Legal

Privacy policy

Last updated: January 2025

1. Introduction

This Privacy Policy explains how VerifyWise collects, uses, and protects your personal information across our different service offerings. VerifyWise provides AI governance and evaluation services through two distinct deployment models: our SaaS platform and Enterprise Self-hosted editions. The data handling practices differ significantly between these offerings, as detailed below.

VerifyWise is a B2B-only platform serving enterprise organizations. We are committed to ensuring your privacy is protected and that you understand how your data is handled based on your chosen deployment model.

2. Service offerings and data handling

2.1 SaaS platform

Our SaaS platform is hosted on Digital Ocean infrastructure in the San Francisco region. For SaaS customers, we collect and process:

  • Account and organization information (company name, user details, contact information)
  • Platform usage data and evaluation metadata
  • Technical data (IP addresses, browser information, timestamps)
  • Communication data from support interactions

Important: We do not process, store, or have access to your AI model data or evaluation content. All customer evaluation data is encrypted and isolated.

2.2 Enterprise self-hosted edition

Our Enterprise Self-hosted edition operates in a completely air-gapped environment within your infrastructure. For self-hosted deployments:

  • Zero data leaves your infrastructure - all data remains within your environment
  • No telemetry or usage analytics are sent to VerifyWise
  • No license validation or automatic updates occur
  • VerifyWise has no access to any data processed by the self-hosted platform

3. Information we collect

3.1 Website and general business information

  • Contact form submissions and inquiry details
  • Marketing communication preferences
  • Website usage data through analytics (Google Analytics, PostHog)
  • Technical website data (IP address, browser type, device information)

3.2 SaaS platform specific data

  • Account registration and authentication information
  • Billing and payment processing data (processed by third-party payment processors)
  • Platform configuration and usage patterns
  • Support tickets and customer service interactions

4. How we use your information

We use your information to:

  • Provide and maintain our AI governance services
  • Process payments and manage billing (SaaS customers only)
  • Provide customer support and technical assistance
  • Send product updates, newsletters, and marketing communications
  • Improve our platform and develop new features

5. Data security and encryption

We implement industry-standard security measures to protect your information:

  • All customer data is encrypted both in transit and at rest
  • Multi-tenant data isolation ensures customer data separation
  • Access controls and authentication mechanisms protect platform access
  • Regular security monitoring and incident response procedures

6. Cookies and tracking technologies

Our website uses the following types of cookies:

  • Functional Cookies: Essential for website operation and user authentication
  • Analytics Cookies: Google Analytics and PostHog for website performance analysis
  • Marketing Cookies: To track marketing campaign effectiveness and user preferences

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.

7. Third-party services and subprocessors

For our SaaS platform, we integrate with the following third-party services:

  • Payment Processing: Stripe, Inc. for billing and subscription management
  • Analytics: Google Analytics and PostHog for usage analytics
  • Infrastructure: Digital Ocean for hosting and infrastructure services

Enterprise Self-hosted deployments do not use any third-party services for data processing.

8. Data retention

We retain different types of data for varying periods:

  • Account and evaluation data: Retained for 3 years from account creation or last activity
  • Marketing communications: Until you unsubscribe or request removal
  • Contact form submissions: Retained for business communication purposes up to 3 years

9. Your rights and data control

As a business customer, you have the right to:

  • Access your organization's account and usage data
  • Correct inaccurate account or contact information
  • Request deletion of your account and associated data
  • Object to marketing communications
  • Request data export for account migration purposes

10. Legal basis for processing and compliance

We process personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to deliver our AI governance services
  • Legitimate Interest: Platform improvement, security monitoring, and business communications
  • Consent: Marketing communications and non-essential cookies

We comply with GDPR for European customers and CCPA for California customers.

11. Data breach notification

In the event of a data security incident:

  • We will assess the incident within 24 hours of discovery
  • Affected customers will be notified within 72 hours for high-risk breaches
  • We will notify relevant authorities as required by applicable law

12. Changes to this policy

We may update this privacy policy to reflect changes in our services, legal requirements, or business practices. When we make material changes, we will:

  • Update the "Last updated" date at the bottom of this policy
  • Notify active customers via email of significant changes
  • Post the updated policy on our website

13. Contact information

If you have any questions about this Privacy Policy, data handling practices, or wish to exercise your rights, please contact us:

BlueWave Labs

Email: hello@verifywise.ai

Privacy Policy | VerifyWise - Enterprise Data Protection