ArtifactVerify – Privacy Policy

Last Updated: December 26, 2025

ArtifactVerify (“we,” “our,” or “us”) provides AI-assisted artifact analysis services, including PointCheck – Full Analysis and PointCheck – Quick Image Check. We value your privacy and design our systems to minimize data collection while still enabling secure, verifiable artifact assessments.

This Privacy Policy explains what information we collect, how we use it, and the choices you have. If you have any questions, please contact us at support@artifactverify.com. We do not maintain a physical office address accessible to the public.

1. Information We Collect

1.1 Uploaded Artifact Images

PointCheck – Full Analysis

High-resolution images:
- Stored permanently only if the user opts in
- Otherwise stored temporarily only long enough to process the AI analysis and display your initial report
Thumbnail images:
- Stored in Upstash Redis
- Used for public verification pages and support
- Retained permanently unless the user requests deletion

PointCheck – Quick Image Check

Thumbnail images only are stored in Redis for public verification and support purposes.

We do not collect or store biometric identifiers or personal facial data. Images are strictly used for artifact evaluation.

1.2 Public Verification Page Data

For each analysis, a public verification page may store:

Thumbnail image
Analysis summary
Typology classification
Authenticity probability score
Date of analysis
SHA-256 image hash (to lock the report to the original image set)

This data is publicly accessible via the QR code generated for the report.

Verification pages are retained indefinitely unless the owner requests deletion.

1.3 Email Addresses

PointCheck – Quick Check (Free Tier)

Email required: As consideration for using our free service, you must provide a valid email address.
Storage: Your email is stored in our system until you request deletion.
How we use it: We use your email for delivering analysis reports, verification codes, service communications (account updates, security notices, terms changes), and marketing communications about PointCheck products and services.
Marketing: By using the free service, you consent to receiving marketing emails. All marketing emails include an unsubscribe link.

PointCheck – Full Analysis (Paid)

Email optional: Email is only collected if you choose to have your PDF report sent via email.
Transactional only: Your email is passed directly to Resend to deliver the report and is not stored in our system.
No marketing: Full Analysis customers are not enrolled in marketing communications unless they separately use the free Quick Check service.

Third-party sharing: We do not sell or rent your email address to third parties. We use email service providers (Resend, ImprovMX) to deliver messages on our behalf; these providers may not use your information for their own purposes.

1.4 Payment Data

Payments are processed by Stripe.

We do not store:

Credit card numbers
Billing addresses
Stripe customer records

We only receive limited, non-sensitive metadata needed for technical support (e.g., transaction success/failure).

1.5 IP Addresses & Basic Request Logs

Our hosting provider, Vercel, automatically logs IP address, browser metadata, and request timestamps. These logs are standard for security, abuse prevention, and troubleshooting.

We do not use this data for tracking or profiling.

1.6 Timestamps & Technical Metadata

We store timestamps, SHA-256 image hashes, and performance/debug data for:

Ensuring accuracy
Supporting billing or payment issues
Verifying that reports match their original image sets

These may be retained permanently for security and verification purposes.

2. No Analytics or Tracking

ArtifactVerify does not use:

Google Analytics
Vercel Analytics
Tracking cookies
Pixel trackers

We do not perform behavioral tracking or sell data.

3. How We Use Your Information

Performing AI-based analysis of artifacts
Generating verification pages for buyers/sellers
Providing customer support
Debugging and ensuring technical reliability
Billing and transaction verification
Maintaining a publicly verifiable, tamper-resistant record of the analysis via image hashing

We do not use user data for advertising, user profiling, or resale.

5. Public Verification Pages

Reports accessible via QR code include only:

Thumbnail
Summary of analysis
Typology
Authenticity probability
SHA-256 hash
Date

High-resolution images are never posted publicly unless the user explicitly opts in. Verification pages remain public indefinitely unless you request deletion.

6. Data Retention

High-Resolution Images

Permanently retained only if the user opted in
Otherwise deleted immediately after the AI analysis completes

Thumbnails and Reports

Retained permanently, unless the user requests deletion

SHA-256 Hashes

Retained permanently to maintain verifiable report integrity

Email Addresses

Free Tier Quick Check: Stored until user requests deletion
Full Analysis: Not stored (passed directly to email provider for delivery)

Technical Logs

Retained according to hosting provider’s standard retention period

7. Data Deletion Requests

7.1 How to Request Deletion

To request deletion of your data, email support@artifactverify.com with your request. We will respond within 30 days.

