Privacy Policy

1. Data Controller

Verlink (“we”, “us”) is the data controller for personal data processed through the platform. We are committed to protecting your privacy in compliance with the GDPR and applicable data protection laws.

2. Data We Collect

We collect and process the following categories of personal data:

• Account data: Name, email address, role, workspace membership
• Authentication data: Passkey credentials, session tokens, device fingerprints
• Operational data: Work items, evidence, templates, and process execution data you create
• Usage data: Access logs, IP addresses, browser information

3. How We Use Your Data

• Provide and operate the platform
• Authenticate your identity and manage sessions
• Maintain audit trails for compliance requirements
• Improve the Service and develop new features
• Send essential service communications

4. Data Storage & Security

Your data is stored in tenant-isolated database schemas with encryption at rest and in transit. We implement industry-standard security measures including passkey-based authentication, progressive security levels, and comprehensive audit logging.

5. Data Retention

Operational data is retained for the duration of your workspace subscription. Upon termination, data is retained for a legally required period (typically 10 years for compliance records) and then securely deleted.

6. Your Rights (GDPR)

Under the GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure (“right to be forgotten”)
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time

7. Third-Party Services

We use select third-party services for infrastructure (cloud hosting, email delivery). All sub-processors are GDPR-compliant and bound by data processing agreements.

8. Contact & DPO

For privacy inquiries or to exercise your rights, contact our Data Protection Officer at privacy@verlink.io.