Last Updated: January 2025

Privacy Policy

Your privacy is our priority. Learn how Verafi collects, uses, and protects your information.

Privacy at a Glance
Key points about how we handle your data

We don't sell your data

Your information is never sold to third parties

Enterprise-grade encryption

All data encrypted in transit and at rest

CCPA & GDPR compliant

Full compliance with data protection regulations

You control your data

Access, export, or delete your data anytime

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, company name, and contact information. This data is necessary to provide you access to Verafi services.

Employee Data

To perform compliance analysis, you upload employee timesheets, payroll records, and shift data. This information is processed solely to identify potential meal and rest break violations and is stored securely in encrypted databases.

Usage Information

We automatically collect information about how you interact with our platform, including pages visited, features used, and time spent on the application. This helps us improve our services and user experience.

Technical Data

We collect IP addresses, browser types, device information, and operating system details for security monitoring, fraud prevention, and service optimization.

2. How We Use Your Information

Compliance Analysis

Your employee data is analyzed using our proprietary algorithms to identify potential PAGA violations, calculate exposure, and generate compliance reports. This is the core function of our service.

Service Delivery

We use your account information to provide customer support, send service notifications, process payments, and communicate important updates about your subscription.

Platform Improvement

Aggregated, anonymized usage data helps us understand feature adoption, identify bugs, and develop new functionality that serves our customers better.

Legal Compliance

We may process your information to comply with legal obligations, respond to lawful requests from government authorities, and protect our legal rights.

3. Data Security & Protection

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Database connections use SSL/TLS, and sensitive fields are additionally encrypted at the application layer.

Access Controls

We implement role-based access control (RBAC), multi-factor authentication (MFA), and the principle of least privilege. Only authorized personnel with a legitimate business need can access customer data.

Infrastructure Security

Verafi is hosted on enterprise-grade cloud infrastructure with 99.9% uptime SLA, automated backups, disaster recovery capabilities, and regular security audits.

Monitoring & Incident Response

We maintain 24/7 security monitoring, intrusion detection systems, and a documented incident response plan. Any security incidents are investigated promptly and affected users are notified as required by law.

4. Data Sharing & Disclosure

Service Providers

We work with trusted third-party service providers for hosting (Vercel, Supabase), analytics, payment processing, and customer support. These providers are contractually obligated to protect your data and use it only for specified purposes.

Legal Requirements

We may disclose information when required by law, such as responding to subpoenas, court orders, or other legal processes. We will notify you of such requests unless prohibited by law.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change and given choices regarding your data.

What We Don't Do

We do NOT sell, rent, or trade your personal information to third parties for marketing purposes. We do NOT use your employee data for any purpose other than providing compliance analysis services to you.

5. Your Privacy Rights

Access & Portability

You can access your account information and export your data at any time through your account settings. We provide data exports in standard formats (CSV, JSON).

Correction & Update

You can update your account information and preferences directly in the application. If you need assistance, contact our support team.

Deletion

You can request deletion of your account and associated data. Upon deletion, your data is permanently removed from our systems within 30 days, except where retention is required by law.

Opt-Out

You can opt out of marketing communications at any time. Essential service communications (security alerts, billing notices) cannot be opted out of while you maintain an active account.

California Residents (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information (which we don't do).

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account data: Duration of your subscription plus 30 days
  • Employee compliance data: 3 years (California Labor Code requirement)
  • Billing records: 7 years (tax compliance)
  • Audit logs: 1 year (security monitoring)
  • Anonymized analytics: Indefinitely (service improvement)
7. Cookies & Tracking

We use cookies and similar technologies to:

  • Maintain your login session and authentication state
  • Remember your preferences and settings
  • Analyze usage patterns and improve our service
  • Prevent fraud and enhance security

You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

8. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email: privacy@verafi.com

Address: Verafi, 123 Compliance Way, San Francisco, CA 94105

Data Protection Officer: dpo@verafi.com