Privacy Policy

1. Introduction

Verak, Inc. ("Verak," "we," "us," or "our") operates the verak.io website and provides seller authenticity infrastructure services for marketplaces. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us in any way.

2. Information We Collect

2.1 Information You Provide

• →Form submissions: Company name, work email, job title, seller count range, and primary concerns when you request an audit or contact us.
• →CSV uploads: Seller data files uploaded for exposure assessments or API integrations. This may include seller IDs, timestamps, email addresses (which may be hashed), IP addresses (which may be hashed), and other seller metadata.
• →Communications: Any information you provide when contacting us via email at hello@verak.io or through other channels.

2.2 Information Collected Automatically

• →Usage data: Pages visited, time spent, browser type, device information, and referring URLs via analytics services.
• →API usage data: Request logs, response times, and error rates for customers using our scoring API (Verak API — Shadow or Verak API — Live).

3. How We Use Your Information

• →Fraud detection analysis: Seller data is processed exclusively for the purpose of detecting fake, synthetic, and coordinated fraudulent seller accounts. This is our core service.
• →Service delivery: To provide exposure assessments and real-time API scoring as requested.
• →Communication: To respond to inquiries, deliver reports, and provide service updates.
• →Improvement: To improve our detection algorithms and service quality. Aggregated and anonymized data may be used for research purposes.

4. Data Sharing and Disclosure

We do not sell, rent, or share your data or your seller data with third parties for their marketing or commercial purposes.

We may share information only in the following limited circumstances:

• →Service providers: With trusted third-party service providers who assist in operating our website and services (e.g., email delivery, hosting, analytics), subject to confidentiality obligations.
• →Legal requirements: When required by law, regulation, legal process, or governmental request.
• →Cross-marketplace intelligence: For Verak API customers, anonymized threat patterns (not raw seller data) may be shared across customers to improve detection. Individual seller data is never shared between customers.

5. Data Retention

• →Exposure assessment data: CSV uploads for exposure assessments are processed and retained for up to 90 days after analysis, then permanently deleted.
• →API data (Shadow & Live): Data associated with API integrations is retained for the duration of the customer relationship plus 12 months.
• →API data: Real-time scoring data is retained for the duration of the active subscription plus 30 days.
• →Contact information: Business contact information is retained until you request its deletion.

6. Data Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security assessments. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the following rights:

• →Access: Request a copy of the personal data we hold about you.
• →Rectification: Request correction of inaccurate personal data.
• →Deletion: Request deletion of your personal data, subject to legal retention requirements.
• →Portability: Request your data in a structured, machine-readable format.
• →Opt-out of sale: Under CCPA, you have the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at hello@verak.io. We will respond within 30 days.

8. Cookies and Tracking

We use minimal analytics (Vercel Analytics) to understand website usage patterns. We do not use third-party advertising cookies or tracking pixels. You can control cookie preferences through your browser settings.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of our services after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: