Privacy Policy
Last Updated: January 16, 2026 | Effective: January 16, 2026
1. Introduction
VerifyStack ("we," "our," or "us") provides fraud detection and prevention services to businesses. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our services.
This policy applies to:
- Our website and dashboard
- Our API and SDK integrations
- Data processed on behalf of our customers
2. Data Controller
VerifyStack acts as:
- Data Controller for data collected through our website and for customer account data
- Data Processor for data processed on behalf of our customers through our API
Contact: privacy@verifystack.io
3. Information We Collect
3.1 Information You Provide
- Account registration (email, company name)
- Payment information (processed by third-party payment provider)
- Support communications
3.2 Information Collected Automatically
- Device fingerprints and browser characteristics
- IP addresses and geolocation data
- Behavioral signals (mouse movements, typing patterns)
- API usage and request metadata
3.3 Information from Third Parties
- Threat intelligence feeds (VPN, Tor, proxy data)
- Disposable email provider lists
4. How We Use Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Fraud detection and prevention | Legitimate interest |
| Service delivery and billing | Contract performance |
| Security and abuse prevention | Legitimate interest |
| Service improvement | Legitimate interest |
| Legal compliance | Legal obligation |
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Decision logs | 1 year |
| Device fingerprints | 90 days |
| Behavioral signals | 90 days |
| Velocity counters | 7 days |
| Account data | Duration of service + 30 days |
6. Data Sharing
We share data with:
- Service providers: Cloud hosting (Vercel), database (Neon), analytics
- Our customers: Fraud detection results and evidence
- Legal authorities: When required by law
We do not sell personal data.
7. Your Rights
7.1 GDPR Rights (EU/EEA)
- Right of access (Article 15)
- Right to rectification (Article 16)
- Right to erasure (Article 17)
- Right to restriction (Article 18)
- Right to data portability (Article 20)
- Right to object (Article 21)
7.2 CCPA Rights (California)
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale (we do not sell data)
- Right to non-discrimination
7.3 India DPDP Act 2023
- Right to access personal data
- Right to correction and erasure
- Right to grievance redressal
- Right to nominate
To exercise these rights, contact privacy@verifystack.io or use our Data Rights API.
8. International Transfers
Your data may be processed in the United States and other countries. We ensure appropriate safeguards through:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreements with all subprocessors
- Encryption in transit and at rest
9. Security
We implement appropriate technical and organizational measures:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- API key hashing with SHA-256
- Regular security reviews
- Access controls and audit logging
10. Automated Decision-Making
Our fraud detection service involves automated decision-making. Decisions are based on:
- Device and network characteristics
- Behavioral patterns
- Historical data and velocity checks
Our customers make final decisions on how to act on our fraud scores. You may contact our customers directly to contest decisions made using our service.
11. Changes to This Policy
We may update this policy periodically. We will notify you of material changes via email or through our service dashboard.
12. Contact Us
For privacy inquiries:
- Email: privacy@verifystack.io
- Data Rights API:
/api/v1/data-rights