7.2 Report Deletion

You may request deletion of your public report by providing the Report ID and the Verification Token included in your original PDF Analysis Report. This ensures only the rightful owner can request deletion.

7.3 Email Deletion

Free Tier Quick Check: You may request deletion of your email address at any time. We will remove your email from our system and unsubscribe you from all communications.
Images remain: Email deletion does not require deletion of your submitted images. Once anonymized (stripped of personal identifiers), images are no longer linked to you and may be retained for analysis verification or training purposes per your original consent.

7.4 What Cannot Be Deleted

Deletion requests do not apply to:

Stripe billing records (required by law)
SHA-256 hashes needed to maintain system integrity (but the public page can be removed)
Anonymized images already included in training datasets (cannot be individually identified or removed)

8. Children’s Privacy

Users under 18 must have consent from a parent or legal guardian. We voluntarily minimize data collection and do not knowingly collect personal information from children without consent.

9. Security

We use modern security practices including:

HTTPS enforcement
Access controls
Secure cloud storage (AWS S3, Upstash Redis)
SHA-256 hashing for tamper-resistant verification
Industry-standard provider security (Vercel, Stripe, Anthropic)

No system is 100% secure, but we take reasonable measures to protect your information.

10. Jurisdiction

This Privacy Policy is governed by the laws of the United States – Alabama. Any disputes will be resolved under Alabama law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are significant, we will notify users by updating the “Last Updated” date at the top.

12. Contact

For privacy questions, deletion requests, or other concerns, contact: support@artifactverify.com

13. Machine Learning and Model Improvement

With your explicit consent (via the data usage checkbox during upload), your uploaded artifact images may be used to improve our AI analysis capabilities:

13.1 Consent-Based Collection

Opt-in only: Training data collection requires your explicit consent via the checkbox before upload. You can use PointCheck without consenting to data usage.
Free tier requirement: Free Quick Check assessments require consent as consideration for the free service.

13.2 How Data Is Used

Accuracy improvement: Images are used to improve our evidence-based verification algorithms, making assessments more accurate.
Model training: Anonymized images may be used to train or fine-tune AI models for better artifact analysis.
Research: Aggregated, anonymized data may be used for academic research on lithic analysis and authentication.

13.3 Anonymization

Before inclusion in any training dataset, images are stripped of all personal identifiers:

No email addresses, names, or account information retained
No IP addresses or location data attached
Images assigned random identifiers with no link to original submitter
EXIF metadata removed

13.4 Retention for Training

Consented images may be retained indefinitely in anonymized form for training purposes, even if you later request deletion of your public report. The anonymized training data cannot be linked back to you.

14. Anonymized Dataset Licensing

Anonymized datasets created from consented uploads may be shared with or licensed to third parties:

14.1 Permitted Recipients

Academic institutions: Universities and research organizations studying lithic analysis, archaeology, or authentication methodologies.
Research partners: Organizations collaborating on artifact authentication research and technology advancement.
Commercial partners: Companies developing tools or services that advance the study of lithics and artifact authentication.

14.2 Dataset Contents

Shared datasets contain only:

Anonymized artifact images
Analysis labels (authenticity assessment, typology, material)
No personal identifiers, email addresses, or account information

14.3 Your Rights

No royalties or compensation: By consenting to data usage, you waive any claim to royalties or compensation from dataset licensing.
Non-reversible anonymization: Once anonymized and included in a dataset, images cannot be individually identified or removed.
Opt-out of future collection: You can decline the consent checkbox on future uploads to prevent additional images from being collected.

14.4 Revenue Use

Any revenue generated from dataset licensing is used to support continued development of PointCheck, improve analysis accuracy, and maintain free tier availability.

Loading…

ArtifactVerify – Privacy Policy

Last Updated: December 26, 2025

1. Information We Collect

1.1 Uploaded Artifact Images

PointCheck – Full Analysis

High-resolution images:
- Stored permanently only if the user opts in
- Otherwise stored temporarily only long enough to process the AI analysis and display your initial report
Thumbnail images:
- Stored in Upstash Redis
- Used for public verification pages and support
- Retained permanently unless the user requests deletion

PointCheck – Quick Image Check

Thumbnail images only are stored in Redis for public verification and support purposes.

