Privacy Policy

1. Who We Are

Carat is a point-of-sale, customer relationship management, and inventory application for independent jewelry retailers, developed and operated by Veriluxe, Inc. ("we," "us," or "our"). This Privacy Policy explains how we collect, use, and protect information when you use the Carat iOS app.

2. Information We Collect

Information You Provide

When you use Carat, you may enter the following types of information:

• Store information — store name, address, phone number, email address
• Staff information — employee names, roles, contact details, and PIN codes
• Customer information — names, addresses, phone numbers, email addresses, purchase history, and notes you add
• Inventory data — item descriptions, serial numbers, SKUs, pricing, and vendor information
• Sales records — transaction amounts, payment methods, dates, and salesperson attribution
• Repair and layaway records — item descriptions, payment schedules, and status notes

Automatically Collected Information

• Device information — iOS version and device type, collected to ensure app compatibility
• Crash reports — anonymous error logs to help us fix bugs, collected only if you have opted in to share diagnostics with developers in your iOS settings

Information We Do Not Collect

• We do not collect or store full payment card numbers. Card processing is handled directly by Authorize.net under their own privacy and security standards (PCI-DSS compliant).
• We do not collect biometric data, location data, or browsing history.

3. How We Use Your Information

We use the information entered into Carat solely to provide the features of the app:

• To display your store's sales, inventory, customer, and repair records
• To process payment transactions through Authorize.net
• To provide AI-assisted item valuations through the FACET Valuation Engine (powered by Anthropic). Valuation queries are sent to Anthropic's API and are subject to Anthropic's Privacy Policy
• To generate reports, receipts, and summaries for your internal business use
• To improve app performance and fix bugs

4. Data Storage and Security

Your store's data is stored locally on your device using iOS secure storage (Keychain for credentials, local app storage for records). Data is encrypted at rest by iOS using AES-256.

API keys and authentication tokens are stored in Apple Keychain and are never transmitted to Veriluxe servers. All network communication uses HTTPS (TLS 1.2 / 1.3).

We recommend enabling device passcode and Face ID / Touch ID on any device used to run Carat to protect access to your store's records.

5. Third-Party Services

Carat integrates with the following third-party services. Each has its own privacy policy:

• Authorize.net (payment processing) — authorize.net/about-us/privacy
• Anthropic (FACET Valuation Engine) — anthropic.com/privacy
• Veriluxe Theft Network (stolen item database lookups) — governed by your Veriluxe subscriber agreement

We do not sell, rent, or share your data with any other third parties for advertising or marketing purposes.

6. Your Customers' Data

When you enter customer information into Carat, you are the data controller for that information. You are responsible for ensuring you have the appropriate basis to collect and store your customers' personal information, and for complying with any applicable privacy laws in your jurisdiction (including CCPA, GDPR, or similar).

We act as a data processor for customer records stored through our cloud infrastructure, and we will not access, use, or disclose your customers' personal data except as required to provide the service or as required by law.

7. Data Retention and Deletion

Your store's data remains on your device for as long as the app is installed. You may delete all locally stored data at any time by deleting the Carat app from your device.

To request deletion of any data held on Veriluxe servers, contact us at the address below. We will respond within 30 days.

8. Children's Privacy

Carat is a business application intended for use by adults. We do not knowingly collect personal information from anyone under the age of 13. If you believe a child has provided information through the app, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify users through a notice in the app. Your continued use of Carat after changes are posted constitutes acceptance of the updated policy.