Skip to main content
Legal & trust

Privacy Policy

Last updated on April 24, 2026.

Draft for counsel review. This is a working draft. Engage privacy counsel before this language goes live in production.

1. Scope

This Privacy Policy explains how Verdaxi ("we," "us," or "our") collects, uses, and protects personal information when you use our website or our software-as-a-service compliance platform ("Service"). This Policy applies to personal information we process as a controller. When we process Customer Data on behalf of a customer organization, we do so as a processor under that customer's instructions, governed by our Data Processing Addendum.

2. Information we collect

Account information: name, email, phone, organization name, role.

Usage data: pages visited, features used, IP address, browser, device type, timestamps.

Customer Data: content you submit to the Service (compliance records, documents, etc.). This is processed under your direction, not for our independent purposes.

Communications: support requests, sales inquiries, demo requests, contact form submissions.

3. How we use information

  • To provide and operate the Service
  • To respond to support and sales inquiries
  • To send service-related communications (security, billing, product updates)
  • To improve the Service via aggregated usage analytics
  • To detect, prevent, and respond to abuse, fraud, or security incidents
  • To comply with legal obligations

We do not sell personal information.

4. Sharing

We share personal information with:

  • Sub-processors who help us operate the Service (hosting, email delivery, analytics) — listed at /legal/sub-processors
  • Authorities when required by valid legal process or to protect rights, property, or safety
  • Successors in the event of merger, acquisition, or sale of assets — under equivalent privacy commitments

5. Cookies and tracking

We use cookies and similar technologies as described in our Cookie Policy. Our analytics provider (Plausible) does not use cookies for analytics and does not collect personal information.

6. Data retention

We retain account information for the duration of your relationship with us plus a reasonable period thereafter for legal, audit, and operational purposes. Customer Data is retained per the customer organization's settings and our Data Processing Addendum.

7. Security

We implement administrative, technical, and physical safeguards to protect personal information, including encryption at rest and in transit, access controls, audit logging, and a documented incident-response process. See our Security page for details.

8. International transfers

The Service is hosted in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US.

9. Your rights

Depending on where you reside, you may have rights to access, correct, delete, port, or restrict processing of your personal information. To exercise these rights, contact [email protected]. We will respond within applicable legal timeframes.

10. California privacy rights

California residents have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of certain disclosures. Contact [email protected] to exercise these rights. We do not "sell" personal information as defined under California law.

11. Children

The Service is not directed to individuals under 18. We do not knowingly collect personal information from minors.

12. Changes

We may update this Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before they take effect.

13. Contact

Privacy questions, requests, or concerns: [email protected].