Frequently asked questions
Common questions. If yours isn't here, email hello@veritus.uk.
- Why was a legitimate user blocked?
-
Look up the check_id at
/dashboard/check/<id>. You'll see exactly which reasons triggered. If it was something like a VPN or shared office IP, you can add an allow rule for that IP. If we got it wrong, drop us the request_id and we'll investigate. - Does Veritus store passwords?
- No. When you send a password, we hash it with SHA-1 locally, send the first 5 hex chars of the hash to HIBP, get a list of breached hashes sharing that prefix back, and check locally. The plaintext password never leaves our server and is never logged.
- What about GDPR?
- Veritus is operated by Transcom Internet Services Ltd in the UK. We process the personal data you send us solely to score signups and detect fraud. We keep scored checks for 90 days then redact personal fields (email, phone, address, IP) while retaining the aggregate score and reasons. You can request earlier deletion of a customer's data by emailing privacy@veritus.uk.
- What's the difference between live and test mode?
-
Test-mode API keys (
vt_test_…) work the same as live keys but their requests don't count toward your monthly quota and show asmode: testin the dashboard. Useful for staging environments, CI, and development. - Can I export my check history?
- CSV export is coming in a future release. For now, contact us and we'll generate one for you. You can also see everything via the dashboard filtered by date range.
- How is the score calculated?
- The v1 scorer is rule-based: sum of weighted reasons, capped at 100. We're collecting labelled production data to train a LightGBM v2 model that will be more nuanced. See Scoring model.
- What's the latency budget?
- P95 sub-500ms is our SLO. P50 is typically ~50ms for rule matches, ~250ms for full vendor enrichment. If a vendor is slow we time out and proceed with the others — we never block a check waiting on a slow vendor.
- What if Veritus is down?
- Decide your fail-open vs fail-closed policy per the server-side guide. Default widget behaviour is fail-open. We aim for 99.9% uptime and post incidents on veritus.uk/status.
- Can I use Veritus to log in existing users?
- Veritus is designed for signup fraud, but the same signals work for login risk — especially detecting password-reuse attacks (PASSWORD_BREACHED) and impossible-travel scenarios (IP_COUNTRY_MISMATCH across consecutive logins). Talk to us about login-protection use cases.
- What's your pricing?
- Free tier: 1,000 checks/month. Paid plans start at small monthly fees with check-volume tiers. Email hello@veritus.uk for current pricing.
Found a typo or have a suggestion?
Let us know.