Privacy Policy

I. INFORMATION WE COLLECT

We collect "Non-Personal Information" and "Personal Information."

Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks.

Personal Information includes information that can be used to identify you, including but not limited to: email address, name, phone number, payment information, IP addresses, browser information, device information, and any other data submitted through our Service.

1. Information Collected via Technology

To use the Service, you must submit Personal Information including your email address, name, and payment information. We track information provided to us by your browser or by our software when you view or use the Service, such as the website you came from (the "referring URL"), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information.

We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user's browser from our servers and are stored on the user's computer hard drive. We may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser.

2. Session Recording Data

Important: As a TCPA compliance platform, our Service records user sessions on websites where our SDK is installed. This means we collect and process:

• Visual recordings of DOM interactions (mouse movements, clicks, keyboard inputs)
• Form submission data including field values
• Consent checkbox interactions and agreement acceptances
• Technical metadata (browser, device, IP address, timestamps, screen resolution)
• Personally Identifiable Information (PII) submitted through forms

We automatically detect and hash PII for security purposes. Session data is stored according to our retention policies: unclaimed sessions for 7 days, and claimed sessions for 3 years with a 30-day grace period.

3. Information You Provide by Registering for an Account

To become a subscriber to the Service, you will need to create a personal profile by registering with the Service and entering your email address, creating a user name and a password, and providing payment information. By registering, you are authorizing us to collect, store and use this information in accordance with this Privacy Policy.

4. Children's Privacy

The Site and the Service are not directed to anyone under the age of 18. The Site does not knowingly collect or solicit information from anyone under the age of 18. In the event that we learn that we have gathered personal information from anyone under the age of 18 without the consent of a parent or guardian, we will delete that information as soon as possible. If you believe we have collected such information, please contact us at info@verfi.io.

II. HOW WE USE AND SHARE INFORMATION

Personal Information

Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent or otherwise share for marketing purposes your Personal Information with third parties without your consent. We do share Personal Information with vendors who are performing services for the Company, such as:

• Cloud hosting providers (for data storage and processing)
• Payment processors (Stripe for billing)
• Email service providers (for communications)
• Analytics providers (for Service improvement)

Those vendors use your Personal Information only at our direction and in accordance with our Privacy Policy.

We use Personal Information to:

• Provide, maintain, and improve our Service
• Process transactions and send related information
• Send technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and customer service requests
• Communicate about products, services, offers, and events
• Monitor and analyze trends, usage, and activities
• Detect, prevent, and address technical issues and fraudulent activity

We may share Personal Information if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable legal process or enforceable governmental request; to enforce applicable Terms of Service; address fraud, security or technical concerns; or to protect against harm to the rights, property, or safety of our users or the public as required or permitted by law.

Session Recording Data Sharing

Session recording data collected through our Service is:

• Claimed Sessions: Accessible by the tenant who claimed the session for TCPA compliance purposes. These sessions can be shared via secure proof links (proof.verfi.io) as controlled by the claiming tenant.
• Unclaimed Sessions: Stored temporarily (7 days) and accessible only by authorized Company personnel for system maintenance and support.

Non-Personal Information

We use Non-Personal Information to help us improve the Service and customize the user experience. We also aggregate Non-Personal Information in order to track trends and analyze use patterns on the Site. This Privacy Policy does not limit in any way our use or disclosure of Non-Personal Information and we reserve the right to use and disclose such Non-Personal Information to our partners, advertisers and other third parties at our discretion.

Business Transfers

In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy.

III. HOW WE PROTECT INFORMATION

We implement security measures designed to protect your information from unauthorized access, including:

• Encryption of data in transit and at rest
• Secure Socket Layer (SSL) technology
• Firewalls and network security
• Access controls and authentication
• Regular security audits and updates
• PII hashing and secure storage

Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use.

IV. YOUR RIGHTS REGARDING THE USE OF YOUR PERSONAL INFORMATION

You have the right to:

• Access: Request access to your Personal Information
• Correct: Request correction of inaccurate Personal Information
• Delete: Request deletion of your Personal Information (subject to legal retention requirements)
• Opt-Out: Prevent us from contacting you for marketing purposes
• Export: Request a copy of your data in a portable format

To exercise these rights, please contact us at info@verfi.io. We will respond to your request within 30 days.

Session Data Retention and Deletion

For session recording data:

• Unclaimed sessions: Automatically deleted after 7 days
• Claimed sessions: Retained for 3 years for TCPA compliance purposes, then deleted after a 30-day grace period
• User requests: While we honor deletion requests, we may be required to retain certain data for legal compliance purposes

V. LINKS TO OTHER WEBSITES

As part of the Service, we may provide links to or compatibility with other websites or applications. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain. This Privacy Policy applies solely to information collected by us through the Site and the Service. Therefore, this Privacy Policy does not apply to your use of a third-party website accessed by selecting a link on our Site or via our Service.

VI. CALIFORNIA PRIVACY RIGHTS

California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us at info@verfi.io.

California Consumer Privacy Act (CCPA)

If you are a California resident, you have additional rights under the CCPA, including:

• Right to know what Personal Information is collected, used, shared or sold
• Right to delete Personal Information held by businesses
• Right to opt-out of sale of Personal Information
• Right to non-discrimination for exercising CCPA rights

Note: We do not sell your Personal Information to third parties.

VII. EUROPEAN UNION DATA PROTECTION RIGHTS (GDPR)

If you are in the European Union, you have certain data protection rights under the General Data Protection Regulation (GDPR). These include:

• Right to access your Personal Information
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

To exercise these rights, please contact us at info@verfi.io.

Legal Basis for Processing

We process your Personal Information under the following legal bases:

• Contract Performance: To provide our Service to you
• Legitimate Interests: To improve our Service and prevent fraud
• Legal Obligation: To comply with applicable laws
• Consent: Where you have provided consent for specific purposes

VIII. CHANGES TO OUR PRIVACY POLICY

We reserve the right to change this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by email (sent to the email address specified in your account) or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of the Service after any changes constitutes your acceptance of the new Privacy Policy.

IX. CONTACT US

If you have any questions about this Privacy Policy or our data practices, please contact us:

X. DATA PROCESSING ADDENDUM

For enterprise customers who require a Data Processing Addendum (DPA) for GDPR compliance, please contact us at info@verfi.io to request our standard DPA.