We do not collect or store biometric identifiers or personal facial data. Images are strictly used for artifact evaluation.

1.2 Public Verification Page Data

For each analysis, a public verification page may store:

Thumbnail image
Analysis summary
Typology classification
Authenticity probability score
Date of analysis
SHA-256 image hash (to lock the report to the original image set)

This data is publicly accessible via the QR code generated for the report.

Verification pages are retained indefinitely unless the owner requests deletion.

1.3 Email Addresses

PointCheck – Quick Check (Free Tier)

Email required: As consideration for using our free service, you must provide a valid email address.
Storage: Your email is stored in our system until you request deletion.
How we use it: We use your email for delivering analysis reports, verification codes, service communications (account updates, security notices, terms changes), and marketing communications about PointCheck products and services.
Marketing: By using the free service, you consent to receiving marketing emails. All marketing emails include an unsubscribe link.

PointCheck – Full Analysis (Paid)

Email optional: Email is only collected if you choose to have your PDF report sent via email.
Transactional only: Your email is passed directly to Resend to deliver the report and is not stored in our system.
No marketing: Full Analysis customers are not enrolled in marketing communications unless they separately use the free Quick Check service.

1.4 Payment Data

Payments are processed by Stripe.

We do not store:

Credit card numbers
Billing addresses
Stripe customer records

We only receive limited, non-sensitive metadata needed for technical support (e.g., transaction success/failure).

1.5 IP Addresses & Basic Request Logs

Our hosting provider, Vercel, automatically logs IP address, browser metadata, and request timestamps. These logs are standard for security, abuse prevention, and troubleshooting.

We do not use this data for tracking or profiling.

1.6 Timestamps & Technical Metadata

We store timestamps, SHA-256 image hashes, and performance/debug data for:

Ensuring accuracy
Supporting billing or payment issues
Verifying that reports match their original image sets

These may be retained permanently for security and verification purposes.

3. How We Use Your Information

Performing AI-based analysis of artifacts
Generating verification pages for buyers/sellers
Providing customer support
Debugging and ensuring technical reliability
Billing and transaction verification
Maintaining a publicly verifiable, tamper-resistant record of the analysis via image hashing

We do not use user data for advertising, user profiling, or resale.

6. Data Retention

High-Resolution Images

Permanently retained only if the user opted in
Otherwise deleted immediately after the AI analysis completes

Thumbnails and Reports

Retained permanently, unless the user requests deletion

SHA-256 Hashes

Retained permanently to maintain verifiable report integrity

Email Addresses

Free Tier Quick Check: Stored until user requests deletion
Full Analysis: Not stored (passed directly to email provider for delivery)

Technical Logs

Retained according to hosting provider’s standard retention period

7. Data Deletion Requests

7.1 How to Request Deletion

To request deletion of your data, email support@artifactverify.com with your request. We will respond within 30 days.

7.2 Report Deletion

7.3 Email Deletion

Free Tier Quick Check: You may request deletion of your email address at any time. We will remove your email from our system and unsubscribe you from all communications.
Images remain: Email deletion does not require deletion of your submitted images. Once anonymized (stripped of personal identifiers), images are no longer linked to you and may be retained for analysis verification or training purposes per your original consent.

7.4 What Cannot Be Deleted

Deletion requests do not apply to:

Stripe billing records (required by law)
SHA-256 hashes needed to maintain system integrity (but the public page can be removed)
Anonymized images already included in training datasets (cannot be individually identified or removed)

9. Security

We use modern security practices including:

HTTPS enforcement
Access controls
Secure cloud storage (AWS S3, Upstash Redis)
SHA-256 hashing for tamper-resistant verification
Industry-standard provider security (Vercel, Stripe, Anthropic)

No system is 100% secure, but we take reasonable measures to protect your information.

13. Machine Learning and Model Improvement

With your explicit consent (via the data usage checkbox during upload), your uploaded artifact images may be used to improve our AI analysis capabilities:

13.1 Consent-Based Collection

Opt-in only: Training data collection requires your explicit consent via the checkbox before upload. You can use PointCheck without consenting to data usage.
Free tier requirement: Free Quick Check assessments require consent as consideration for the free service.

