← BackRequest verification

Legal

Last updated: January 15, 2026

Privacy Policy

Our Commitment

AcidTest exists to provide confidential verification when you can't ask publicly. Privacy isn't marketing theater—it's the foundation of our service.

This policy explains exactly what we collect, how we protect it, and when we delete it.

What We Collect

Payment Information

When you purchase a verification, Stripe (our payment processor) collects:

  • Credit card information (we never see or store this)
  • Billing address
  • Email address for receipts

Retention: Stripe retains payment records for 7 years to comply with financial regulations. We have no control over this legal requirement.

Verification Submissions

When you submit a verification request, we collect:

  • Your email address (for delivery)
  • Your description of what needs verification
  • Any files you upload (images, audio, video, documents)
  • Context you provide about the situation

Critical: All of this data is encrypted in your browser before it ever reaches our servers.

How We Protect Your Data

Client-Side Encryption

Your verification data is encrypted before transmission using:

  • Algorithm: AES-256-GCM (industry standard, military-grade)
  • Key derivation: PBKDF2 with 100,000 iterations
  • Implementation: Web Crypto API (SubtleCrypto) - runs entirely in your browser

This means:

  • We never see your unencrypted data during transmission
  • Our database only contains encrypted ciphertext
  • Even if our database was compromised, your data remains encrypted
  • Only authorized analysts with the decryption key can read submissions

Data Storage

Encrypted submissions are stored in Airtable with:

  • TLS encryption in transit
  • Encrypted at rest in Airtable's infrastructure
  • Access restricted to authorized personnel only
  • Automatic deletion scheduled from moment of submission

Automated Deletion

Your data is automatically deleted after 7 days. No exceptions.

Here's how it works:

  1. 1.When you submit a verification, a deletion date is calculated (submission date + 7 days)
  2. 2.Our automated cron job runs daily at midnight UTC
  3. 3.Any records past their deletion date are permanently removed
  4. 4.You receive an email confirmation when your data is destroyed

What gets deleted:

  • All encrypted submission data
  • Uploaded files
  • Email addresses (except for Stripe payment records)
  • Verification status and metadata

What we keep:

  • Aggregate statistics (total verifications count) - no personal information
  • Stripe payment records (legally required for 7 years)

What We Don't Do

  • No AI training: Your submissions are never used to train AI models or machine learning systems
  • No third-party sharing: We never sell, rent, or share your data with advertisers, data brokers, or analytics companies
  • No tracking: We use Fathom Analytics for aggregate traffic statistics only—no personal data collected, no cookies, no cross-site tracking
  • No retention beyond 7 days: We don't keep "anonymized" copies or backups of your submissions
  • No government access without warrant: We would require a valid legal warrant before disclosing any data, and we'd notify you unless legally prohibited

Legal Compliance

GDPR (European Union)

If you're in the EU, you have the right to:

  • Access: Request a copy of your data (contact us within the 7-day window)
  • Deletion: Request immediate deletion (contact us anytime)
  • Portability: Receive your data in machine-readable format
  • Objection: Object to processing (though this would prevent verification delivery)

CCPA (California)

If you're in California, you have the right to:

  • Know what personal information we collect
  • Delete your personal information (automatic after 7 days, or on request)
  • Opt-out of sale of personal information (we never sell your data)

Law Enforcement Requests

If we receive a legal request for your data, we will:

  • Verify the request is legally valid
  • Notify you unless prohibited by law
  • Provide only the minimum data required by the request
  • Challenge overly broad requests

Terms of Service

Service Description

AcidTest provides manual verification of discrete artifacts (messages, profiles, documents, credentials) submitted for independent examination.

This is procedural verification infrastructure. We document what can be determined through independent examination—we do not certify truth or guarantee outcomes.

Scope and Limitations

What we verify:

  • Messages and communications (emails, texts, voice notes)
  • Profiles and identities (social media, business profiles)
  • Documents and media (screenshots, PDFs, images, recordings)
  • Credential claims (employment, authority, expertise)

What we do not verify:

  • Abstract or subjective claims
  • Legal or medical matters requiring licensed professional judgment
  • Active disputes or interpersonal conflicts
  • General research or publicly available information
  • Emotional reassurance or validation
  • Predictive or speculative assessments
  • Bulk processing or ongoing monitoring
  • Requests requiring public arbitration or truth certification

See the full list at What AcidTest Will Not Verify.

Acceptance and Refusal

We review all submissions before acceptance. Out-of-scope requests are declined promptly without charge.

Acceptance does not guarantee any particular outcome. We evaluate what can be independently examined and document our findings.

Pricing and Payment

  • Flat rate: $100 per accepted verification
  • Payment processed through Stripe before work begins
  • No refunds after verification work has started
  • Declined submissions are not charged

Turnaround Time

Target turnaround: 12-18 hours after acceptance.

Actual timing depends on submission complexity and current capacity. We do not guarantee specific delivery times.

Report Confidentiality

Verification reports are produced for your private use only.

Reports are not designed for:

  • Legal proceedings or court submissions
  • Public disputes or third-party arbitration
  • Expert witness testimony
  • Official certification purposes

You may not publish, redistribute, or publicly cite AcidTest reports or findings.

Liability Limitations

AcidTest provides documented verification process, not truth certification.

We do not guarantee:

  • Accuracy of conclusions
  • Specific outcomes
  • Protection from harm or fraud
  • Legal defensibility of findings

Our liability is limited to refund of the verification fee. We are not liable for any consequential, indirect, or incidental damages arising from use of our service.

The value of this service is process documentation, not outcome guarantee. Being wrong with a documented process is preferable to being right by intuition.

Data Retention

All submission data is automatically deleted after 7 days. See Privacy Policy above for details.

We do not maintain archives, backups, or "anonymized" copies of your submissions beyond this period.

Right to Refuse Service

We reserve the right to:

  • Decline any submission for any reason
  • Refuse service to any individual
  • Terminate service if Terms are violated
  • Modify scope or pricing with notice

Service Availability

AcidTest operates with intentionally limited capacity. Service may be unavailable due to:

  • Current submission volume
  • Analyst availability
  • Technical maintenance
  • Strategic service pauses

Limited availability is not a defect—it reflects our operational model.

Changes to Terms

We may update these Terms at any time. Changes take effect immediately upon posting. Continued use of the service constitutes acceptance of updated Terms.

Material changes will be noted with updated "Last updated" date at the top of this page.

Governing Law

These Terms are governed by the laws of South Korea. Any disputes will be resolved in the courts of Jeju Special Self-Governing Province.

Contact

Questions about these Terms or Privacy Policy?

Email: hello@acidtest.co

We respond to all inquiries within 48 hours.