Privacy Policy
Last updated: March 2026
Verdict is a compliance tool built for healthcare IT. We understand that privacy is not optional in this industry — it's a regulatory requirement and a moral obligation. This policy explains exactly what data Verdict collects, where it's stored, and what we do (and don't do) with it. We aim to be specific and transparent, because healthcare compliance teams deserve better than vague legalese.
What Verdict collects
CLI (local data)
When you use the Verdict CLI, it captures session metadata to build Change Records for compliance evidence. This includes:
- Developer email (from git config)
- AI agent name and model version
- Git branch, repository name, and commit hashes
- Session timestamps (start, end, duration)
- File paths modified during the session
- Command metadata (tool names, not full command content)
All of this data is stored locally on your machine in a SQLite database at ~/.verdict/verdict.db. It is never sent anywhere unless you explicitly push records to a shared server.
PHI detection and redaction
Verdict scans session data for patterns that match Protected Health Information (PHI) as defined by the HIPAA Safe Harbor method (18 identifier categories). When PHI patterns are detected, they are automatically redacted before storage. Verdict records that PHI was detected — the type, the file path, and a confidence score — but never stores the actual PHI content. This is by design, not configuration.
Telemetry (anonymous, opt-out)
Verdict collects minimal, anonymous usage analytics to help us improve the product. Telemetry events include:
- Install and update events
- Verdict version number
- Operating system and architecture
- SHA-256 hashed user identity (for unique counting — we cannot reverse this to identify you)
Telemetry never includes session content, file paths, prompt text, or any data from your Change Records.
Opt out anytime
Run verdict config set telemetry false or set the environment variable VERDICT_NO_TELEMETRY=1. Telemetry stops immediately. No data is sent after opt-out.
Server (optional, team features)
When developers choose to push Change Records to a shared Verdict server for team visibility, those records are stored in an encrypted PostgreSQL database. Access is controlled via API keys and GitHub OAuth. The server is optional — Verdict works entirely locally without it.
Website
The Verdict website (get-verdict.com) uses standard web analytics to understand traffic and improve our content. We do not use tracking cookies.
What Verdict never collects
These are hard constraints in our architecture, not just policy decisions. Verdict is designed so that this data cannot be captured even if misconfigured:
Verdict captures metadata about what happened during a coding session — not the content itself. We record that a file was modified, not what was in it. We record that a prompt was sent, not what it said.
Data storage and security
Local storage
Change Records are stored in a SQLite database at ~/.verdict/verdict.db on the developer's machine. This file is readable only by the user who created it (standard filesystem permissions). No network access is required for local operation.
Server storage
When using the optional shared server, data is hosted on AWS in the us-east-1 region. All data is encrypted at rest using AWS KMS and encrypted in transit using TLS 1.2 or higher. Infrastructure is provisioned via Terraform with security-hardened configurations.
Data retention
Data retention is configurable by the customer. The default retention period is 90 days. Local data persists until the developer deletes it. Server data follows the retention policy configured by the team administrator.
Data sharing
We never sell your data. Period.
Verdict does not share data with any third parties except GRC (Governance, Risk, and Compliance) platforms that the customer explicitly configures. These integrations — such as Vanta, Drata, and Secureframe — are opt-in, customer-controlled, and only transmit the compliance evidence data that the customer chooses to sync.
When Jira integration is configured, Verdict reads ticket metadata (ticket ID, status, assignee) to link Change Records to work items. Verdict never writes to Jira or modifies any external system without explicit user action.
HIPAA considerations
Verdict is designed for use in HIPAA-regulated environments. Our approach to PHI follows the principle of minimum necessary access:
- PHI detection uses pattern matching against all 18 HIPAA Safe Harbor identifiers
- Detected PHI is redacted before storage — Verdict records the type and location of PHI, never the content
- PHI hashes (SHA-256) may be stored for audit trail purposes, but original values are never persisted
- All local storage defaults are designed to be safe without any configuration
- No PHI is ever transmitted over the network by the CLI
For customers requiring a Business Associate Agreement (BAA) for the shared server component, please contact us at info@get-verdict.com.
Your rights
Access and delete local data
Run verdict sessions to list all stored Change Records. You have full control over your local data through the Verdict CLI. You can inspect, export, and delete any records at any time.
Opt out of telemetry
Telemetry can be disabled at any time with verdict config set telemetry false or by setting VERDICT_NO_TELEMETRY=1. This takes effect immediately.
Request server data deletion
To request deletion of data stored on a shared Verdict server, contact us at info@get-verdict.com. We will process deletion requests within 30 days.
Changes to this policy
We may update this privacy policy as Verdict evolves. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes that affect how we handle data, we will notify users through the CLI or via email.
Questions?
If you have questions about this privacy policy or how Verdict handles data, we're happy to provide details.
info@get-verdict.comget-verdict.com