Verda Privacy Policy

Verda ("Verda", "we", "us", or "our") helps people, creators, brands, and platforms verify where digital content comes from.

This Privacy Policy explains:

• What personal data we collect
• How and why we use it
• When we share it
• The choices and rights you have

If you have any questions, you can always contact us at support@verda.ai.

Verda provides tools and services that:

• Verify the identity of people and organizations
• Link verified identities to their online presence
• Apply secure watermarks or fingerprints to media
• Allow others to verify whether media is linked to a verified identity

This Privacy Policy applies to:

• Visitors to our websites (for example, verda.ai)
• Users who create a Verda account
• People who apply for verification
• Individuals who interact with our services through partner platforms or integrations

It does not cover how third-party platforms (such as social networks or websites you connect to Verda) handle your data. Their privacy policies apply in those cases.

2.1 Information you provide to us

We collect information you choose to share with us, for example:

Account and contact details

• Name
• Email address
• Password or login credentials
• Organization name and role

Identity and verification information

When you apply for verification we may ask for:

• Government issued ID details (for example, ID number, expiry date, date of birth)
• Selfie or face image to compare with your ID
• Company registration details and official documents
• Proof of ownership of domains or social accounts

We use this data only to verify identity and to keep an audit of that verification.

Biometric and Face Data

When you apply for identity verification, you may be asked to provide a selfie or face image. This data is collected and processed by our identity verification partner, Persona (Persona Privacy Policy), and is used solely to compare your face with your government-issued ID to confirm your identity.

Verda does not store your face image or biometric data on its servers. We receive only the verification result (for example, "verified" or "failed") from Persona.

Persona stores biometric information for no more than 3 years in accordance with their privacy policy. You can request deletion of your biometric data directly from Persona at any time.

Face data is not used for any other purpose, including advertising, analytics, or profiling. It is not shared with any party other than Persona for the sole purpose of identity verification.

Profile and public information

• Display name, handle, avatar or logo
• Bio, links and other information you choose to show on your Verda profile
• List of connected accounts or channels (for example, social media @handles, domains, newsletters)

Content and media

• The media you choose to process or fingerprint through Verda (for example images, videos, audio or other files)
• Metadata associated with that media, such as titles, descriptions or tags

Support and communication

• Messages you send to our support team
• Feedback, survey responses or bug reports
• Other information you share when you contact us

You may choose not to provide some information. In that case, certain features (for example, identity verification) may not work.

2.2 Information we collect automatically

When you visit our sites or use our services, we automatically collect some information, such as:

Device and usage information

• IP address
• Browser type and settings
• Device type and operating system
• Date and time of access
• Pages viewed and links clicked
• The features you use and how you interact with them

Log data

• Authentication events (for example, login, logout, failed login)
• API calls and integration events
• Verification checks and their status
• System errors and diagnostic information

We use this information to keep our services secure, understand how people use Verda, and improve performance.

2.3 Information from third parties

We may receive information about you from:

Identity verification partners

Service providers that help us check IDs, documents, or business information. They may share verification results (for example "verified", "failed", "needs review") and supporting data as needed.

Connected platforms and integrations

When you link Verda to another service (for example a social network, content management system, or publishing tool), that service may share information such as:

• Your username, display name or profile URL
• Basic account details and settings
• Links or metadata about content that should carry a fingerprint or watermark

Partners and customers

Platforms and organizations that use Verda may send us:

• Technical identifiers related to content or users
• Metadata needed to check whether content matches a fingerprint
• Reports of suspected misuse or abuse

We use this information only for the purposes described in this Policy.

3.1 To provide and maintain Verda

• Create and manage your account
• Verify your identity or the identity of your organization
• Connect your profiles, domains, and channels
• Generate, store, and apply fingerprints or watermarks to your media
• Allow others to check whether media matches a verified identity
• Provide customer support and respond to your requests

3.2 To secure our services and prevent abuse

• Detect and prevent fraud, impersonation, and misuse
• Investigate suspicious activity or security incidents
• Enforce our Terms of Service and other policies
• Protect the rights, safety, and property of our users, partners, and the public

3.3 To improve Verda

• Analyse how people use our products
• Test new features and product changes
• Monitor performance, reliability, and usability
• Develop new tools around identity, watermarking, and verification

Where possible, we use aggregated or de-identified data for these purposes.

3.4 To communicate with you

• Send service and transactional messages (for example, verification status, security alerts)
• Share updates about product changes, new features, or policy updates
• Provide onboarding, tips, and guidance
• Ask for feedback or invite you to research sessions

You can opt out of most marketing emails by using the "unsubscribe" link in those messages.

