Last Updated: May 21, 2019
0. WHO WE ARE
This Privacy Notice applies to all products, applications and services offered by Veryfi, Inc. a company incorporated in USA with company registration number 81-4525560 and whose registered office address is 28 E 3rd Ave, Suite 201, San Mateo, 94401, California.
1. SHARING DATA
We never share your data with anyone.
Veryfi is 100% machine powered end-to-end. We do not use humans or data extraction teams to extract or categorize your data.
We value your data—privacy and solely rely on our proprietary machine algorithms to do all the heavy lifting 24×7. Machines do not sleep but they do work hard. This is how we achieve unmatched real-time processing.
1.1. 3RD PARTIES
At your discretion, you can allow 3rd party connections (we call them Connected Apps) to consume your Veryfi data for additional processing into your accounting software or extra cloud storage. Learn more about Connected Apps: https://www.veryfi.com/connected-apps/
At your discretion, you can enable Bank Transaction feeds into Veryfi from your selected institution. Veryfi does not store your bank login credentials, instead relies of Envestnet | Yodlee services to provide a secure token along with data that can be used to reconcile your financials.
2. STORING DATA
Veryfi only stores the data it needs to function properly — for as long as you want Veryfi to function for you.
Veryfi provides subscribers an unlimited cloud service for storage of financial documents in the form of photos, pdfs, and metadata. This allows you access to your data from any of your devices anytime and use our instant server search to quickly access your documents from waaay back. All data is stored heavily encrypted. This way local engineers or physical intruders cannot get access to user data.
You are in control of your data and can make changes to it anytime on web or mobile. To change your personal data, go to your Setting https://hub.veryfi.com/me/ and update it.
3. HOW WE USE YOUR DATA
Your data is only used to improve your product experience.
In technical terms, this means enriching machine models that dramatically improve the accuracy of data extraction, data categorization and automation of your bookkeeping.
Invite your Accountant
When you invite your accountant from your web app profile settings screen, Veryfi adds them to your team so they can access your data for tax purposes. You can remove them from your team at anytime by disabling their account inside the web app under “My Team”.
If you are a part of a team, like your company, then the administrator has access to your data for reimbursement & tax purposes. This is the person who invited you to join the team. Please make sure you take the right steps to validate all invites.
If you feel that your data is being compromised please reach out to us with detailed outline of who, where and how. If you want to separate your data from your company’s team ie. personal receipts, then please take advantage of multiple profiles feature.
4. DELETING DATA
If you would like to delete your account, you can do this by emailing email@example.com. Deleting your account permanently removes all your data you ever stored with Veryfi. This action must be confirmed by you and cannot be undone.
Everything you (the customer) delete from your account using Veryfi interfaces is deleted forever.
Documents via API
Partners are provided an API endpoint to permanently delete the document(s) they have pushed to the Veryfi API. This endpoint can be ran anytime by the partner or as part of the partner implementation workflow.
5. PAYMENT INFORMATION
Veryfi does not process payments from users and instead relies on Stripe (a 3rd party payment provider) to process payments around the world. It is the payment providers that handle and store your credit card details.
Credit card information
When making a purchase, you enter your credit card details into a form supplied by the payment provider (Stripe) that will be processing the payment, and this information goes directly to the payment provider‘s server. Your credit card information never reaches Veryfi’s servers. We do not access and do not store your credit card information.
When you save your credit card info, it is saved on the respective payment provider’s servers and the payment provider gives Veryfi a token that you can reuse for future payments. It is not possible to reconstruct your credit card info from the token.
6. SECURITY AND STORAGE OF INFORMATION
We take security and data—privacy very seriously. Our cofounder (https://www.veryfi.com/about/) has previously built HIPAA compliant solutions used by America’s largest healthcare companies. That experience and more has formed the backbone of our secure bookkeeping platform.
- All communication is over HTTPS/SSL using TLS – same stuff the banks use.
- Our data centers are Amazon AWS (Amazon Web Services) and Microsoft Azure. Both comply with all industry standards like PCI DSS L1, FIPS 140-2, HIPAA, IRAP to ITAR.
- Data at Rest is AES-256 encrypted and In Transit secured by HTTPS TLS 1.2. This means your data is super secure.
- Your passwords are hashed using PBKDF2 and stored one-way encrypted. No one can see your password; even if the data was exposed.
- We perform a PenTest every Quarter (3 months).
- We provide you with extra layers of security accessible from your Profile Settings (https://hub.veryfi.com/me/). This includes: MFA (multi-factor authentication), biometric authentication technology, and enforce strict HIPAA level password complexities.
If you are interested in more engineering detail you can read our engineering posts here.
7. COOKIES, ANALYTICS AND SUPPORT DATA
We only use session cookies to keep you logged into the product. Without session cookies you would not be able to login and maintain a session with Veryfi.
Analytics & Traffic Data
We use Google Analytics to better understand how you experience Veryfi. This helps us build a better product for you and service your complimentary support enquiries.
We use Intercom.com chat button integration to provide you with complimentary 24×7 customer support. The information collected is no more than what you provide us when you signed up or during the support session.
List of Sub-Processors
The following solution providers are part of the Veryfi bookkeeping backbone:
- Amazon Web Services Inc.
- Microsoft Azure Inc.
- Twilio, Inc.
- SendGrid, Inc.
- Intercom, Inc.
We only send you automated emails specific to the Veryfi service eg. notifications about team financial activity you opt-ed into. We never advertise other party services. If you want to unsubscribe from notification emails go to Veryfi’s unsubscribe page https://hub.veryfi.com/unsubscribe/, enter your email and press “Unsubscribe” button.
How to backup/download all your data
We provide 3 means of fetching all your data:
a. Inside the Hub web app, from the left menu select “Reports”; then generate a report with a date range spanning from the time you started to today. In few minutes a report will be generated with your data as CSV, PDF and/or ZIP with all your Documents.
b. Inside the Hub web app, from the left menu select “Documents” and press the Excel icon below the “REFRESH” button. This will allow you to export all the data you see on the screen.
c. Contact our Security Officer on firstname.lastname@example.org. Emails are responded to within 48 hours. Please note that requests outside of the self-serve services may incur a manual labor cost. You will be informed of these before proceeding.
10. California Privacy Rights
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. Veryfi does not currently disclose personal information to third parties for their direct marketing purposes.
11. FURTHER INFORMATION
If you have any queries about how we treat your information, the contents of this Privacy Notice, your rights under local law, how to update your records or how to obtain a copy of the information that we hold about you, please contact our Chief Security Officer on email@example.com
Alternatively you can contact us via our support ticket service on firstname.lastname@example.org