Request a demo

Privacy Policy

Effective date: 16 November, 2023

Last updated: 21 November 2025

This Privacy Policy describes how Veristage (“Veristage”, “we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website, subscribe to our newsletter, or request a demo.

We are committed to protecting your privacy and processing your personal data in accordance with applicable data protection laws, including the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA).

Veristage is the data controller for the personal data described in this Privacy Policy.

We do not sell or “share” your personal information (as “sell” and “share” are defined under CCPA/CPRA) to third parties for their own marketing purposes.

1. Personal data we collect

We may collect and process the following categories of personal data when you interact with our website or services:

1.1 Information you provide directly

We collect personal data that you choose to provide to us, including when you:

  • Subscribe to our newsletter
    • Identification and contact data: name, email address
    • Your communication preferences
  • Request a demo or contact us via our website forms
    • Identification and contact data: name, email address, job title, company name, country/region (if provided)
    • Content of your message or inquiry
  • Participate in surveys or research
    • Any information you choose to provide in response to our questions, which may include opinions, feedback, and information about your use of our services.
  • Correspond with us
    • Information contained in any correspondence between you and us (e.g., via email, contact form, telephone), including your name, contact details, and the content of your communications.

1.2 Information collected automatically

When you visit or use our website and services, we may automatically collect certain information:

  • Website usage data
    • IP address, browser type and version, time zone setting, device identifiers, operating system and platform
    • Pages you visit, the time and date of your visit, the time spent on those pages, clickstream data, and other diagnostic data
    • Login data (where applicable)
  • Technical data
    • Information about the device you use to access our website and services, such as hardware model, operating system and version, unique device identifiers, and mobile network information (where relevant).
  • Cookies and similar technologies
    • We use cookies and similar tracking technologies to operate and improve our website, understand usage patterns, and, where applicable, provide analytics.
    • You can manage your cookie preferences through your browser settings and, where provided, via our cookie banner or settings tool.

2. How we use your personal data and legal bases (GDPR/UK GDPR)

The legal basis we rely on to collect and use your personal data depends on the context in which it is collected. We may process your personal data on the following bases:

  • Consent
    • Sending you our newsletter and other marketing communications, where required by law.
    • Collecting non‑essential cookies/analytics data where consent is required.
    • You may withdraw your consent at any time (see “Your rights” below or the unsubscribe link in our emails).
  • Performance of a contract or taking steps at your request prior to entering into a contract
    • Providing and administering our SaaS application “Insight” to you or your organization.
    • Responding to demo requests and other service‑related inquiries.
  • Legitimate interests
    We may process your personal data where necessary for our legitimate business interests, provided your interests and fundamental rights do not override those interests. These include:
    • Responding to your inquiries and providing customer support.
    • Improving, maintaining, and securing our website, services, and infrastructure.
    • Understanding how customers and visitors use our website and services.
    • Keeping records of correspondence and interactions with you.
    • Basic direct marketing to business contacts, where permitted by law and where we provide an easy way to opt out.
  • Compliance with legal obligations
    • Complying with applicable laws and regulations, lawful requests, and legal process.
    • Maintaining records required by tax, accounting, or other laws.

3. Marketing communications

We may use your personal data to send you information about products, features, and services that we believe may be of interest to you.

We will only send you email marketing:

  • where you have opted in (where required by law), or
  • where we have another lawful basis and it is permitted by applicable law (e.g., legitimate interest in B2B contexts).

You may opt out of marketing communications at any time by:

  • Clicking the “unsubscribe” link in any marketing email we send, or
  • Contacting us using the details under “Contact us” below.

If you opt out of marketing, we may still send you non‑marketing communications, such as service or administrative messages.

4. How we share your personal data

We may share your personal data with the following types of recipients, strictly for the purposes described in this Privacy Policy:

  • Service providers and vendors
    We engage third‑party service providers who process data on our behalf, such as those listed below. These third parties are contractually required to protect your data and only process it in accordance with our instructions.
    • Cloud hosting providers (including AWS)
    • Email and newsletter platforms
    • CRM and sales tools
    • Analytics providers
    • IT support and security providers
  • Professional advisers
    Such as lawyers, auditors, and insurers, where necessary for the services they provide to us.
  • Authorities and law enforcement
    Where we are legally required or permitted to do so, to comply with legal obligations or to protect our rights, users, or others.

We do not sell your personal data, and we do not share your personal data with third parties for their own independent marketing purposes.

5. International data transfers

Veristage is headquartered in the United States. Your personal data may be transferred to, stored in, or accessed from countries outside your country of residence, including the United States, where data protection laws may differ.

