Vernac is built on a simple premise: your data exists to help you make better decisions — not to help us build a business around your information. This policy explains plainly what we collect, how we use it, and what we don't do with it.
The short version: Your analytics data is analyzed in real time and never stored. We do not retain, sell, share, or use your uploaded data for any purpose other than generating your report. When your session ends, your data is gone.
Vernac is the data controller for the personal data described in this notice. Vernac is a product of Great Lakes Golf Concierge LLC, which determines how and why your personal data is processed in connection with the Vernac service.
Paddle.com Market Limited ("Paddle") is the processor and Merchant of Record for all payment data. Paddle handles payment processing, billing, tax calculation and remittance, invoicing, fraud screening, refunds, and all compliance obligations related to the sale itself. When you check out, you contract directly with Paddle for the purchase transaction, and Paddle acts as an independent controller of the payment data it collects.
Analytics data you upload. When you upload a file or paste data into Vernac, that content is transmitted directly to our AI analysis engine for processing. It is not written to any database, server, or storage system on our end. It exists only in your active browser session and in the temporary processing pipeline. When your report is delivered and your session ends, it is gone.
Email address. We collect your email address at checkout for the purpose of delivering your receipt and report. We do not add you to marketing lists without your explicit consent. We do not sell or share your email address with third parties.
Payment information. All payment processing is handled by Paddle as Merchant of Record. We never see, touch, or store your card number, CVV, or full payment details. Paddle is PCI DSS Level 1 certified — the highest level of payment security certification available. You can read Paddle's privacy policy at paddle.com/legal/privacy.
Basic usage data. We may collect anonymized, non-identifiable usage information such as page visits and feature interactions to improve the product. This data contains no personally identifiable information and cannot be traced back to you or your business.
For users in the United Kingdom and European Economic Area, we rely on the following legal bases under the UK GDPR and EU GDPR:
Contract performance (Art. 6(1)(b)). We process your uploaded analytics data, business context, email address, and order details because doing so is necessary to deliver the report you have purchased. Without this processing we cannot perform the contract you have entered into with us.
Legitimate interests (Art. 6(1)(f)). We process anonymized usage data and basic operational logs to secure the service, prevent abuse, and improve product quality. Our legitimate interest is in operating a reliable and secure product, and we have assessed that this processing does not override your rights and freedoms.
Legal obligation (Art. 6(1)(c)). Limited transaction records are retained where required by tax, accounting, or anti-fraud law.
Paddle, as Merchant of Record, independently relies on contract performance and legal obligation as the bases for processing payment data.
Your uploaded data is sent to Anthropic's API for AI analysis. Anthropic processes this data solely to generate your report. Under Anthropic's API usage policies, data submitted via the API is not used to train their models and is not retained beyond the immediate processing window.
You can review Anthropic's privacy and data handling policies at anthropic.com/privacy.
No human at Vernac reads your uploaded data. The analysis is entirely automated.
Paddle — as Merchant of Record for payments, subscription management, tax, and invoicing.
Anthropic — as our AI analysis subprocessor, solely for generating your report.
Hosting and infrastructure providers — to operate the service.
Professional advisers and authorities — where required by law.
We do not sell your data and we do not share it for advertising purposes.
We do not store your analytics data after your report is delivered.
We do not sell your data to any third party, advertiser, or data broker.
We do not use your business data to train AI models or improve our own systems.
We do not share your data with other customers, partners, or affiliates.
We do not use tracking pixels, behavioral advertising cookies, or cross-site tracking technologies.
Analytics data: Not retained. Exists only during active session processing.
Email address: Retained for receipt delivery and basic transaction records. Deleted upon request.
Payment records: Retained by Paddle in accordance with their policies and applicable financial regulations. We retain transaction IDs and amounts for accounting purposes only.
You have the right to request access, correction, or deletion of any personal information we hold about you. Because we don't retain your analytics data, these requests typically apply only to email address and transaction records.
If you are located in the United Kingdom or European Economic Area, you additionally have the rights of access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent where processing is based on consent. You may also lodge a complaint with your local supervisory authority. We respond to all such requests within one month.
If you are located in California, you have rights under the CCPA/CPRA including the right to know, delete, and opt out of any "sale" or "sharing" of personal information (we do neither).
Vernac operates from the United States. Where personal data is transferred outside the UK or EEA, we and our subprocessors rely on appropriate safeguards such as Standard Contractual Clauses and applicable adequacy decisions.
All data transmitted to and from Vernac is encrypted in transit using TLS 1.2 or higher. Payment data is handled exclusively by Paddle's PCI-compliant infrastructure. We conduct no server-side storage of sensitive data, which means there is no database to breach.
If we make material changes to how we handle your data we will update this page and revise the date at the top. We will not retroactively change how we handle data you have already submitted.
If you have any questions about this policy or how your data is handled, contact us at privacy@vernac.io. We respond to all privacy inquiries within 48 hours.