defined under California law, so no opt-out of sale is needed.

To exercise any right, contact us at legal@goverdikt.com. We will verify your request and respond within the time required by law. If your data lives inside a board created by an organizer, we may direct your request to that organizer (the controller) and assist them.

12. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child under 13 has provided us personal information, contact us at legal@goverdikt.com and we will delete it promptly.

13. Third-Party Links and Services

The Service may link to or integrate with third-party services (such as Stripe and Pexels). Their privacy practices are governed by their own policies, which we encourage you to review. We are not responsible for third-party services.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice by updating the "Last updated" date or notifying you by email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

For privacy questions or to exercise your rights, contact:

Meridian Studios LLC d/b/a Verdikt Email: legal@goverdikt.com Texas, United States