Legal
Privacy Policy
Last updated: February 2026
Overview
Verbal is an AI spend intelligence platform. This policy describes how we collect, use, and protect information when you use our service.
Data We Collect
We collect usage data you explicitly import or capture through our integrations (API keys, Claude exports, browser extension activity). This includes prompt metadata, token counts, and cost estimates. By default, Verbal captures prompt content with automatic redaction of secrets and personal information (API keys, emails, passwords, etc.). You can disable prompt capture entirely by setting VERBAL_CAPTURE_MODE=usage in your MCP configuration — this limits tracking to token counts and cost only.
How We Use Your Data
Your data is used solely to provide the Verbal service — spend tracking, ROI analysis, and prompt coaching. We do not sell your data to third parties or use it to train AI models.
Data Security
All data is encrypted at rest using AES-256-GCM. We use Supabase (PostgreSQL) with row-level security policies ensuring you can only access your own data. Prompt content, if stored, is encrypted with per-user envelope encryption.
Contact
Questions? Email sales@getverbal.ai. This policy will be updated as the product evolves.