Privacy Policy
Synced verbatim from the canonical source in the repo. The desktop app’s in-app reader shows the same text.
1. What VERI-fy Does
VERI-fy is a desktop application that detects AI-generated video in real time by analyzing your screen. When detection is turned on, VERI-fy:
- Captures your primary display every 5 seconds.
- Downscales the capture to approximately 1 280 px wide, JPEG quality 60.
- Sends two consecutive frames (~50 ms apart) to the Google Gemini API at
generativelanguage.googleapis.comover HTTPS (TLS 1.2+). - Receives a structured analysis response from Google and displays it locally.
The entire screen is captured, not only the video region. Any content visible on your display at the moment of capture — including other applications, browser tabs, notifications, and system UI — will be included in the image sent to Google.
VERI-fy's own windows are excluded from each capture (setContentProtection(true) is applied during the capture cycle).
2. No VERI-fy Server
VERI-fy has no backend. There is no VERI-fy server. We do not see, store, log, transmit, or analyze your data. Frames go directly from your device to Google's servers.
3. Your API Key
Your Google Gemini API key is held only in process memory. It is never written to disk and is cleared when the application closes. No disk writes, no telemetry, no logs.
4. Detection History
Detection history (the last 50 entries) is kept only in RAM and is cleared when the application closes. No history is written to disk.
5. Analytics & Telemetry
VERI-fy includes no analytics SDK, crash-reporting SDK, or telemetry of any kind. The application makes no network requests other than the Gemini API calls described above.
6. Encryption — What It Is and What It Is Not
Data in transit between your device and Google is protected by TLS 1.2 or above (HTTPS). This is the same transport encryption used by every major website and API.
VERI-fy is not end-to-end encrypted with respect to Google. Google must decrypt the screenshots in order for Gemini to analyze them. Your API key authenticates your requests; it does not encrypt the payload.
7. What Google Does with the Screenshots
Google's own terms govern what Google does with the data it receives. The treatment differs by API tier:
| Tier | Training | Retention |
|---|---|---|
| Free tier (Google AI Studio) | Google may use your submitted content and generated responses to provide, improve, and develop Google products, services, and machine-learning technologies. | Per Google's terms. |
| Paid tier | Prompts and responses are not used to improve Google products. | 55-day retention for abuse monitoring only. |
We strongly recommend a paid-tier API key if you work with sensitive screen content. See Google Gemini API Terms of Service and Google's abuse-monitoring policy for the authoritative details.
8. Consent
When you first launch VERI-fy, a consent dialog explains the data flow described above and asks for your explicit acceptance before any data leaves your device. Detection cannot start until you accept.
Legal Basis
- KVKK (Turkey) Art. 5/1: Explicit consent of the data subject.
- GDPR (EU) Art. 6(1)(a): Consent of the data subject.
You may withdraw consent at any time by closing the application. No persistent data is retained once the app quits (aside from a small local consent.json file that records that you accepted the privacy terms).
9. Data Collected Locally
| Item | Storage | Lifetime |
|---|---|---|
consent.json | Electron userData directory | Until manually deleted |
| API key | Process memory only | Current session |
| Detection history | Process memory only | Current session |
| Screen captures | Never stored — streamed to Google and discarded | Transient |
10. Fair Use Protection (Free Tier Quota)
The Free tier includes 6 video analyses and 10 photo analyses per calendar month. To keep these quotas open for genuine users, VERI-fy uses two narrow signals to spot duplicate accounts that try to bypass the limits.
What we collect, only at signup and at sensitive actions:
| Signal | Form | Why |
|---|---|---|
| Device characteristics | One-way SHA-256 hash of a small bundle (OS major version, screen DPI bucket, timezone, hardware concurrency, GPU vendor string) | Detect duplicate signups from the same machine |
| Public IP address | Last octet masked (e.g. 203.0.113.xxx) | Detect duplicate signups from the same network |
What we do NOT collect for this purpose: precise geolocation, MAC address, IMEI, raw IP, browser cookies for cross-site tracking, advertising identifiers.
Legal basis:
- KVKK (Türkiye) Art. 5/2(f): Legitimate interest of the data controller
in fraud prevention.
- GDPR (EU) Art. 6(1)(a): Consent of the data subject (collected at signup).
- GDPR (EU) Art. 6(1)(f): Legitimate interest in fraud prevention.
Retention:
- Hashed device signal and masked IP: 12 months from your last activity, then
automated deletion.
- On account deletion: hashes are scrubbed within 90 days.
Use: strictly the automated anti-abuse pipeline. These signals are never used for marketing, profiling, advertising, or sold to third parties.
Your rights: access, rectification, erasure, restriction, portability, and objection. See section 13 (Contact) to exercise any of them. Premium subscribers are exempt from the duplicate-account check beyond standard fraud signals.
11. Children
VERI-fy is not intended for use by anyone under the age of 18.
12. Changes to This Policy
If we make a material change to this policy, the in-app consent dialog will re-appear (the consent version is incremented) and you will need to accept the updated terms before detection can resume.
13. Contact
For questions about this policy, open an issue in the project repository or contact the maintainer directly.