Privacy Policy

Last updated: January 2026

This Privacy Policy explains how VERYTIS ("we", "us", or "our") collects, uses, stores, and protects personal data when you access or use the VERYTIS website, platform, and related services (collectively, the "Service").

VERYTIS is designed with a privacy-first approach focused on governance-grade audit with strict scope control.

1. Who We Are

VERYTIS is a B2B software platform providing decision and action traceability, audit, and governance capabilities across organizational tools.

For the purposes of applicable data protection laws, VERYTIS acts primarily as a data processor on behalf of its customers, and as a data controller for limited website and account-related data.

2. Scope of This Policy

This Privacy Policy applies to:

  • Visitors of the VERYTIS website
  • Users of the VERYTIS platform
  • Customer representatives and account administrators

This Policy does not replace contractual agreements (such as Data Processing Agreements) entered into with customers.

3. Core Privacy Principles

VERYTIS is built on the following principles:

  • Governance-first audit
  • Explicit scope-based data collection
  • No private messages
  • No files or document capture
  • Clear separation between conversational data and metadata

4. Data We Collect

4.1 Website Data

When you visit our website, we may collect limited information such as:

  • IP address
  • Browser type and device information
  • Pages visited and interactions
  • Cookies or similar technologies (see Section 11)

This data is used solely for website functionality, security, and analytics.

4.2 Account & Identity Data

When an organization uses VERYTIS, we may process:

  • Name
  • Business email address
  • Role and permissions within the organization
  • Authentication identifiers provided by connected platforms

Each user must authenticate individually. No shared or generic accounts are used.

4.3 Collaboration Tools (Slack, Microsoft Teams)

VERYTIS processes textual conversation data only within channels explicitly authorized by the organization.

We may process
  • Textual messages
  • Thread context
  • Timestamps
  • Channel identifiers
  • Explicit signals
We do not process
  • Private messages (DMs)
  • Files or attachments
  • PDFs, images, or documents

This data is collected solely to enable decision and action traceability within authorized collaboration spaces.

4.4 Email Metadata

VERYTIS never accesses or processes email content.

For email systems, VERYTIS processes metadata and activity signals only, including:

  • Sender and recipients
  • Date and time
  • Subject line
  • Email open status & reply status

Email bodies and attachments are technically inaccessible to our systems.

5. How We Use Data

We use processed data exclusively to:

  • Provide and operate governance and audit functionality
  • Reconstruct decisions and actions within authorized scopes
  • Attribute actions to authenticated users
  • Maintain platform security and integrity
  • Provide customer support when required

VERYTIS does not perform behavioral monitoring, profiling, or employee surveillance.

6. Data Retention

VERYTIS follows a simple and transparent data retention model:

  • Customer data is retained for the duration of the active subscription
  • Upon account termination, data is scheduled for deletion
  • Data is permanently deleted after a 30-day grace period

This grace period allows customers to recover data or reverse accidental account termination. VERYTIS does not retain customer data beyond contractual requirements.

7. Data Deletion

  • Data deletion applies to primary production systems
  • Associated backups follow the same deletion lifecycle
  • Data is not retained "just in case"

8. Data Ownership

Customers retain full ownership of their data. VERYTIS acts solely as a data processor and does not claim ownership rights over customer data.

9. Data Residency

VERYTIS data is hosted in West US (Oregon).

We operate in a single region by design to ensure predictable jurisdiction, data locality, and auditability.

10. Security Measures

VERYTIS implements industry-standard security measures, including:

  • AES-256 encryption at rest and in transit
  • Official API-based integrations only
  • Least-privilege access controls
  • Logged and restricted internal access

We do not deploy endpoint agents or browser extensions.

11. Cookies

VERYTIS may use cookies or similar technologies for website functionality, security, and basic analytics. You can control cookie preferences through your browser settings.

12. Data Sharing

VERYTIS does not sell or rent personal data. Data may be shared only with:

  • Infrastructure providers (e.g., AWS via Supabase)
  • Service providers strictly necessary to operate the platform

All providers are bound by confidentiality and data protection obligations.

13. International Transfers

Data may be processed in the United States. Where required, appropriate safeguards are applied to ensure compliance with applicable data protection laws.

14. User Rights

Depending on applicable law, users may have the right to:

  • Access their data
  • Correct inaccurate data
  • Request deletion
  • Object to or restrict processing

Requests should be directed to the customer administrator or to VERYTIS directly.

15. Children's Privacy

VERYTIS is not intended for use by individuals under the age of 18.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or website.

17. Contact

For privacy-related questions or requests, please contact:

Email: privacy@verytis.com

VERYTIS audits decisions and actions — not people.