Privacy Policy
Last updated: July 12, 2026
This Privacy Policy describes how Veridexa ("Veridexa", "we", "our") collects, uses, and safeguards personal information when you use our website and document verification services (the "Services"). By using the Services you agree to the practices described here.
1. Information We Collect
- Account data: name, email address, and authentication identifiers.
- Document data: files, images, and metadata you upload for verification.
- Usage data: log data, device information, IP address, and analytics events.
2. How We Use Information
- Provide, operate, and improve the Services.
- Perform document verification and generate reports.
- Prevent fraud, abuse, and security incidents.
- Communicate with you about your account, security, and updates.
- Comply with legal obligations.
3. Legal Bases
Where GDPR applies, we process personal data on the basis of contract performance, legitimate interests, legal compliance, and — where required — consent.
4. Automated Processing & Human Review
Our document verification pipeline uses automated processing — including OCR, computer vision, metadata analysis, template matching, and machine-learning models — to produce an authenticity score and a suggested recommendation (for example, "accept", "review", or "reject"). These automated outputs are intended as decision support, not as a final legal or administrative decision about you.
Under GDPR Article 22, where a decision produces legal effects or similarly significant effects on you, you have the right to (i) obtain human intervention, (ii) express your point of view, and (iii) contest the decision. If a verification result affects you and you believe it is incorrect, contact privacy@veridexa.io to request human review. We will not use automated outputs as the sole basis for a decision with legal or similarly significant effects on you without offering this option.
Our subprocessors that participate in this processing are listed on the Subprocessors page.
5. Sharing of Information
We share personal data only with the subprocessors listed on our Subprocessors page, and when required by law. We do not sell personal data.
6. Data Retention
We retain personal data only as long as necessary to provide the Services and to meet legal, accounting, or reporting requirements. Uploaded verification documents are subject to an automated retention policy and are purged after the configured retention period. You may also request earlier deletion of any specific document, or full deletion of your account and data, from within the product or by contacting us.
7. Security
We transmit personal data over encrypted connections (TLS), enforce authentication and least-privilege access controls, apply rate limiting on public verification endpoints, restrict outbound URL fetches to an allow-list, and maintain an append-only security audit log for sensitive events. We do not claim any specific external certification (such as SOC 2 or ISO 27001) except where explicitly documented on our Trust Center. No method of transmission or storage is 100% secure.
8. Your Rights
Depending on your location, you may have the right to access, correct, delete, export, or restrict processing of your personal data, and to object to certain processing. You also have the specific rights described in Section 4 in relation to automated processing. Submit a request on our Data Rights page or contact us at the address below. We aim to respond within 30 days.
9. International Transfers
Personal data may be processed in countries other than your own. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Services or by email.
11. Contact
For privacy inquiries, contact privacy@veridexa.io.