13.2 How Data Is Used

Accuracy improvement: Images are used to improve our evidence-based verification algorithms, making assessments more accurate.
Model training: Anonymized images may be used to train or fine-tune AI models for better artifact analysis.
Research: Aggregated, anonymized data may be used for academic research on lithic analysis and authentication.

13.3 Anonymization

Before inclusion in any training dataset, images are stripped of all personal identifiers:

No email addresses, names, or account information retained
No IP addresses or location data attached
Images assigned random identifiers with no link to original submitter
EXIF metadata removed

13.4 Retention for Training

14. Anonymized Dataset Licensing

Anonymized datasets created from consented uploads may be shared with or licensed to third parties:

14.1 Permitted Recipients

Academic institutions: Universities and research organizations studying lithic analysis, archaeology, or authentication methodologies.
Research partners: Organizations collaborating on artifact authentication research and technology advancement.
Commercial partners: Companies developing tools or services that advance the study of lithics and artifact authentication.

14.2 Dataset Contents

Shared datasets contain only:

Anonymized artifact images
Analysis labels (authenticity assessment, typology, material)
No personal identifiers, email addresses, or account information

14.3 Your Rights

No royalties or compensation: By consenting to data usage, you waive any claim to royalties or compensation from dataset licensing.
Non-reversible anonymization: Once anonymized and included in a dataset, images cannot be individually identified or removed.
Opt-out of future collection: You can decline the consent checkbox on future uploads to prevent additional images from being collected.

14.4 Revenue Use

Any revenue generated from dataset licensing is used to support continued development of PointCheck, improve analysis accuracy, and maintain free tier availability.

1. Information We Collect

1.1 Uploaded Artifact Images

PointCheck – Full Analysis

PointCheck – Quick Image Check

1.2 Public Verification Page Data

1.3 Email Addresses

PointCheck – Quick Check (Free Tier)

PointCheck – Full Analysis (Paid)

1.4 Payment Data

1.5 IP Addresses & Basic Request Logs

1.6 Timestamps & Technical Metadata

2. No Analytics or Tracking

3. How We Use Your Information

4. How We Share Information

5. Public Verification Pages

6. Data Retention

High-Resolution Images

Thumbnails and Reports

SHA-256 Hashes

Email Addresses

Technical Logs

7. Data Deletion Requests

7.1 How to Request Deletion

7.2 Report Deletion

7.3 Email Deletion

7.4 What Cannot Be Deleted

8. Children’s Privacy

9. Security

10. Jurisdiction

11. Changes to This Policy

12. Contact

13. Machine Learning and Model Improvement

13.1 Consent-Based Collection

13.2 How Data Is Used

13.3 Anonymization

13.4 Retention for Training

14. Anonymized Dataset Licensing

14.1 Permitted Recipients

14.2 Dataset Contents

14.3 Your Rights

14.4 Revenue Use

1. Information We Collect

1.1 Uploaded Artifact Images

PointCheck – Full Analysis

PointCheck – Quick Image Check

1.2 Public Verification Page Data

1.3 Email Addresses

PointCheck – Quick Check (Free Tier)

PointCheck – Full Analysis (Paid)

1.4 Payment Data

1.5 IP Addresses & Basic Request Logs

1.6 Timestamps & Technical Metadata

2. No Analytics or Tracking

3. How We Use Your Information

4. How We Share Information

5. Public Verification Pages

6. Data Retention

High-Resolution Images

Thumbnails and Reports

SHA-256 Hashes

Email Addresses

Technical Logs

7. Data Deletion Requests

7.1 How to Request Deletion

7.2 Report Deletion

7.3 Email Deletion

7.4 What Cannot Be Deleted

8. Children’s Privacy

9. Security

10. Jurisdiction

11. Changes to This Policy

12. Contact

13. Machine Learning and Model Improvement

13.1 Consent-Based Collection

13.2 How Data Is Used

13.3 Anonymization

13.4 Retention for Training

14. Anonymized Dataset Licensing

14.1 Permitted Recipients

14.2 Dataset Contents