Privacy Policy

Last Updated: October 22, 2024

1. Introduction

Welcome to Veriflo. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document verification and leak attribution platform.

By using Veriflo, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

We collect information that identifies you as an individual, including:

  • Name and contact information (email address, phone number)
  • Company name and business information
  • Account credentials (username, password)
  • Payment information (processed securely through third-party payment processors)
  • Profile information and preferences

2.2 Document Information

When you use our services, we process:

  • Document metadata (file names, types, sizes, upload dates)
  • Document content (for fingerprinting and verification purposes)
  • Recipient information (names, email addresses of document recipients)
  • Access logs (who accessed documents, when, and from where)
  • Blockchain attestation records

2.3 Technical Information

We automatically collect certain technical information, including:

  • IP addresses and device identifiers
  • Browser type and version
  • Operating system and device information
  • Usage data and analytics
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

  • Provide Services: Create blockchain attestations, embed forensic fingerprints, track document access, and detect leaks
  • Account Management: Create and manage your account, process payments, and provide customer support
  • Security: Detect and prevent fraud, abuse, and unauthorized access
  • Improvements: Analyze usage patterns to improve our platform and develop new features
  • Communications: Send service updates, security alerts, and marketing communications (with your consent)
  • Legal Compliance: Comply with legal obligations and enforce our terms of service

4. Data Storage and Security

4.1 Security Measures

We implement industry-standard security measures to protect your data:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance
  • ISO 27001 certification (in progress)

4.2 Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Document metadata and blockchain records may be retained indefinitely as they are essential to the integrity of our verification system. You can request deletion of your personal data at any time, subject to legal and contractual limitations.

5. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including cloud hosting (AWS), payment processing (Stripe), email services (SendGrid), and analytics (Google Analytics). These providers are bound by confidentiality agreements and are only authorized to use your information as necessary to provide services to us.

5.2 Legal Requirements

We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5.4 Blockchain Records

Document hashes and attestations recorded on public blockchains are publicly visible and immutable. However, these records do not contain personal information or document content—only cryptographic hashes.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

6.1 GDPR Rights (EU/EEA)

  • Access: Request copies of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limitation of processing
  • Portability: Request transfer of your data to another service
  • Objection: Object to processing of your data
  • Withdraw Consent: Withdraw consent at any time

6.2 CCPA Rights (California)

  • Know what personal information is collected, used, shared, or sold
  • Delete personal information held by us
  • Opt-out of sale of personal information (Note: We do not sell personal information)
  • Non-discrimination for exercising privacy rights

To exercise these rights, please contact us at privacy@useveriflo.com. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver personalized content. You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our platform.

Types of Cookies We Use:

  • Essential Cookies: Required for platform functionality
  • Analytics Cookies: Help us understand how you use our platform
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Used to deliver relevant advertisements (with consent)

8. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards, including Standard Contractual Clauses approved by the European Commission.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Veriflo Privacy Team

Email: privacy@useveriflo.com

Support: support@useveriflo.com

Response Time: Within 48 hours

Note: This Privacy Policy is provided for informational purposes. For specific legal advice regarding your rights and our practices, please consult with a qualified attorney.