Company logoHelp Centre
Visit veridox.ai

Privacy Policy

13 min. readlast update: 02.06.2026

1. Introduction

Asset Protect Ltd, trading as Veridox ("we", "us", "our"), is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, and protect personal data when you use our fraud detection platform and related services.

This Policy applies to all users of the Veridox platform, including our website, API, dashboard, and any related services. For the purposes of data protection law, Asset Protect Ltd is the data controller for personal data we process about our customers and users.

Our Details:
Asset Protect Ltd (trading as Veridox)
Company Number: 15214106
Registered Office: 56 Manchester Road, Altrincham, WA14 4PJ, United Kingdom
Email: privacy@veridox.ai

2. What Personal Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Company name and business information
  • Phone number (optional)
  • Payment and billing information
  • Account preferences and settings

2.2 Usage Data

We automatically collect information about how you use our platform:

  • API usage logs and statistics
  • Upload metadata (file types, sizes, processing times)
  • Platform interaction data (features used, time spent)
  • Technical information (IP address, browser type, device information)
  • Error logs and diagnostic information

2.3 Communications

When you contact us, we may collect:

  • Content of your communications
  • Support ticket information
  • Feedback and survey responses

2.4 Documents and Content

We process documents you upload for analysis, which may contain personal data depending on the content you choose to analyse.

3. How We Use Personal Data

3.1 Service Provision

We use personal data to:

  • Provide fraud detection and analysis services
  • Manage your account and authenticate access
  • Process payments and maintain billing records
  • Provide customer support and respond to inquiries
  • Monitor platform performance and security

3.2 Improvement and Development

We may use aggregated, anonymised data to:

  • Improve our algorithms and detection capabilities
  • Develop new features and services
  • Conduct research and analytics
  • Generate usage statistics and reports

3.3 Communications

We may use your contact information to:

  • Send service-related notifications
  • Provide technical support
  • Share important updates about our platform
  • Send marketing communications (with your consent)

4. Lawful Bases for Processing

We process personal data based on the following lawful bases under GDPR:

4.1 Contract Performance

Processing necessary to perform our contract with you, including service delivery and account management.

4.2 Legitimate Interests

Processing for our legitimate business interests, including:

  • Platform security and fraud prevention
  • Service improvement and development
  • Customer support and communications
  • Business analytics and reporting

4.3 Legal Compliance

Processing required to comply with legal obligations, such as tax and accounting requirements.

4.4 Consent

Where you have provided explicit consent, such as for marketing communications or optional features.

5. Data Sharing and Sub-Processors

5.1 Limited Sharing

We do not sell personal data. We may share personal data with:

  • Service providers who help us operate our platform
  • Payment processors for billing and transactions
  • Cloud infrastructure providers for hosting and storage
  • Analytics and monitoring services
  • Professional advisors (lawyers, accountants, auditors)

5.2 Sub-Processor List

Current sub-processors include:

  • Amazon Web Services (cloud infrastructure)
  • Stripe (payment processing)
  • Microsoft Azure (additional cloud services)
  • Google Analytics (website analytics)

We maintain a complete list of sub-processors and will notify customers of any changes.

5.3 Legal Requirements

We may disclose personal data when required by law or to protect our rights and safety.

6. International Transfers

Personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules
  • Certification schemes and codes of conduct

7. Data Retention

7.1 Retention Periods

We retain personal data for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: Until account deletion plus 7 years for legal compliance
  • Usage logs: 2 years for security and analytics purposes
  • Uploaded documents: Typically deleted within 24 hours after processing
  • Billing records: 7 years for tax and accounting purposes
  • Support communications: 3 years for quality assurance

7.2 Deletion Process

When retention periods expire, we securely delete or anonymise personal data according to our data governance procedures.

8. Your Rights as a Data Subject

Under data protection law, you have the following rights:

8.1 Access Right

You can request a copy of the personal data we hold about you.

8.2 Rectification Right

You can ask us to correct inaccurate or incomplete personal data.

8.3 Erasure Right

You can request deletion of your personal data in certain circumstances.

8.4 Restriction Right

You can ask us to restrict processing of your personal data in specific situations.

8.5 Portability Right

You can request your personal data in a portable format.

8.6 Objection Right

You can object to processing based on legitimate interests or for direct marketing.

8.7 Exercising Your Rights

To exercise these rights, contact us at privacy@veridox.ai. We will respond within one month.

9. Security Measures

We implement comprehensive security measures to protect personal data:

9.1 Technical Safeguards

  • Encryption in transit and at rest
  • Multi-factor authentication
  • Regular security updates and patches
  • Network security and firewalls
  • Intrusion detection and monitoring

9.2 Organisational Measures

  • Staff training on data protection
  • Access controls and need-to-know principles
  • Regular security assessments
  • Incident response procedures
  • Data protection impact assessments

10. Cookies and Analytics

10.1 Cookie Usage

We use cookies and similar technologies for:

  • Essential platform functionality
  • User authentication and session management
  • Performance monitoring and analytics
  • User preference storage

10.2 Analytics

We use Google Analytics to understand how our website is used. This involves collecting anonymised usage data.