If you are in the European Economic Area, the United Kingdom, or another region that requires a legal basis for processing, we rely on:

• Contract — We process data to provide you with the services you request under our Terms of Service or other agreements.
• Legitimate interests — We process data to secure our services, prevent abuse, improve our products, and communicate with you about Verda, in ways that do not override your rights and interests.
• Consent — In some cases we rely on your consent, for example for certain marketing communications or optional data collection. You can withdraw consent at any time.
• Legal obligations — We may process and retain certain information to comply with laws, regulations, or lawful requests from authorities.

Verda is a global service. Your information may be stored and processed in countries other than where you live.

When we transfer personal data from the European Economic Area, the United Kingdom, or similar regions to countries that do not have equivalent data protection laws, we use appropriate safeguards, such as:

• Standard contractual clauses approved by the European Commission
• Other legal mechanisms recognised by data protection authorities

You can contact us for more information about these safeguards.

We keep your personal data only for as long as needed for the purposes described in this Policy, including:

• To provide and maintain your account and our services
• To comply with legal, tax, and regulatory requirements
• To resolve disputes and enforce our agreements

Retention periods depend on the type of data and how you use Verda. For example:

• Account and profile data is stored while your account is active
• Identity verification records may be stored for a longer period where required for security and audit purposes
• Log data is kept for a limited time to support security and diagnostics, then deleted or anonymised

When we no longer need your data, we will delete or de-identify it.

When you delete your account: Your account is deactivated immediately and scheduled for permanent deletion after 30 days. During those 30 days, you can sign up again with the same email to reactivate your account and recover your data. After 30 days, your personal information (name, email, bio, profile photo) is permanently anonymised, your posts are removed, and your social account connections are deleted. Watermark verification links you previously shared will display a notice that the content has been deleted, with no personal information exposed. Identity verification records may be retained as required by law.

We use cookies and similar technologies on our websites and services to:

• Remember your preferences and keep you signed in
• Understand how people use our products
• Improve performance and security

You can control cookies through your browser settings and other tools. Some features may not work properly if you disable certain cookies.

We may provide a separate Cookie Notice with more details about the types of cookies we use.

We do not sell your personal data. We share information only in the following cases:

• With service providers who help us run Verda (for example, cloud hosting, identity verification, analytics, crash reporting, customer support, and payment processing). They are bound by contract to use your data only for us.
• With identity verification partners (for example, Persona) when you apply for verification.
• With Apple or Google when you make a purchase on iOS or Android through their billing systems.
• With connected social platforms (for example, when you authorize Verda to post on your behalf).
• When required by law, subpoena, court order, or to protect rights, property, or safety.
• As part of a merger, acquisition, or sale of assets, subject to this Policy.

When you generate a verification link (for example, verda.ai/abcdef), the media and watermark associated with that link become publicly accessible to anyone who has the link.

The Verda mobile app may request the following device permissions:

• Camera — to capture photos and videos you want to watermark, and for identity verification selfies
• Photos / Media Library — to select existing media from your device to watermark
• Notifications — to inform you when watermarking is complete or a scheduled post has been published
• Network / Internet — to communicate with Verda servers

You can grant or deny these permissions at any time in your device settings. Some features will not work without the required permissions.

We use reasonable administrative, technical, and physical safeguards to protect your information, including encryption in transit (TLS), encryption at rest for sensitive data, access controls, and audit logging. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

Depending on where you live, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your account and associated personal data
• Export a copy of your data in a portable format
• Object to or restrict certain processing
• Withdraw consent you previously gave
• Lodge a complaint with your local data protection authority

Account and data deletion: You can delete your Verda account from within the app (Edit Profile → menu → Delete Account), or by emailing support@verda.ai. Your account will be deactivated immediately and permanently deleted after 30 days. You may reactivate within that period by signing up again with the same email.

California residents (CCPA/CPRA): You have the right to know what personal information we collect, to delete it, to correct it, to opt out of sale or sharing (we do not sell your data), and to not be discriminated against for exercising these rights. EU/UK/EEA residents (GDPR): You have the rights listed above and may contact our data protection point at support@verda.ai.

Verda is not directed to children under 13 (or the minimum age required in your country). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@verda.ai and we will delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by email and update the "Last updated" date. Your continued use of Verda after changes take effect means you accept the updated Policy.

If you have questions about this Privacy Policy or want to exercise your rights, contact us at:

Email: support@verda.ai