Privacy Policy

We collect the following categories of data:

Account data

• Your email address and, if you set one, your name.
• A scrypt hash of your password (we never store your password in plaintext), or, if you sign in with Google, your Google account identifier and basic profile information returned by Google OAuth.
• Session records (a hash of an opaque session token, not the token itself) used to keep you signed in.

Service data you provide

• Monitor configurations: the URLs and API endpoints you ask us to watch, the selectors, extraction rules, conditions, and schedules you define, and any delivery destinations (webhook URLs, Slack/Discord endpoints, notification email addresses).
• Content we fetch on your behalf: snapshots, extracted values, and computed diffs from the third-party pages and endpoints you monitor. This may incidentally contain personal data present on those pages - you are responsible for ensuring you have the right to monitor them.
• Run history, delivery logs, and operational metadata associated with your monitors.
• API keys (stored as hashes) and webhook signing secrets (stored encrypted at rest).

Billing data

• Subscription tier, status, and the customer/subscription identifiers issued by our payment processor. We do not collect or store your full card number - payment details are handled directly by our Merchant of Record (see “How we share data”).

Communications & support data

• When you use the contact form or email us, we receive your name, email address, and the contents of your message. We also temporarily record your IP address to rate-limit and prevent abuse of the contact form.

Technical & usage data

• Server logs including IP address, browser/user-agent, requested URLs, and timestamps, used for security, debugging, and abuse prevention.
• Cookies and analytics data - only to the extent you consent. See “Cookies & analytics” below.

• To provide the Service - run your monitors, detect changes, and deliver notifications.
• To create and secure your account, authenticate you, and maintain sessions.
• To process subscriptions and provide billing, invoices, and tax receipts (via our Merchant of Record).
• To respond to your support requests and communicate with you about the Service, including transactional emails (e.g. email verification, password resets, delivery failures).
• To monitor, debug, secure, and improve the Service, and to prevent fraud and abuse.
• To comply with legal obligations and enforce our Terms of Service.
• With your consent, to measure and improve the product using analytics.

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:

• Performance of a contract - to provide the Service you sign up for.
• Legitimate interests - to secure, debug, and improve the Service and prevent abuse, balanced against your rights.
• Consent - for non-essential cookies and analytics, which you can withdraw at any time.
• Legal obligation - to meet accounting, tax, and other legal requirements.

We do not sell your personal data. We share it only with service providers (“sub-processors”) who process it on our behalf to operate the Service, and only as needed:

• Creem.io - our Merchant of Record and payment processor. Creem handles checkout, card processing, billing, invoicing, and sales-tax/VAT compliance. When you purchase a subscription, your payment and billing information is collected and processed by Creem under its own privacy policy.
• Cloud infrastructure and hosting providers that run our servers, database, and queue.
• A transactional email provider used to send account and notification emails.
• A residential/datacenter proxy network used to fetch the pages you ask us to monitor.
• Google - if you choose to sign in with Google (OAuth).
• Analytics providers (Google Analytics and Microsoft Clarity) - only if you consent.

We may also disclose data if required by law, to enforce our agreements, or to protect the rights, safety, and property of Verid, our users, or others. If Verid is involved in a merger, acquisition, or asset sale, data may be transferred as part of that transaction; we will notify you of any change in ownership or use of your personal data.

Our service providers may process data in countries outside your own, including outside the EEA/UK. Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or an adequacy decision, where applicable.

We keep personal data only as long as needed for the purposes described in this policy:

• Account data is retained while your account is active.
• Monitor configurations, run history, and captured content are retained while the relevant monitor exists and subject to the limits of your plan.
• When you delete your account, we delete or anonymize your personal data within a reasonable period, except where we must retain certain records (e.g. invoices) to meet legal, tax, or accounting obligations.
• Backups and logs are retained for a limited period and then rotated out.

We take reasonable technical and organizational measures to protect your data, including encryption in transit (TLS), encryption at rest for webhook signing secrets, hashing of passwords (scrypt) and API keys, and access controls. Webhook payloads are signed with HMAC-SHA256 so you can verify their authenticity. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

Depending on where you live, you may have the right to access, correct, delete, or export your personal data; to object to or restrict certain processing; to withdraw consent; and to lodge a complaint with a supervisory authority. You can update much of your data directly in your account settings, or delete your account from the dashboard. To exercise any other right, email support@verid.dev and we will respond within the time required by applicable law.

If you are a California resident, you have the right to know what personal information we collect and how we use it, to request deletion, and not to be discriminated against for exercising your rights. We do not sell personal information.

We use cookies and similar technologies. Essential cookies are required for sign-in, security, and basic site operation and cannot be disabled. With your consent, we also use:

• Analytics cookies - Google Analytics and Microsoft Clarity, to understand anonymous usage and improve the product.
• Marketing cookies - conversion tracking and attribution.
• Preference cookies - to remember UI preferences such as layout and theme.

You can accept all, choose “essentials only”, or customize your choices at any time using the cookie controls on our site. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective” date above and, where appropriate, notify you. Your continued use of the Service after an update means you accept the revised policy.

For any privacy question or request, contact Verid at support@verid.dev.