10.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality.

11. Marketing Communications

We may send marketing communications about our services with your consent. You can unsubscribe at any time using the link in our emails or by contacting us directly.

We do not share your personal data with third parties for their marketing purposes without your explicit consent.

12. Children's Privacy

Our platform is not intended for use by children under 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through our platform. The updated policy will be effective from the date specified in the notice.

14. Contact Details

For questions about this Privacy Policy or to exercise your data protection rights:

Data Protection Officer
Asset Protect Ltd (trading as Veridox)
56 Manchester Road
Altrincham, WA14 4PJ
United Kingdom
Email: privacy@veridox.ai

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data properly.

Data Processing Addendum

Last updated: 15 July 2025

1. Definitions

In this Data Processing Addendum ("DPA"):

  • "Controller" means the entity that determines the purposes and means of processing Personal Data;
  • "Processor" means the entity that processes Personal Data on behalf of the Controller;
  • "Personal Data" has the meaning given in applicable Data Protection Laws;
  • "Data Protection Laws" means all applicable privacy and data protection laws, including GDPR, UK GDPR, and other relevant legislation;
  • "Data Subject" means an identified or identifiable natural person;
  • "Sub-processor" means any Processor engaged by Veridox to process Personal Data.

2. Purpose and Scope

This DPA applies when Veridox processes Personal Data on behalf of the Client in the course of providing the Platform services. It supplements and forms part of the Terms of Use.

This DPA takes precedence over any conflicting provisions in the Terms of Use regarding data protection matters.

3. Roles of the Parties

3.1 Controller and Processor

The parties acknowledge that:

  • Client acts as Controller for Personal Data contained in documents uploaded to the Platform;
  • Veridox acts as Processor when processing such Personal Data to provide the services;
  • Each party may also act as Controller for Personal Data they collect directly.

3.2 Independent Controllers

For account information and usage data collected directly by Veridox, each party acts as an independent Controller and is responsible for their own compliance with Data Protection Laws.

4. Details of Processing

4.1 Categories of Data Subjects

Data subjects may include individuals whose information appears in documents uploaded for analysis.

4.2 Categories of Personal Data

Personal Data may include:

  • Names and contact information
  • Identification numbers
  • Financial information
  • Any other personal information contained in uploaded documents

4.3 Processing Activities

Veridox processes Personal Data to:

  • Analyse documents for fraud indicators
  • Extract metadata and technical information
  • Generate analysis reports and outputs
  • Provide platform services as described in the Terms

5. Client Obligations

As Controller, Client warrants and undertakes to:

  • Comply with all applicable Data Protection Laws;
  • Have lawful basis for processing and sharing Personal Data with Veridox;
  • Provide necessary notices to Data Subjects;
  • Obtain required consents where necessary;
  • Only upload Personal Data necessary for the intended analysis;
  • Implement appropriate technical and organisational measures;
  • Promptly notify Veridox of any data protection issues or Data Subject requests.

6. Veridox Obligations as Processor

Veridox undertakes to:

  • Process Personal Data only on documented instructions from Client;
  • Ensure processing staff are subject to confidentiality obligations;
  • Implement appropriate technical and organisational security measures;
  • Not engage Sub-processors without Client consent;
  • Assist with Data Subject rights requests;
  • Assist with security breach notifications;
  • Delete or return Personal Data upon termination;
  • Provide information necessary for compliance audits.

7. Security Measures

Veridox maintains appropriate technical and organisational measures including:

7.1 Technical Measures

  • Encryption of Personal Data in transit and at rest
  • Regular security testing and vulnerability assessments
  • Access controls and authentication systems
  • Secure development practices
  • Network security and monitoring

7.2 Organisational Measures

  • Staff training on data protection
  • Clear data handling procedures
  • Incident response plans
  • Regular security reviews
  • Third-party security certifications

8. Use of Sub-Processors

8.1 Authorised Sub-Processors

Client provides general authorisation for Veridox to engage Sub-processors for specific processing activities.

8.2 Sub-Processor Requirements

Veridox ensures that Sub-processors:

  • Provide sufficient guarantees of compliance
  • Are bound by data protection obligations equivalent to this DPA
  • Implement appropriate security measures
  • Are subject to regular compliance monitoring

8.3 Changes to Sub-Processors

Veridox will inform Client of any intended changes to Sub-processors, allowing Client to object to such changes.

9. Data Subject Rights

Veridox will assist Client in responding to Data Subject requests by:

  • Providing available information about processing activities
  • Implementing technical measures to facilitate rights exercise
  • Promptly forwarding any direct requests from Data Subjects
  • Assisting with data portability and correction requests
  • Supporting deletion requests within technical capabilities

10. Data Breach Notification

10.1 Incident Response

Veridox will:

  • Notify Client without undue delay upon becoming aware of a Personal Data breach
  • Provide available information about the nature and scope of the breach
  • Assist Client in assessing the risks and potential impact
  • Cooperate in breach investigation and remediation efforts
  • Implement measures to address the breach and prevent recurrence

10.2 Client Responsibilities

Client remains responsible for determining whether to notify Data Subjects and supervisory authorities as required by law.

