Privacy policy

Last updated: June 12, 2026

Verbasil is a business memory: a service that helps teams preserve and retrieve their organization's knowledge. We take the protection of your personal data seriously. This policy explains what data we collect, why we process it, and the rights you have.

Data controller

The data controller is PHRNL, a French sole proprietorship (SIREN 821 176 872) represented by Phrenel Lawson, founder of Verbasil. Contact: contact@verbasil.com.

Data we collect

  • Email address: when you join the waitlist or create an account.
  • Imported content: documents, notes and other content you voluntarily import into your business memory.
  • Usage data: audience and product analytics via PostHog (pages viewed, actions performed), in line with the consent choices described in our cookie policy.

Legal bases

  • Consent: cookie-based analytics, waitlist communications.
  • Performance of a contract: creating and managing your account, providing the business memory service.
  • Legitimate interest: service security, abuse prevention, anonymous cookieless measurement, product improvement.

Retention periods

  • Waitlist email: up to 3 years after your last interaction, or until you unsubscribe.
  • Account data and imported content: for the lifetime of your account, then deleted within 30 days of account closure (except where retention is legally required).
  • Usage data: a maximum of 13 months for data tied to analytics cookies.
  • Technical and security logs: a maximum of 12 months.

Your rights

Under the GDPR, you have the rights of access, rectification, erasure, portability and objection regarding your personal data, as well as the right to withdraw your consent at any time. To exercise these rights, write to contact@verbasil.com. You may also lodge a complaint with the French supervisory authority, the CNIL (cnil.fr).

Processors and recipients

We rely on the following processors, strictly to the extent necessary to operate the service:

  • Vercel (website and application hosting)
  • Supabase (database and authentication)
  • Trigger.dev (background processing)
  • Anthropic and OpenAI (AI processing)
  • Sentry (technical error monitoring)
  • PostHog (analytics and product insights)

We never sell your personal data. Where processors are located outside the European Union, transfers are governed by appropriate safeguards, in particular the European Commission's standard contractual clauses.

Security

We implement reasonable technical and organizational measures to protect your data (encryption in transit, access control, environment isolation).

Changes

This policy may change over time. In the event of a substantial change, we will inform you on the Site or by email.