"VERA" or "Company" means VERA Innovations (Pty) Ltd.
VERA Product(s)/Platform includes the website, web-based application, mobile application, and decentralised identity and messaging platform operated by VERA, including all verification, credentialing, and audit trail functionalities.
By requesting any of our services or accessing this website, you are deemed to have accepted and agreed to the information collection, use, disclosure, sharing, processing and storage practices described in this Privacy Policy.
The purpose of this Privacy Policy is to demonstrate our commitment to safeguarding personal information of all persons, including juristic persons, with whom we interact and to ensure that we comply with the requirements imposed by any applicable legislation, including the Protection of Personal Information Act 4 of 2013 ("POPI") in South Africa and GDPR European Privacy Regulations (as updated from time to time).
By requesting services, accessing VERA Products, submitting personal information, or interacting with any VERA Product features, you accept and agree to this Privacy Policy's data handling and processing principles. Usage encompasses all identity verification processes, credential management, secure messaging, and audit trail activities performed via VERA Products.
This Privacy Policy governs the collection, processing, use, and retention of personal information when you interact with VERA Products, ensuring full compliance with:
We are continually improving our methods of communication and adding new functionality and features to this Website and to our existing services. Because of these ongoing changes, changes in the law and the changing nature of technology, our data protection practices will change from time to time.
The policy standard applies when you:
VERA may also collect information from third parties (with your permission or as permitted by law) including fraud-prevention agencies, business directories, financial institutions, and governmental sources.
For the purposes of this Policy, the following definitions apply:
Personal Information means any information relating to an identified or identifiable natural person or legal entity, including but not limited to:
Biometric Information or Biometric Data means any Biometric Identifier and any other personal information resulting from specific technical processing relating to the physical, physiological, psychological, or behavioral characteristics of a natural person, which allow or confirm the unique identification of that person. This includes, without limitation:
You may only send us your own personal information or someone else's personal information if you have their permission to do so.
Operator: The party processing personal data on behalf of the Responsible Party (VERA).
Processing means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including collection, receipt, recording, organization, collation, storage, updating or modification, retrieval, alteration, consultation or use, dissemination by means of transmission, distribution or making available in any other form, merging, linking, restriction, degradation, erasure or destruction of information.
Responsible Party: The party determining the purpose and means of processing personal data (the Client).
Data Subject means any natural person to whom personal information relates.
The Operator undertakes to comply with the conditions for the lawful processing of personal information, particularly section 4 of POPI. We will ensure that any processing of your personal information is undertaken in accordance with the values of (i) accountability, honesty, integrity and consistency; (ii) limitation; (iii) purpose qualification; (iv) processing limitation; (v) quality; (vi) openness; (vii) security; and (viii) your participation.
We may process personal information lawfully and in a reasonable manner that does not infringe your privacy.
Permitted Purpose: Use of the Vera Products strictly for KYC, KYB, AML, and verification activities as set out in the website terms and conditions.
The Company collects, stores, and transfers personal information from you in connection with and for the following lawful purposes:
It is your responsibility to obtain any consents required to perform any verifications and VERA shall not be held responsible.
For clarity, the Operator (VERA) acts under instruction of the Responsible Party (Client) for all product transactions and verifications.
Personal Information is processed only for the Permitted Purpose (KYC, AML, verification) and strictly according to Responsible Party instructions.
You must obtain all necessary consents before submitting third-party personal information for processing in VERA Products.
We collect personal information for a specific, explicitly defined and lawful purpose related to a function or activity. We take steps to ensure that you are aware of the purpose of the collection of the information. We may share your personal information with third parties for the purposes of fulfilling our obligations to you.
VERA automatically collects information and data through the use of cookies. A cookie is a small text file that is placed on your device when you visit the website and allows us to provide you with a personalised experience by associating your personal information with your device.
VERA Products are not intended for use by children under the required statutory ages. Accidental provision of such data will result in deletion and notification to relevant parties.
Subject to our compliance with any applicable legislation, particularly POPI, you consent to VERA processing your personal information in a foreign country. This will happen in instances where our servers, suppliers, service providers or services are based and/or hosted outside of South Africa. It must be noted that countries in the European Economic Area are considered to have adequate data protection laws; however, in other countries, agreements shall be entered into to ensure our compliance and the protection of your personal information.
We may disclose aggregate statistical information that we have derived from yours and other people's personal information to our advertisers or business partners.
We can retain your information as long as it is required to provide the services, keep audit trails and/or as permitted by law.
If you are asked to provide your credit card information, such credit card information is used only for payment processing and fraud prevention. This information is not used for any other purpose by us or our financial services providers and will not be kept longer than necessary for providing the services.
All credit card information is processed in strict compliance with the Payment Card Industry Data Security Standard (PCI DSS). We implement industry-standard encryption protocols (including AES-256 and TLS 1.2) to protect your credit card data both in transit and at rest. Your credit card details are never stored on our systems in their original form; instead, we use tokenization technology to replace sensitive cardholder data with unique tokens that have no intrinsic value and cannot be reversed to obtain the original card information.
We do not retain your full credit card information unless you specifically authorize us to do so for future purchases. If you authorize us to retain your card details for recurring payments, we store only the token representation of your card, never the actual cardholder data.
