Privacy policy

1. Introduction

If you are unable to access this Privacy Policy due to a disability or impairment, please contact us at hello@verifywise.ai and we will arrange to supply you with the information you need in an alternative format.

VerifyWise (together with our affiliates, "we", "our", or "us") respects your privacy and is committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to personal data that we collect from or about you when you use our website, applications, and services (collectively, "Services").

VerifyWise is a B2B platform providing AI governance and compliance services to enterprise organizations. This Privacy Policy does not apply to content that we process on behalf of our enterprise customers. Our use of that data is governed by our customer agreements and Data Processing Agreements covering access to and use of those offerings.

A Data Processing Agreement (DPA) is available upon request for enterprise customers who require one.

Your use of our Services is also subject to our Terms of Service.

2. Data handling and on-premises deployment

VerifyWise is deployed on-premises within your own infrastructure. This means:

• Zero data leaves your infrastructure. All governance data, risk assessments, compliance records, and user content remain within your environment
• No telemetry or usage analytics are sent to VerifyWise
• No license validation or automatic updates occur
• VerifyWise has no access to any data processed by the platform once deployed

The sections below describe personal data we collect through our website, sales process, and support channels, not data processed within the on-premises platform.

3. Personal data we collect

3.1 Personal data you provide

We collect personal data if you create an account to use our Services or communicate with us:

• Account information: Your name, contact information, account credentials, payment information (processed by our third-party payment processor), and transaction history
• Communication information: If you communicate with us via email, contact forms, or social media, we collect your name, contact details, and the contents of the messages you send
• Marketing preferences: Your communication preferences and subscription choices
• Other information you provide: Information you share when participating in events, surveys, or providing feedback

3.2 Personal data we receive from your use of our website

When you visit or interact with our website, we receive the following information:

• Log data: Your IP address, browser type and settings, the date and time of your request, and how you interact with our website
• Usage data: The types of content you view, the features you use, and the actions you take, as well as your time zone, country, and dates and times of access
• Device information: The name of the device, operating system, device identifiers, and browser you are using
• Location information: We may determine the general area from which your device accesses our website based on your IP address for security reasons and to provide a better experience

3.3 Information we receive from other sources

We may receive information from trusted partners, such as security partners to protect against fraud and abuse, and from marketing vendors who provide us with information about potential customers of our business services.

4. How we use personal data

We use personal data for the following purposes:

• To provide, analyze, and maintain our Services
• To improve and develop our Services
• To communicate with you, including sending you information about our Services and events
• To prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems
• To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, VerifyWise, or third parties

We may also aggregate or de-identify personal data so that it no longer identifies you and use this information for the purposes described above. We will maintain and use de-identified information in de-identified form and not attempt to reidentify the information, unless required by law.

5. Disclosure of personal data

We may disclose your personal data in the following circumstances:

• Vendors and service providers: We may disclose personal data to vendors and service providers, including hosting services, customer service vendors, cloud services, payment processors, and email communication software. These parties will access, process, or store personal data only in the course of performing their duties to us
• Business transfers: If we are involved in a strategic transaction, reorganization, bankruptcy, or transition of service to another provider, your personal data may be disclosed in the due diligence process and transferred as part of that transaction
• Government authorities: We may share personal data with government authorities or other third parties in compliance with the law if required to do so, or in the good faith belief that such action is necessary to comply with a legal obligation, protect our rights or property, or protect public safety
• Business account administrators: When you join an enterprise or business account, the administrators of that account may access and control your account, including your content

6. Data security

We implement commercially reasonable technical, administrative, and organizational measures designed to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction:

• All data is encrypted both in transit and at rest
• Multi-tenant data isolation on our cloud trial platform ensures customer data separation
• Access controls and authentication mechanisms protect platform access
• Regular security monitoring and incident response procedures

No internet or email transmission is ever fully secure or error free. You should take special care in deciding what information you provide to us. We are not responsible for circumvention of any privacy settings or security measures contained on our website or third-party websites.

7. No sale of personal data

We do not sell personal data or share personal data for cross-contextual behavioral advertising. We do not process personal data for targeted advertising purposes as those terms are defined under applicable state privacy laws. We also do not process sensitive personal data for the purpose of inferring characteristics about a consumer.

We may occasionally offer benefits such as discounts or resources in exchange for participating in surveys. When we do, we will disclose the material terms of the offer at the time we ask you to participate. You may withdraw from any such offer at any time by contacting us.