Where we transfer personal data from the European Economic Area (EEA), the UK, or other regions with data transfer restrictions:

  • We will use appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or equivalent mechanisms, or
  • We will rely on other available legal bases for transfer, as permitted by applicable law.

You may contact us for more information about the safeguards we use.

6. How we store and protect your data

We may store data collected by the website and our services both manually and electronically.

  • Data is stored on our secure servers and/or in secure data centers (including AWS) based on your geographic location and our infrastructure design.
  • We design, build, and run our systems to protect your data during transmission and storage, using appropriate technical and organizational measures.

However, please note:

  • No method of transmission over the internet or method of electronic storage is completely secure.
  • While we strive to protect your personal data, we cannot guarantee absolute security of data transmitted to or from our website. Any transmission is at your own risk.

7. How long we keep your personal data

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for satisfying any legal, regulatory, accounting, or reporting requirements.

Examples:

  • Newsletter subscribers and general website contacts:
    We typically retain contact details and related interaction logs for up to three (3) years after the last meaningful interaction (e.g., opening an email, clicking a link, submitting a form), unless you request deletion sooner or we are required by law to retain it longer.
  • Contractual and account data (for customers):
    We retain data for the duration of the contract and for a period thereafter as necessary to comply with legal obligations and to resolve disputes.

We may retain certain data in aggregated or anonymized form, which does not identify you, for analytics or statistical purposes.

8. Your rights

8.1 Rights under GDPR/UK GDPR (EEA/UK residents)

If you are located in the EEA or UK, you have the following rights with respect to your personal data, subject to certain conditions and exceptions:

  • Right of access – to request copies of your personal data we hold.
  • Right to rectification – to request that we correct any inaccurate or incomplete information.
  • Right to erasure – to request that we delete your personal data, where there is no good reason for us to continue processing it.
  • Right to restrict processing – to request that we restrict the processing of your personal data in certain circumstances.
  • Right to object – to object to our processing of your personal data based on our legitimate interests, and to object at any time to processing for direct marketing.
  • Right to data portability – to request that we transfer your personal data to you or to a third party in a structured, commonly used, machine‑readable format, where technically feasible.

You also have the right to lodge a complaint with your local supervisory authority if you believe that our processing of your personal data infringes applicable data protection laws.

8.2 Rights for California residents (CCPA/CPRA)

If you are a California resident, you may have the following rights under CCPA/CPRA with respect to certain personal information we collect:

  • Right to know/access – to request that we disclose:
    • the categories and specific pieces of personal information we have collected about you,
    • the categories of sources from which the information was collected,
    • the purposes for which we collected your information, and
    • the categories of third parties with whom we share your information.
  • Right to deletion – to request that we delete personal information we have collected about you, subject to certain exceptions.
  • Right to correct – to request that we correct inaccurate personal information that we maintain about you.
  • Right to non‑discrimination – we will not discriminate against you for exercising any of your rights under CCPA/CPRA (e.g., by denying services or charging different prices).
  • Right to opt out of sale or sharing – You have the right to direct us not to sell or share your personal information.
    • We do not sell or share your personal information as those terms are defined under CCPA/CPRA.

You may submit a request to exercise these rights using the contact details in the “Contact us” section below. Where permitted by law, we may require you to verify your identity before fulfilling your request. You may also authorize an agent to act on your behalf, subject to verification.

9. How to exercise your rights

If you wish to exercise any of your rights or have questions about how we handle your personal data, please contact us:

Data Protection Officer
Thomas Cox
Email: thomas.cox@veristage.com

General contact
Email: info@veristage.com

Postal address
Veristage
PO Box 1405
Florence, AL 35631
United States

We will respond to your request within one month (or within the timeframe required by applicable law). In some cases, we may need additional information to verify your identity.

10. Children’s privacy

Our website and services are not directed to children under 13 (or a higher age where required by applicable law), and we do not knowingly collect personal data from children without appropriate parental consent.

If you believe that a child has provided us with personal data without appropriate consent, please contact us using the details above, and we will take steps to delete such information as required by law.

11. Third‑party websites and services

Our website may contain links to other websites or services that are not operated by Veristage. This Privacy Policy applies only to our website and services.

If you click on a third‑party link, you will be directed to that third‑party’s site. We strongly recommend that you review the privacy policy of every site you visit, as we are not responsible for their content, privacy policies, or practices.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. If we make material changes, we may provide additional notice (such as by email or a prominent notice on our website) as required by law.

Your continued use of our website and services after any changes become effective signifies your acceptance of the updated Privacy Policy.