VeRa is operated by REDMINDSYS LTD ("RedMindsys", "we", "us", "our"), a company incorporated in England & Wales (Companies House no. 17324029). For the purposes of the UK GDPR and the Data Protection Act 2018, RedMindsys Ltd is the data controller for the personal data described in this policy.
VeRa is an on-screen overlay that fact-checks content. When you activate the lens over content in any app, VeRa (1) captures the selected area of your screen on your device; (2) extracts the text from it using on-device optical character recognition (OCR) running entirely on your phone; and (3) sends only the extracted text of the claim to our servers to retrieve sources and produce a verdict.
The screenshot itself never leaves your device. We do not receive, store, or transmit images of your screen. What we process is the recognised text of the claim you chose to check. Because you can point the lens at any content, the text of a claim may sometimes contain personal data — your own or that of third parties. We minimise what we retain (see section 6).
| Data | Source | Purpose |
|---|---|---|
| Recognised text of the claim (may incidentally contain personal data) | Sent from the app after on-device OCR | To retrieve sources and generate a fact-check verdict |
| Feedback you submit on a verdict | Provided by you | To improve verdict quality |
| Limited technical/security data — a hashed identifier derived from your IP, and rate-limit data | Generated when the app contacts our backend | Abuse prevention, rate limiting, service integrity |
What we do NOT process:
Any future use of data to improve our models would be introduced only on an opt-in basis with separate, explicit consent and a dedicated notice. We do not do this today.
We use a small number of trusted service providers that process data only on our instructions and under contract.
| Sub-processor | Role | What is shared |
|---|---|---|
| Tavily | Source retrieval / search | The text of the claim (to find relevant sources) |
| Cloudflare | Secure tunnel, hosting, network | Network traffic to our backend, including connection metadata such as IP at the network layer |
| On-device OCR | Text recognition | Nothing transmitted to us — runs locally on your device |
Our AI model currently runs on local/self-hosted infrastructure. When we migrate model inference to a cloud provider, that provider will be added as a sub-processor and this policy updated. We do not sell your personal data, and we do not share it for advertising. A current sub-processor list is available on request.
We keep personal data only as long as necessary for the purposes above, and deletion runs automatically (on start-up and on a schedule):
Under the UK GDPR you have the right to access, rectify, erase, restrict, object to, and (where applicable) port your personal data, and to withdraw consent where processing is based on consent. To exercise any of these, contact max@redmindsys.uk. We will respond within one month (extendable by up to two further months for complex requests, with notice). Because VeRa has no accounts, we may need additional information to locate any data associated with you and to verify your identity.
You also have the right to complain to the Information Commissioner's Office (ICO) (ico.org.uk). We would appreciate the chance to address your concerns first.
Some of our sub-processors process data outside the UK — in particular source retrieval (Tavily) and, when introduced, cloud model inference are likely to involve processing in the United States; Cloudflare operates a global network. Where personal data is transferred outside the UK, we rely on appropriate safeguards such as UK adequacy regulations, the UK International Data Transfer Addendum, or Standard Contractual Clauses, as applicable.
VeRa is intended for users aged 18 and over and is not directed at children. We do not knowingly process the personal data of anyone under 18.
We protect the service with technical and organisational measures, including request authentication, rate limiting, a CORS allow-list, security headers, and idempotent handling of feedback. No system is perfectly secure, but we work to protect the limited data we process.
We may update this policy from time to time. We will change the effective date and, for material changes, provide a more prominent notice. Continued use of VeRa after an update means you accept the revised policy.
REDMINDSYS LTD — 9 William Holland Close, Browsover, Rugby, CV21 1WF, United Kingdom · max@redmindsys.uk