Skip to content
VeraFrame Docs

FAQ

Is VeraFrame an AI model?

No. VeraFrame is a verification layer that sits on top of an AI model. VeraFrame does not train or fine-tune models and does not replace your existing AI assistant. What it does is compare the AI’s output to your own source material, claim by claim, and produce a trust report you can act on.

Does VeraFrame use AI to check AI?

No. The verification engine is deterministic Python code, not another language model. This is deliberate: chaining two AIs to check each other produces confident mistakes, because the second AI is just as comfortable hallucinating as the first. VeraFrame matches claims against source text, parses numbers, checks dates, and validates schemas — none of which requires AI.

The AI is still used for the generation step (producing the initial output). After that, the validator takes over and is the source of truth for what is and is not verified.

Where does my data go?

It stays in the EU. For SaaS Cloud, all data is stored in an EU-hosted AWS region. For Integration deployments, everything runs in your own cloud account in a region you choose.

VeraFrame does not train on your data, does not send your data to third parties, and does not retain your data beyond the retention windows you configure. See Data retention.

Can VeraFrame use our existing identity provider and access model?

Yes, in customer-specific enterprise deployments. VeraFrame can integrate with your existing JWT/OIDC identity provider, such as Entra ID, and use your roles and claims to determine which source systems a user is allowed to access.

Can VeraFrame restrict which source systems different users can query?

Yes, in enterprise environments. Source groups can be configured with allowed roles, and VeraFrame then fetches data only from the sources the current user is allowed to use. This means VeraFrame processes only data the user is permitted to access.

Can user context be forwarded to downstream REST APIs?

Yes, when needed in enterprise deployments. VeraFrame can forward user identity and data access roles to downstream REST API sources so the receiving system can apply finer-grained authorization. This is configurable per integration and does not replace the downstream service’s own technical authentication.

VeraFrame does not try to become your system of record for document-level authorization. If you need fine-grained access decisions per document, case, contract, or record, the normal enterprise pattern is to place a REST API in front of that content and let the downstream API enforce your existing rights model. VeraFrame then forwards the needed context and integrates into your current operating model instead of replacing it.

How is this different from existing RAG systems?

Retrieval-augmented generation (RAG) helps the AI find relevant documents before it generates text. That improves quality, but it does not verify the output — the AI can still paraphrase incorrectly, hallucinate details the sources did not contain, or mix up numbers from different documents.

VeraFrame does include retrieval (it narrows source material to a relevant slice for each claim), but the key step is what comes after generation: deterministic verification of every factual claim against the exact source passages. RAG plus VeraFrame is much stronger than RAG alone.

Does VeraFrame make my organization EU AI Act compliant?

No — and any vendor telling you their product alone makes you “AI Act compliant” is misleading you. Compliance is a combination of technical and organizational controls. VeraFrame provides a compliance-ready set of technical controls (audit trail, provenance metadata, human oversight, system card, retention). Your organization supplies the process side: risk assessment, role assignment, documentation, incident response.

See Compliance overview for the honest version.

Can I use my own Word or Excel templates?

Yes. Upload a .docx or .xlsx with {{placeholder}} fields. VeraFrame scans for placeholders, lets you set a schema for each, and fills them from verified source material. For fields that must come verbatim from a source (like legal clauses), mark them as whole_block_text so paraphrasing is prevented. See Document templates.

Document templates are part of the Integration and Compliance Edition tiers.

Can I use VeraFrame for content that is not document-like?

Yes. Three of the four modes (Audit, Ask, JSON API) do not produce documents:

  • Audit — verify a chatbot response that has already been produced elsewhere.
  • Ask — get a validated answer to a question without generating a full document.
  • JSON API — produce schema-constrained JSON output for use in integrations and workflows.

Each of these returns the same trust report format. See the relevant User Guide pages.

How does VeraFrame handle multiple source documents that disagree?

It surfaces the disagreement rather than silently choosing one. For example, if two contract versions have different payment terms, VeraFrame detects the conflict, shows both sources, and asks you to pick the correct one before the output is considered final. This is the source conflict detection in the trust report.

What happens when I delete a file or a source group?

The file is removed from your tenant’s storage immediately. Past validations that referenced the file keep a reference (file name, hash, location) in the audit trail so that historical records remain reconstructable, but the file content itself is gone. See Data retention.

Can I try it without committing to a plan?

SaaS Cloud is billed monthly with no long-term contract. Cancellation is available any time from the Stripe billing portal; the tenant continues working until the end of the current billing period. See Billing.

I have a question that is not here

Email michael@veraframe.io.