PRIVACY POLICY

This Privacy Policy explains how Veriti Incorporated ("Veriti," "we," "our," or "us") collects, uses, shares, and protects personal data when you use SPOTTR, our cybersecurity assessment SaaS platform.

1. Information We Collect

We collect the following categories of data:

1.1 Account Information

When you register for SPOTTR, we collect your name, company name, email address, login credentials, and payment details (processed securely through third-party payment providers).

1.2 User-Provided Data

You may provide domain names, subdomains, and cybersecurity-related responses (e.g., survey information about company policies). This may include limited business contact details.

1.3 Automatically Collected Data

We automatically collect usage data such as IP addresses, browser types, device identifiers, and log files to ensure performance, security, and analytics.

1.4 Publicly Available Data

SPOTTR collects and analyzes publicly available information related to your organization or domain as part of the Service.

2. How We Use Information

We use data to:

  • Provide and maintain the SPOTTR Service;
  • Generate security assessments and reports;
  • Improve performance and functionality;
  • Communicate updates, technical notices, and support information;
  • Enforce our Terms and prevent fraud or misuse.

3. Legal Bases for Processing (GDPR)

For users in the EEA, UK, or Switzerland, we process personal data based on:

  • Performance of a contract (provision of SPOTTR);
  • Compliance with legal obligations;
  • Legitimate interests (e.g., improving the Service);
  • Consent, where explicitly given.

4. Data Sharing and Transfers

We do not sell personal data.

We may share data with:

  • Service providers assisting in operations (e.g., hosting, billing);
  • Legal or regulatory authorities, if required by law;
  • Successors in the event of a merger or acquisition.

Data may be transferred and processed in the United States under appropriate safeguards, including Standard Contractual Clauses (SCCs) where applicable.

5. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described, comply with legal obligations, or resolve disputes. You may request deletion at any time (see Section 7).

6. Security

Veriti implements commercially reasonable administrative, technical, and physical safeguards to protect data from unauthorized access, loss, or disclosure. However, no online service can be entirely secure.

7. Your Rights (GDPR and Other Regions)

You may:

  • Access, correct, or delete your personal data;
  • Request data portability;
  • Object to or restrict processing;
  • Withdraw consent (where applicable).

To exercise rights, email: privacy@veriti.io

8. Children's Privacy

SPOTTR is not intended for individuals under 18. We do not knowingly collect personal data from minors.

9. International Users

Users outside the United States are responsible for ensuring compliance with their local data protection laws. Veriti applies GDPR-equivalent standards for data from the EEA, UK, and Switzerland.

10. Updates to This Policy

We may revise this Policy periodically. The latest version will always be posted on our website, and the "Last Updated" date will reflect the most recent changes.

11. Contact

For privacy-related inquiries, contact:
support@veritispottr.com