Privacy Policy

1. Introduction

VeriPlus Limited ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our compliance verification platform ("the Service").

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are registered with the Information Commissioner's Office (ICO) as a data controller.

2. Data Controller

VeriPlus Limited is the data controller responsible for your personal data. You can contact our Data Protection Officer at:

3. Information We Collect

3.1 Information You Provide

We collect information that you directly provide to us:

• Account Information: Name, email address, company name, password
• Billing Information: Payment card details (processed securely by Stripe), billing address
• Verification Data: Information you submit for verification checks, including personal data of individuals being verified
• Communications: Messages, support requests, and feedback you send us

3.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Usage Data: IP address, browser type, device information, pages visited, features used
• Log Data: Access times, API requests, system events, error logs
• Authentication Data: Login attempts, session information, security events
• Cookies: See our Cookie Policy below for details

3.3 Information from Third Parties

We may receive information from third-party services:

• Verification Providers: Data from identity verification and AML screening databases
• Payment Processors: Transaction information from Stripe
• Analytics Providers: Usage statistics and performance data

4. How We Use Your Information

We process your personal data only when we have a lawful basis. We use your information for:

4.1 Service Provision (Contract Performance)

• Creating and managing your account
• Processing verification requests
• Providing customer support
• Processing payments and managing subscriptions

4.2 Legal Compliance

• Complying with legal obligations (AML, KYC regulations)
• Preventing fraud and ensuring security
• Maintaining audit trails and records
• Responding to legal requests and law enforcement

4.3 Legitimate Interests

• Improving our Service and developing new features
• Analyzing usage patterns and service performance
• Sending service updates and important notices
• Protecting our systems and preventing abuse

4.4 Consent

• Sending marketing communications (you can opt out anytime)
• Using cookies for analytics and preferences
• Processing special categories of data when required

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

5.1 Service Providers

• Cloud Hosting: DigitalOcean (infrastructure hosting)
• Payment Processing: Stripe (payment transactions)
• Verification Services: Dataspike (identity and AML checks)
• Email Services: Resend (transactional emails)

All service providers are bound by data processing agreements and only process data on our instructions.

5.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal process or government requests
• Enforce our Terms of Service
• Protect our rights, property, or safety
• Prevent fraud or security threats

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

6. International Data Transfers

Your data is primarily stored and processed in the United Kingdom and European Economic Area (EEA). If we transfer data outside these regions, we ensure appropriate safeguards through:

• Standard Contractual Clauses approved by the UK ICO
• Adequacy decisions by the UK government
• Privacy Shield frameworks or equivalent mechanisms

7. Data Retention

We retain your personal data only for as long as necessary:

• Account Data: Until you close your account, plus 90 days for backup recovery
• Verification Records: 7 years from verification date (legal requirement for AML compliance)
• Transaction Data: 7 years for tax and accounting purposes
• Marketing Data: Until you unsubscribe or 3 years of inactivity
• Log Data: 12 months for security and troubleshooting

After retention periods expire, we securely delete or anonymize your data.

8. Your Data Protection Rights

Under UK GDPR, you have the following rights:

8.1 Right of Access

You can request a copy of your personal data we hold. We will respond within one month.

8.2 Right to Rectification

You can request corrections to inaccurate or incomplete data.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your data, subject to legal retention requirements.

8.4 Right to Restriction

You can request that we limit how we use your data in certain circumstances.

8.5 Right to Data Portability

You can request your data in a structured, machine-readable format for transfer to another provider.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal or similarly significant effects.

To exercise these rights, contact us at [email protected]. We may need to verify your identity before processing requests.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption: Data in transit (TLS 1.3) and at rest (AES-256)
• Access Control: Role-based access, multi-factor authentication, audit logs
• Infrastructure: Secure cloud hosting, regular security patches, firewalls
• Monitoring: 24/7 security monitoring, intrusion detection, incident response
• Personnel: Background checks, confidentiality agreements, security training
• Testing: Regular security audits, penetration testing, vulnerability assessments

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security but commit to following industry best practices.

10. Cookies and Tracking Technologies

10.1 What Are Cookies

Cookies are small text files stored on your device that help us provide and improve our Service.

10.2 Types of Cookies We Use

• Essential Cookies: Required for authentication and core functionality
• Preference Cookies: Remember your settings (language, dark mode)
• Analytics Cookies: Help us understand how you use our Service
• Security Cookies: Detect and prevent fraudulent activity

10.3 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may limit Service functionality.

11. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately, and we will delete the information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the updated policy on our website
• Updating the "Last updated" date
• Sending email notification for material changes

Your continued use of the Service after changes indicates acceptance of the updated policy.

13. How to Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at:

14. Complaints

If you believe we have not handled your data properly, you have the right to lodge a complaint with the supervisory authority: