Privacy Policy
This Privacy Policy explains how Veriify ("Veriify", "we", "us") collects, uses, discloses, and protects information when you use our product-testing platform at veriify.io and related services (the "Service").
1. Who we are
Veriify is an automated product-testing platform operated by Ovivid Media. For privacy questions or to exercise your rights, contact us at privacy@veriify.io. Where required, the data controller is Ovivid Media.
2. Information we collect
Information you provide
- Account data — your name, email address, and authentication credentials (passwords are stored only as salted hashes; if you sign in with Google or GitHub we receive your basic profile and verified email from that provider).
- Targets you submit — the URLs or repositories you ask us to scan, and your ownership-verification tokens.
- Communications — messages you send us for support or enquiries.
Information we generate or collect automatically
- Scan evidence — data gathered while testing a target you authorised: HTTP responses, headers, response timings, page content, screenshots, and the findings and scores we derive from them.
- Usage & device data — IP address, browser type, pages viewed, and timestamps, used to operate the Service, enforce quotas, and prevent abuse.
- Cookies — a session cookie to keep you signed in, and strictly necessary cookies for security. See section 9.
Payment data
If you subscribe to a paid plan, payments are processed by our payment processor (Stripe). We do not store your full card details on our servers; we retain only a customer reference and subscription status.
3. How we use your information
- To provide the Service — run scans, compute your Product Accuracy Score, generate findings and fixes, and show your reports and history.
- To manage your account, authenticate you, and process subscriptions.
- To secure the Service, prevent abuse, enforce our Terms and usage quotas, and maintain audit logs of who accessed which reports.
- To communicate with you about the Service, including transactional emails such as confirmations and password resets.
- To improve the Service and, where you have not opted out, to compile aggregated and anonymised statistics (for example, industry benchmarks) that never identify you or an individual product.
We do not sell your personal information.
4. Legal bases (EEA/UK)
Where the GDPR or UK GDPR applies, we process personal data on the bases of: performance of a contract (to provide the Service you request); our legitimate interests (to secure, improve, and operate the Service); your consent (where required, e.g. non-essential communications); and compliance with legal obligations.
5. How we share information
We share information only as needed to run the Service:
- Service providers acting on our behalf under contract — including hosting/infrastructure, our database and authentication provider (Supabase), email delivery (Resend), and payments (Stripe).
- Legal and safety — where required by law, to enforce our Terms, or to protect the rights, property, or safety of Veriify, our users, or the public.
- Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this Policy.
6. Data retention
We retain account data for as long as your account is active. Scan evidence and reports are retained so you can review your history; you may delete individual scans or request deletion of your account and associated data at any time. We may retain limited information as required to comply with legal obligations, resolve disputes, and enforce agreements.
7. Security
We use technical and organisational measures appropriate to the risk, including encryption in transit (TLS), hashed passwords, scoped access controls, and audit logging. Scanning workers are sandboxed and segregated from core services. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Your rights
Depending on your location, you may have rights to access, correct, delete, export, or restrict the processing of your personal data, to object to certain processing, and to withdraw consent. If you are in California, you have rights under the CCPA/CPRA, including to know, delete, and correct, and to not be discriminated against for exercising them. To exercise any right, email privacy@veriify.io; we will verify and respond within the timeframes required by applicable law.
9. Cookies
We use a strictly necessary, httpOnly session cookie to keep you signed in and to protect against cross-site request forgery. We do not use advertising cookies. Because our cookies are essential to the Service, they cannot be disabled without affecting sign-in.
10. International transfers
We and our service providers may process data in countries other than yours. Where we transfer personal data internationally, we rely on appropriate safeguards such as standard contractual clauses where required.
11. Children's privacy
The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us information, contact us and we will delete it.
12. Changes & contact
We may update this Policy from time to time; we will post the new version here and update the date above, and notify you of material changes where required. Questions or requests: privacy@veriify.io.