Where you provide bank account information for the purposes of electronic fund transfers, direct deposits, or other banking services, we process this information in accordance with applicable financial services regulations and POPIA requirements. Bank account information is encrypted and stored securely in access-controlled systems. We will not share your banking information with third parties except as necessary to process authorized transactions or as required by law.
If you subscribe for data, news, announcements, alerts or any such information to be emailed to you from the Company, we will hold your details on our database until such time as you choose to unsubscribe from this service. You may do this at any stage by selecting the appropriate option in the alerts section of this site.
The Company may collect, store, and transfer the following types of personal information, including, but not limited to:
The Companies may store your personal information manually or electronically. The Companies may also collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our webmasters. This information reveals nothing personal about you. It is statistical data about our users' browsing actions and patterns which does not identify any individual and allows us to ensure that content from our site is presented in the most effective manner for you and for your computer.
By supplying your personal information and using the Application and related services, you consent to the collection, storage, use and transfer of your personal information, which includes your biometric data, by the Companies.
Biometric information is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable law.
VERA Products facilitate real-time, privacy-preserving business identity verification and credentialing as part of permitted KYC/KYB/AML/legal compliance workflows.
Information processed via VERA includes identity documents, biometric verification (selfie capture, match-to-ID/passport image), company verification (CIPC data), bank account validation, AML screening (including sanction, PEP, enforcement, adverse media lists).
All verification events are recorded in audit trails within the VERA Product, accessible for compliance and dispute resolution.
Credentials and verification results are supplied directly to authorized end users or their organization for business purposes only.
You have the right to:
Technical Measures: VERA uses encryption, access control, audit logging, and secure server architecture to protect product data in transit and at rest.
User Responsibility: You must use strong credentials, secure devices, monitor account activity, and promptly notify VERA of changes or suspected breaches.
No Absolute Guarantee: Transmission and storage of data through VERA Products is not 100% secure; use remains at your own risk.
Personal information processed via VERA Product features is retained only as required to deliver services, support compliance, or as legally mandated.
Data is de-identified or destroyed within two months of contract or subscription expiry unless longer retention is required by law.
The Application is not intended for children under the age of 18 years. The Company does not knowingly collect personal information from children under 18 years of age without verifiable parental consent.
The Company is in compliance with the Children's Online Privacy Protection Act (COPPA) in the United States, as well as applicable children's privacy protections in other jurisdictions where the Company operates. Specifically:
Cookies are small pieces of data stored in text files saved on your mobile device or computer when you visit a website. Cookies allow the website's server to record and store your actions and preferences, such as login information, user history, language settings, font settings, colour settings, and other display preferences, over a particular period.
Cookies ensure visitors do not have to continuously re-enter their details or information whenever they revisit the site or surf between pages.
Some cookies we use are from third party companies, such as Google Analytics, to provide us with web analytics and intelligence about our sites. These companies use programming code to collect information about your interaction with our sites, such as the pages you visit, the links you click on and how long you are on our sites. This code is only active while you are on the Application. For more information on how these companies collect and use information on our behalf, please refer to their privacy policies: Google at Privacy & Terms – Google.
By using the Application you agree that we can place cookies on your device as explained above. If you want to remove existing cookies from your device you can do this using your browser options. If you want to block future cookies being placed on your device you can change your browser settings to do this. Please bear in mind that deleting and blocking cookies will have an impact on your user experience as parts of the site may no longer work. Unless you have adjusted your browser settings to block cookies, our system will issue cookies as soon as you visit our site or click on a link in a targeted email that we have sent you, even if you have previously deleted our cookies.
Acceptance. By requesting any of our services or accessing this website, you are deemed to have accepted this Privacy Policy and any changes to it and, furthermore, you are deemed to have read, understood, accepted, and agreed to be bound by all of its terms.
Changes. We may, in our absolute and sole discretion, change, amend or vary this Privacy Policy at any time and will notify you of the changes by placing a notice on this website or on our own social media channels. The amended Privacy Policy is deemed to apply to you if you continue using this website or our services following the notification.
Other website links. Should you make use of the external links on our website which are provided for your convenience, you should be aware that those websites are not subject to this Privacy Policy.
Exclusion of liability for Unauthorised access. Despite the security measures we have in place to protect your personal information (firewalls, password access and encryption methods) you acknowledge that it may be accessed by an unauthorised third party, e.g. as a result of an illegal activity, and we exclude all liability in this regard. We are not responsible for, nor do we give any warranties or make any representations regarding anyone else's privacy policies or practices relevant to our services. Liability for indirect, special, or consequential damages, data loss, or business interruption is excluded to the extent permitted by law.
VERA Products may integrate third-party services for credentialing, verification, messaging, or storage. Each integration is governed by the terms and policies of those providers. VERA is not liable for their separate activities; users must review and accept any applicable third-party terms.
Exclusion of secure transmissions of data. The personally identifiable information we collect about you is stored in limited access servers. We maintain reasonable safeguards to protect the security, integrity, and privacy of these servers and your personally identifiable information. Notwithstanding this, we cannot guarantee that data transmission over the internet is 100% secure and therefore cannot warrant the security of any personal identifiable information transmitted by you.
If you have any questions, comments or concerns about this Privacy Policy or the use of your personal information, or if you would like to update or remove your personal information, please contact us at privacy@vera-id.io.