1. Who we are
This Privacy Policy explains how VeriTrust (“VeriTrust”, “we”, “us”) processes information when you visit veritrust.vc and related properties, and when you use our services such as registries, verification endpoints, portals, SDKs, and documentation.
2. Scope
This policy applies to our website, documentation, portals, and services that link to this policy. It does not cover third-party services we link to (e.g., GitHub, LinkedIn) — those are governed by their own policies.
3. Information we collect
3.1 Information you provide
- Contact requests: name, email address, message content (when you contact us).
- Account/portal data (if enabled): username, email, authentication events, and configuration choices.
- Support information: details you submit to help diagnose an issue (may include logs you provide).
3.2 Information collected automatically
- Device and usage data: IP address, browser type, pages viewed, referrer, timestamps, and error events.
- Security telemetry: rate-limit events, suspicious activity indicators, and integrity checks to protect the service.
3.3 Credential and registry data (service-specific)
VeriTrust is a trust infrastructure platform. Depending on the service you use, we may store or process:
- Public identifiers: DIDs, public keys, and registry entries intended to be publicly verifiable.
- Verification metadata: status results (e.g., valid/invalid), timestamps, and audit-relevant logs.
- Content you publish to registries: entries you submit for discoverability and governance.
Important: Do not submit secrets (private keys, passwords, or confidential data) to public registries.
4. How we use information
- To operate and maintain the website and services.
- To provide trust and verification functionality (identity, registries, validation, governance workflows).
- To secure the platform (fraud prevention, abuse detection, monitoring, incident response).
- To improve performance, reliability, and documentation quality.
- To respond to inquiries and provide support.
5. Legal bases (EEA/UK)
- Contract: providing services you request.
- Legitimate interests: operating and securing a trust infrastructure service.
- Consent: where required for optional analytics/cookies (see Cookie Policy).
- Legal obligation: if we must retain certain records.
6. Sharing and disclosure
We may share information only as needed:
- Service providers: hosting, email delivery, monitoring (under contractual obligations).
- Compliance and security: if required by law or to protect users and the platform.
- Public registry data: if you submit content intended for public verification/discoverability.
We do not sell personal information.
7. Data retention
- Contact/support: retained as long as needed to respond and maintain records.
- Security logs: retained for a limited period appropriate for detection and investigations.
- Registry entries: may be retained for integrity/audit and public verifiability, subject to governance rules.
8. Security
We apply technical and organizational measures appropriate for an identity and trust service, including access controls, monitoring, encryption in transit, and least-privilege practices. No method of transmission or storage is 100% secure.
9. Your rights
Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data, and to object or request portability. Some data (e.g., public registry entries) may not be erasable without harming integrity and auditability; in such cases we will explain available options.
10. International transfers
If we transfer personal data across borders, we use appropriate safeguards where required (e.g., contractual protections).
11. Children
Our services are not directed to children, and we do not knowingly collect personal data from children.
12. Contact
Questions or requests: [email protected]
13. Changes
We may update this policy as the platform evolves. We will update the “Last updated” date above.