Privacy Policy
Effective date: April 7, 2026
Last updated: July 2026
VeriClick is built to protect users online while collecting as little data as possible. This policy explains what we collect, why, and what we do not collect.
Who we are
VeriClick Ltd is registered in England and Wales (Company No. 16554016), with a registered office at 128 City Road, London, EC1V 2NX. We are the data controller for personal data processed through VeriClick products.
Contact: support@vericlick.io
What we collect
If you create an account:
- Your email address, used for authentication and account management
- Subscription and billing status — we do not store card details, which are handled entirely by our payments provider
- Plan usage counters (number of checks used today) to enforce free tier limits
- Authentication tokens passed from the VeriClick website to the extension after sign-in, to maintain your logged-in state and plan tier across browser sessions. These are stored locally in the extension and are not shared with third parties.
When you use the extension:
- URLs of links you hover over or right-click are sent to the VeriClick API to generate a trust score. To improve accuracy, we may also send limited page context with the URL — such as the link's visible text, the page title, and a short snippet of surrounding text on the page. These are used only for scoring and are not stored after the check completes.
- Your extension settings and display preferences (display mode, click interception toggle) are stored locally in your browser. Your risk threshold preference is stored locally and applied on Premium plans.
- Temporary score results are cached locally per tab to power the toolbar badge and popup display. These are cleared when the tab is closed.
Premium email scam protection (Premium plan only):
- When you view an email in supported webmail (such as Gmail or Outlook), VeriClick may read sender address, display name, subject line, and a short body preview (up to 500 characters) from the visible email on screen to assess whether the message looks like a scam.
- This metadata is sent to the VeriClick API for sender reputation checks and, in some cases, AI-assisted analysis. It is used only to return a warning to you and is not used for advertising or sold to third parties.
- Free-plan users do not receive email sender warnings — only link hover and right-click checks.
If you submit feedback:
- Optional thumbs up/down feedback on individual scores, used to improve scoring accuracy. No personal data is attached to feedback.
What we do not collect
- We do not store your browsing history.
- We do not track which websites you visit over time.
- We do not read form fields, passwords, or other text you type into pages.
- We do not read your full inbox, full email bodies, or private messages — only the limited fields described above when you are viewing a single email and only on Premium plans for sender warnings.
- We do not collect your name, address, or phone number.
- We do not sell personal data to third parties.
- We do not use your data for advertising purposes.
How data is used
Data is used only to:
- Operate the link-scoring service
- Provide Premium email scam warnings where enabled
- Manage your account and subscription
- Provide customer support
- Improve scoring accuracy based on aggregated, anonymised signals
Third-party services
VeriClick uses trusted third-party providers in the following categories:
- Authentication: to manage account sign-in securely
- Payments: to process subscriptions. VeriClick never stores card details.
- Threat intelligence: to cross-reference URLs and sender domains against known threat databases as part of the scoring process
- AI processing: for Premium users only, to generate plain-English explanations of link risk signals and, where enabled, to assist with email scam detection
Each provider processes data under their own privacy policies and appropriate data processing agreements.
Data retention
- Account and billing records are retained for as long as your account is active, and for up to 7 years thereafter for legal and tax compliance.
- URLs and limited link context submitted for scoring are not retained after the score is returned.
- Premium email metadata sent for scam checks is processed to return a warning and is not retained for profiling or advertising.
- Usage counters reset daily and are not stored long-term.
- Per-tab score cache is cleared automatically when a tab is closed.
Cookies and local storage
The VeriClick website uses essential cookies for authentication and session management. The extension uses Chrome's local storage API for settings, auth state, and usage counters. We do not use advertising or tracking cookies.
International data transfers
VeriClick Ltd is a UK-registered company. Some data may be processed by our third-party providers in other jurisdictions. Where this occurs, appropriate safeguards are in place in accordance with UK GDPR requirements.
Your rights under UK GDPR
If you are based in the UK or EEA, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Object to or restrict certain processing
- Data portability
To exercise any of these rights, contact us at support@vericlick.io. We will respond within 30 days.
Security
We use industry-standard security measures to protect data in transit and at rest. Authentication tokens are handled securely and card payments are processed entirely by our payments provider.
Changes to this policy
We may update this policy from time to time. Material changes will be notified via the website or by email to registered users. The effective date at the top of this page will reflect the most recent update.
Contact
For privacy questions or to exercise your rights:
Email: support@vericlick.io
Post: VeriClick Ltd, 128 City Road, London, EC1V 2NX