Privacy Notice

Short · Plain English · UK GDPR

This notice explains what personal data Verif-AI collects from you, why we collect it, how long we keep it, and what rights you have over it. We are the data controller for personal data in this notice.

If you have a question we do not answer here, email our data protection lead at privacy@verif-ai.co.uk. We respond to every request within thirty days, usually within three.

What we collect from you

When you sign up: email, name, company name, VAT number (optional), billing address. When you run reports: the search terms and company numbers you queried, the time, and the result. When you pay: your payment is handled by Stripe — we never see your card number.

If you contact support, we keep the email or chat transcript so we can help. That's it.

Why we collect it

To run the service — we need an email to send you reports.
To charge you — Stripe needs billing details.
To improve the product — aggregated, anonymised usage tells us which reports to improve.
To meet legal obligations — UK tax and anti-money-laundering law requires us to keep certain records.

Our lawful bases are contract (to provide the service) and legitimate interest (to improve it, within reasonable limits).

What we don't do

We do not sell your data. We do not share it with advertisers or data brokers. We do not use your queries to train a third-party model. We do not track you across other websites.

We do not collect sensitive personal data (health, political opinion, sexual orientation, etc) and we will refuse to accept it if you try to give it to us.

Where your data is stored

Your account and your report history sit in an encrypted Neon Postgres database hosted in London, UK (AWS eu-west-2). Backups are encrypted at rest and held for thirty-five days.

We use a small number of sub-processors to run the service: Stripe (payments, Ireland), Neon (Postgres database, AWS eu-west-2 / London), Railway (application hosting, EU), Resend (transactional email, USA — under UK–US data bridge adequacy), Companies House (UK Government, public-record source data). A full list with DPAs is available on request.

Reports are about companies, not individuals

The content of a Verif-AI report is drawn from public filings about companies. It contains directors' names and director-role histories because those are public at Companies House. It contains PSC information where a natural person is a person of significant control.

We treat that as public data in the public interest, which is the same basis Companies House uses. Directors and PSCs have the same rights of objection and rectification under UK GDPR — email privacy@verif-ai.co.uk and we will respond.

How long we keep your data

Account data: while your account is open, and thirty days after closure. Report history: seven years, because we may need to evidence what a customer was told and when (anti-money-laundering and audit requirements). Support emails: two years. Anonymised usage logs: indefinitely.

Your rights

You have the right to access your personal data, correct it, delete it, restrict processing, object to processing, and port it to another service. Email privacy@verif-ai.co.uk to exercise any of these. We do not charge for reasonable requests.

You also have the right to complain to the Information Commissioner's Office (ico.org.uk, 0303 123 1113). We'd rather you came to us first, but you do not have to.

Cookies

See the cookies notice. Short version: one essential session cookie, one optional analytics cookie (off by default).

Governing law. These terms and the use of Verif-AI are governed by the laws of England & Wales. Any dispute is subject to the exclusive jurisdiction of the courts of England & Wales.

Contact. Kaisark Innovations Ltd trading as Verif-AI, registered in England & Wales (company no. 12552686), registered office: 101 New Cavendish Street, London, England, W1W 6XH. Email support@verif-ai.co.uk.