Privacy Policy
Effective Date: 06/05/25
Last Updated: 06/05/25
1. Who We Are
Verifyd, Inc. (“Verifyd,” “we,” “our,” or “us”) operates the Verifyd mobile and web applications (the “Service”).
Head Office: 4505 Main Street, STE 149. Virginia Beach, VA 23462.
Privacy inquiries: care@verifydapp.com
2. Scope
This Policy applies when you install or use the Verifyd Android or iOS apps, visit any Verifyd website, or communicate with us by email, social media, or in-app support.
3. What Data We Collect
• Contact information (e.g., email address, display name).
• Account credentials & hashed auth tokens.
• User-generated content (videos, thumbnails, comments, flags).
• Engagement & usage metrics (likes, watch time, screens visited).
• Device & diagnostic data (IP, OS version, crash logs).
• No sensitive data such as precise location, health, or biometrics is collected.
4. How We Use Your Data & Legal Bases (GDPR Art. 6)
• Account creation & sign-in — Contract.
• Content publishing & verification — Contract / Legitimate Interest.
• Analytics & product improvement — Legitimate Interest / Consent.
• Crash reporting & security — Legitimate Interest / Legal obligation.
• Required communications — Legal obligation / Contract.
• Optional marketing emails — Consent (opt-in, revocable).
5. Sharing & Processors
We never sell your personal information. We disclose data only to the following processors under strict data-processing agreements:
• Supabase – managed database & authentication.
• Mux – video storage & streaming.
• Sentry – crash & error monitoring (anonymized).
• PostHog (EU self-hosted) – product analytics.
• SendGrid – transactional & opt-in marketing email.
Disclosures to law enforcement or during a business transfer will occur only where legally required and with prior notice when feasible.
6. International Transfers
Our primary servers are in the United States. For EEA/UK users, transfers rely on 2021 Standard Contractual Clauses plus supplementary encryption and access controls.
7. Security Measures
• TLS 1.2+ in transit; AES-256 at rest.
• Role-based employee access & multi-factor authentication.
• Regular vulnerability scanning & penetration testing.
• Continuous monitoring via Sentry & Supabase audit logs.
8. Data Retention
• Account data – while account is active + 30 days post-deletion.
• User-generated videos/comments – until user deletes or requests account deletion.
• Analytics events – 24 months (aggregated thereafter).
• Crash logs – 90 days.
Back-ups are purged within 30 days.
9. Your Rights (GDPR, CCPA/CPRA)
• Access, correct, delete, or port your data.
• Restrict or object to processing.
• Opt-out of “sale”/“sharing” (we do not sell).
• No discrimination for exercising rights.
Requests: care@verifydapp.com (identity verification required).
10. In-App Account Deletion
Delete your account via Settings → Delete Account. Effect:
• Immediate logout; content hidden within 24 h.
• Primary data erased ≤ 30 days; backups ≤ 60 days.
11. Cookies & Similar Technologies
We use first-party cookies/SDK storage solely for session management, basic usage analytics, and preference storage. We do not use third-party advertising trackers.
12. Children’s Privacy
Verifyd is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect children’s data; any inadvertent collection will be deleted promptly.
13. Changes to This Policy
Material changes will be announced in-app and via email at least 7 days before taking effect. The “Last Updated” date will change accordingly.
14. Contact Us
• Email: care@verifydapp.com
• Postal: Verifyd, Inc. – Privacy, 4505 Main Street, STE 149, Virginia Beach, VA 23462, USA
Appendix A – Mapping to Store Disclosures
Google Play Data Safety: collected & linked: email, user ID, videos, comments; encrypted in transit & at rest; user-initiated deletion supported.
Apple App Store Privacy Label:
• Linked Data: contact info, identifiers, user content.
• Not Linked: usage data, diagnostics.
• Tracking: none.