Privacy Policy

At Veri ("we", "us", or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our professional identity verification platform at veri.xyz (the "Service").

Please read this policy carefully. By using Veri, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Name
• Password (stored securely hashed)
• Account type (candidate or company)

Profile Information (Candidates)

To build your professional profile, you may provide:

• Display name and profile URL (slug)
• Profile picture
• Professional headline
• Introduction video
• Cryptocurrency wallet address (optional, for web3 verification)

Company Information

For company accounts, we collect:

• Company name and domain
• Team member information
• KYC invitation history

Identity Verification (KYC)

When you complete identity verification, verification is processed by our partner Didit. We receive only:

• Verification status (verified or not)
• Verification timestamp
• Session identifier for the verification request

Important: Your identity documents (passport, ID card, etc.) and biometric data are processed and stored exclusively by Didit, not by Veri. We never see or store your actual identity documents.

References

Professional references on your profile include:

• Reference author's name, email, and company
• Reference content and relationship context
• Timestamp of when the reference was given

Usage Data

We automatically collect certain information when you use the Service, including IP address, browser type, pages visited, and access times. This helps us improve the Service and ensure security.

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Create and maintain your account, display your professional profile, and facilitate identity verification.
• Process Verifications: Coordinate KYC verification requests from companies and communicate verification status.
• Send Communications: Deliver transactional emails (verification requests, reference requests, magic links) and optional notifications about your profile.
• Improve the Service: Analyze usage patterns to enhance features, fix bugs, and develop new functionality.
• Ensure Security: Detect and prevent fraud, abuse, and unauthorized access to accounts.
• Legal Compliance: Comply with applicable laws and respond to legal requests when required.

3. How We Share Your Information

With Companies (KYC Verification)

When a company invites you for KYC verification and you complete it, that company receives confirmation of your verification status. They can see:

• Your name and profile information
• Your KYC verification status (verified/not verified)
• When you were verified

Companies do not receive access to your identity documents or biometric data.

With Didit (Identity Verification Provider)

When you initiate KYC verification, Didit processes your identity verification. This includes uploading your identity documents directly to Didit's secure platform. Didit operates under their own privacy policy, and we encourage you to review it at didit.me/privacy.

Public Profile Information

If you create a public profile, certain information is visible to anyone with your profile link:

• Display name and profile picture
• Professional headline
• Published references
• Published introduction video
• KYC verification badge (if verified)

Service Providers

We work with trusted third-party services to operate Veri:

• Hosting: Railway (infrastructure)
• Database: Supabase (data storage)
• Email: Resend (transactional emails)
• File Storage: Cloudflare R2 (profile pictures, videos, logos)
• Payments: Polar (subscription and credit purchases)
• Identity Verification: Didit (KYC verification)

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of Veri, our users, or others.

4. Identity Verification (KYC) Details

We want to be transparent about how identity verification works on Veri:

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

To exercise any of these rights, please contact us at privacy@veri.xyz. We will respond to your request within 30 days.

6. Data Retention

We retain your data for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Account Data: Retained while your account is active. Deleted upon account deletion request, subject to legal retention requirements.
• Profile Data: Retained while your account is active and for a reasonable period after deletion to allow for account recovery.
• KYC Status: Retained as long as your account exists. The verification status may be retained for compliance purposes even after account deletion.
• References: Retained while your account is active. Authors can request removal of references they've written.
• Session Data: Expired sessions are automatically deleted after 30 days.
• Usage Logs: Retained for up to 90 days for security and debugging purposes.

7. Cookies and Tracking

We use cookies and similar technologies to operate the Service:

Essential Cookies

Required for the Service to function. These include session cookies to keep you logged in and security cookies to protect your account. You cannot opt out of essential cookies while using the Service.

What We Don't Do

We do not use advertising cookies, sell your data to advertisers, or track you across other websites.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• All data is encrypted in transit using TLS/HTTPS
• Passwords are hashed using industry-standard algorithms
• Sensitive tokens (like magic links) are stored hashed
• Access to production systems is restricted and logged
• Regular security reviews and updates

While we strive to protect your data, no method of transmission or storage is 100% secure. If you believe your account has been compromised, please contact us immediately.

9. International Data Transfers

Your data may be processed in countries other than your own. Our service providers operate globally, and data may be transferred to and processed in the United States or other countries. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

10. Children's Privacy

Veri is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or sending you an email. Your continued use of Veri after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

For GDPR-related requests, we aim to respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.