8. Cookies and tracking technologies

Our website uses cookies and similar technologies to operate and improve your experience:

• Functional cookies: Essential for website operation, user authentication, and maintaining your preferences across browsing sessions
• Analytics cookies: Google Analytics, HubSpot, and Vercel Web Analytics for website performance analysis and understanding how users interact with our website
• Marketing cookies: To track marketing campaign effectiveness and measure user engagement

If you use our website without creating an account, we may store some of the information described in this policy with cookies to help maintain your preferences across browsing sessions. You can manage cookie preferences through our cookie consent banner when you first visit our website, or through your browser settings. Note that disabling certain cookies may affect website functionality.

9. Third-party services and subprocessors

We integrate with the following third-party services for our website and business operations:

• Payment processing: Stripe, Inc. for billing and subscription management
• Analytics: Google Analytics, HubSpot, and Vercel Web Analytics for usage analytics
• Infrastructure: Cloud hosting providers for website hosting services

These services apply only to our website and business operations. The on-premises VerifyWise platform does not connect to any third-party services unless explicitly configured by your organization. We will notify customers with a Data Processing Agreement of any changes to our subprocessor list before the change takes effect.

10. Data retention

We retain personal data for only as long as we need in order to provide our Services to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain personal data depends on:

• Our purpose for processing the data (such as whether we need to retain the data to provide our Services)
• The amount, nature, and sensitivity of the information
• The potential risk of harm from unauthorized use or disclosure
• Any legal requirements that we are subject to

Specific retention periods:

• Account data: Retained for 3 years from account creation or last activity
• Marketing communications: Until you unsubscribe or request removal
• Contact form submissions: Retained for business communication purposes up to 3 years

We also delete personal data upon request at any time.

11. Your rights

Depending on where you live, you may have certain statutory rights in relation to your personal data. You may have the right to:

• Access your personal data and information relating to how it is processed
• Delete your personal data from our records
• Update or correct your personal data
• Transfer your personal data to a third party (right to data portability)
• Restrict how we process your personal data
• Withdraw your consent where we rely on consent as the legal basis for processing
• Object to how we process your personal data
• Lodge a complaint with your local data protection authority
• Be free from discrimination relating to the exercise of any of your privacy rights

Exercising your rights

You can exercise privacy rights described in this section by submitting a request through hello@verifywise.ai. We will respond to your request within 30 days. We may require you to verify your credentials before we can process your request. If we cannot verify your identity, we will not be able to honor your request. If we decline your request, you may appeal the decision by contacting us at the same email address with the subject line "Privacy Rights Appeal".

Authorized agents

You may also submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us.

12. US state disclosures

Some US state privacy laws require specific disclosures. The personal data categories we collect include:

• Identifiers: Such as your name, contact details, IP address, and device identifiers
• Commercial information: Such as your transaction history
• Network activity information: Such as content you interact with and how you use our Services
• Geolocation data: Such as the general area from which your device accesses our Services
• Account credentials: Such as your login information

We use this information for the purposes described in Section 4 above, and may disclose it to the categories of recipients described in Section 5. We comply with GDPR for European customers, CCPA for California customers, and applicable state privacy laws.

We may disclose personal data in the categories listed above to: service providers who assist with our business operations, payment processors for billing, analytics providers for website performance, and government authorities when required by law. For more detail on recipients, see Section 5 above.

13. Legal basis for processing

We process personal data based on the following legal grounds:

• Contract performance: Processing necessary to deliver our AI governance services
• Legitimate interest: Platform improvement, security monitoring, and business communications
• Legal obligation: Compliance with applicable laws, regulations, and legal processes
• Consent: Marketing communications and non-essential cookies

This Privacy Policy is governed by the laws of England and Wales.

14. International data transfers

VerifyWise processes personal data collected through our website and business operations on servers located in various jurisdictions. While data protection law varies by country, we apply the protections described in this policy to your personal data regardless of where it is processed.

When transferring personal data outside of the EEA, Switzerland, or the UK, we rely on legally valid transfer mechanisms to comply with applicable data protection law, including adequacy decisions and Standard Contractual Clauses as approved by the European Commission. For more information, please contact us.

15. Children

Our Services are not directed to, or intended for, individuals under 16 or the age of majority in your jurisdiction, whichever is greater. We do not knowingly collect personal data from children under 16. If you have reason to believe that a child under 16 has provided personal data to VerifyWise, please email us at hello@verifywise.ai. We will investigate any notification and, if appropriate, delete the personal data from our systems.

16. Data breach notification

In the event of a data security incident:

• We will assess the incident within 24 hours of discovery
• Affected customers will be notified within 72 hours for high-risk breaches
• We will notify relevant authorities as required by applicable law

For customers with a Data Processing Agreement, breach notification obligations specified in the DPA take precedence over the timelines stated above.

17. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will publish an updated version and effective date on this page. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify active customers via email of significant changes

18. Contact information

If you have any questions about this Privacy Policy, data handling practices, or wish to exercise your rights, please contact us: