Privacy Policy

Effective Date: August 9, 2025

INTRODUCTION

VeraLok Holdings Inc. ("VeraLok," "Company," "we," "our," or "us") is committed to protecting the privacy and security of all individuals and institutions who interact with our services. Trust is at the center of our mission, and this Privacy Policy describes how we collect, use, disclose, and safeguard information across our global operations.

By accessing or using VeraLok services, you acknowledge and agree to the practices described in this Privacy Policy. This Policy forms part of our Terms of Use and applies to all users, partners, and institutions who engage with our platform.

We may update this Privacy Policy periodically to reflect legal, operational, or technological developments. The latest version will always be posted at www.veralok.io or www.veralok.us with prominent notice of any material changes.

INFORMATION WE COLLECT

VeraLok applies a data minimization principle, collecting only the information necessary to deliver trusted identity verification and compliance services.

1. Identity Data

•Verification details such as government-issued documents (encrypted, not stored)
•Biometric confirmation signals (processed transiently)
•Derived trust signals anonymized immediately after use

2. Technical and System Data

•Device identifiers, IP addresses, browser information
•Session metadata, timestamps, and network diagnostics
•API usage patterns and system telemetry for fraud detection

3. Account and Communication Data

•Contact details (e.g., phone number, email, institutional identifiers)
•Support requests, service feedback, and correspondence
•Documentation exchanged with institutional partners

4. Compliance and Security Data

•Records required for regulatory reporting
•Logs for fraud detection and audit trails
•Evidence supporting compliance certifications

HOW WE USE INFORMATION

We process Personal Data only for legitimate business purposes, including:

Service Delivery

Performing identity verification, maintaining user accounts, and enabling secure API integrations

Security and Fraud Prevention

Detecting suspicious behavior, preventing misuse, and protecting users from fraud

Legal and Regulatory Compliance

Meeting obligations under global data protection and financial regulations

Service Improvement

Conducting anonymized analytics for performance optimization

Communication and Support

Providing service updates, security alerts, and responding to support requests

✓ We do not use Personal Data for advertising, behavioral profiling, or resale.

DATA SECURITY

VeraLok maintains institutional-grade safeguards:

Technical Measures

•End-to-end encryption (AES-256, TLS 1.3)
•Role-based access control
•Multi-factor authentication
•Continuous penetration testing

Organizational Measures

•Confidentiality obligations for staff
•Regular security training programs
•Vendor due diligence
•24/7 security monitoring

DATA RETENTION

We retain Personal Data only as long as necessary for the purposes described:

Identity Data:Deleted within 24 hours of verification completion

Technical Data:Retained up to 6 months for security and optimization

Compliance Records:Preserved for 5 years to meet regulatory requirements

Account Data:Maintained during active service plus legal retention periods

YOUR RIGHTS

Depending on jurisdiction, you may have the right to:

•Access the data we hold about you
•Request corrections or updates
•Request deletion subject to retention obligations
•Request portability in machine-readable format
•Restrict or object to certain processing activities

Enhanced Rights by Region:

GDPR (EU/UK): Rights to withdraw consent, object to profiling, and lodge complaints
CCPA/CPRA (California): Rights to know, delete, correct, and opt out of sales/sharing
LGPD (Brazil): Rights to confirmation of processing and review of automated decisions

CONTACT INFORMATION

For privacy inquiries or to exercise your rights:

VeraLok Holdings Inc.

251 Little Falls Drive, Wilmington, Delaware 19808

privacy@veralok.io