11. Data Transfers and International Safeguards

When Personal Data is transferred outside the European Economic Area, Veridox ensures appropriate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Binding Corporate Rules for intra-group transfers
  • Additional technical and organisational measures as needed

12. Audit and Inspection Rights

Veridox will provide Client with information necessary to demonstrate compliance with this DPA. Upon reasonable request and with appropriate notice, Veridox will allow audits by Client or independent auditors, subject to:

  • Reasonable advance notice (at least 30 days)
  • Appropriate confidentiality protections
  • Minimal disruption to Veridox operations
  • Client covering reasonable costs

13. Return or Deletion of Data

Upon termination of the services or upon Client request, Veridox will:

  • Delete all Personal Data processed on Client's behalf
  • Provide confirmation of deletion upon request
  • Return Personal Data in a commonly used format if requested
  • Ensure Sub-processors also delete Personal Data

Veridox may retain Personal Data if required by law, provided it continues to protect the data and limits further processing.

14. Liability and Indemnity

Each party's liability for data protection violations shall be governed by applicable Data Protection Laws. The liability limitations in the Terms of Use apply except where prohibited by law.

15. Duration and Termination

This DPA remains in effect for the duration of the Terms of Use and any period during which Veridox processes Personal Data on Client's behalf.

16. Governing Law and Jurisdiction

This DPA is governed by the same law as the Terms of Use. Data protection matters shall be governed by the applicable Data Protection Laws of the relevant jurisdiction.

17. Contact Details

For data protection matters under this DPA:

Data Protection Officer
Asset Protect Ltd (trading as Veridox)
56 Manchester Road
Altrincham, WA14 4PJ
United Kingdom
Email: dpo@veridox.ai

Acceptable Use Policy

Last updated: 15 July 2025

1. Introduction

This Acceptable Use Policy ("AUP") defines permitted and prohibited uses of the Veridox platform. It supplements our Terms of Use and applies to all users of our services.

Violation of this AUP may result in suspension or termination of your access to the Platform.

2. Permitted Use of the Platform

You may use the Veridox platform to:

  • Detect fraud and authenticate documents for legitimate business purposes
  • Analyse documents you own or have permission to analyse
  • Integrate our API into your applications according to our documentation
  • Use our platform for compliance and risk management activities
  • Conduct research using your own data

3. Prohibited Conduct

3.1 Illegal Activities

You may not use the Platform to:

  • Violate any applicable laws or regulations
  • Facilitate fraud or other criminal activities
  • Infringe intellectual property rights
  • Violate privacy laws or process personal data unlawfully
  • Engage in money laundering or terrorist financing

3.2 Harmful Content

Do not upload content that:

  • Contains malware, viruses, or malicious code
  • Is defamatory, abusive, or harassing
  • Promotes violence or illegal activities
  • Contains child exploitation material
  • Violates export control laws

3.3 Technical Misuse

You must not:

  • Attempt to reverse engineer or hack the Platform
  • Use automated tools to access the Platform except via our API
  • Overwhelm our systems with excessive requests
  • Share API keys or credentials with unauthorised parties
  • Attempt to bypass security measures or usage limits

4. Security and System Integrity

4.1 Account Security

You must:

  • Keep your account credentials secure and confidential
  • Use strong passwords and enable two-factor authentication
  • Notify us immediately of any suspected security breaches
  • Regularly review and audit account access

4.2 Responsible Use

You agree to:

  • Use the Platform only for its intended purposes
  • Respect other users and our systems
  • Report any technical issues or vulnerabilities responsibly
  • Cooperate with our security investigations

5. Fair Usage and Resource Limits

5.1 Usage Limits

Usage must comply with the limits specified in your subscription plan. Excessive use that impacts system performance or other users may result in throttling or suspension.

5.2 Commercial Use

The Platform is intended for legitimate business use. Reselling or providing Platform access to third parties requires a separate agreement.

5.3 Testing and Development

Use our sandbox environment for testing and development. Do not use production systems for testing purposes.

6. Consequences of Breach

6.1 Enforcement Actions

Violation of this AUP may result in:

  • Warning notices and requests to cease prohibited activities
  • Temporary suspension of Platform access
  • Permanent termination of your account
  • Legal action for serious violations
  • Cooperation with law enforcement agencies

6.2 Investigation

We reserve the right to investigate suspected violations and may access account information and usage data as necessary for such investigations.

7. Changes to This Policy

We may update this AUP from time to time. Material changes will be communicated through email or platform notifications. Continued use of the Platform after changes constitutes acceptance of the updated policy.

For questions about this Acceptable Use Policy, contact us at support@veridox.ai.

Was this article helpful?