Privacy Policy

At Verif-y Inc. we place significant emphasis on protecting our users’ personal identifiable information (‘PII”). Protecting your privacy is of the highest importance. This Privacy Policy describes how we use, store, process, protect and enable the sharing of your personal information while using services and tools on our platform – website at www.verif-y.com, the Verif-y app, Verif-y Pass, Verif-y database(s), and through other future delivery methods (together, with any and all future online and offline offerings operated by or on behalf of Verif-y, the “Services”). This Privacy Policy also describes the choices available to you regarding the use of, your access to, and how to update and correct your PII. This Privacy Policy is incorporated by reference into Verif-y’s Terms of Use (the “Terms”).

SECTION 1.    INFORMATION COLLECTED

Information You Provide To Us
When you register for an account with Verif-y and/or use our Services, we collect a wide range of PII that you provide directly to us, which may include:

• Contact details (name, email and address and, telephone number);
• Business contact information (employer’s name and address, job title and business email address and telephone number);
• Academic institution attended (name, date of attendance, graduation date);
• Physical characteristics (gender and height);
• Government-issued identification information (Social Security number, passport number, Alien Registration number and driver’s license number, as well as copies of government-issued identification documents);
• Digital photographs (images from your mobile device camera);
• Biometric data (digital images of fingerprints, irises and face);
• Payment information (billing address and payment card details, including card number, expiration date and security code);
• Demographic details (birthdate, place of birth, citizenship, income level, education level, family status and employment status);
• Location information (GPS data from your mobile device to enable a location-based service);
• Information about your health (via the Verif-y Pass that enables users to use and share their health or other data or information derived from this data to indicate eligibility for access or facilitate access at locations that use the Verif-y Pass for these purposes); and
• Other information you may provide to us or authorize to be provided to us.

Information We Collect Automatically When You Use Our Services
In addition to the PII described above, Verif-y may automatically collect, store and analyze data from your computer or mobile device. Verif-y automatically collect IP addresses and web site usage information when you access our Services, such information includes, the type of browser you use, access times, pages viewed, location, the page you visited before navigating to our platform, information about the computer or mobile device you use to access our platform, including the hardware model, operating system and version, unique device identifiers and mobile network information. This information helps us evaluate how our visitors and subscribers use and navigate our platform on an aggregate basis, including but not limited to the number and frequency of visitors and subscribers to each web page, and the length of their visits. Verif-y reserves the right to match your IP address (or any other data) with other data about you in any way permitted by applicable law.

Use Of Cookies
We may use cookies (as well as web beacons or other technologies) to collect and store information about your visit to, or use of, our platform. Cookies are small data files stored on your hard drive or in device memory that help us improve our online services and your experience, and to see which areas and features of our online services are popular. Web beacons are electronic images that may be used in our online services or emails that help deliver cookies, count visits and understand usage and campaign effectiveness. We may later associate the usage and other information we collect online with PII about you, as permitted or required by law. Most web browsers are set to accept cookies by default. If you prefer, you may be able to set your browser to remove or reject all or specific browser cookies. Please note that if you choose to remove or reject cookies from Verif-y.com, this could affect the availability, functionality and the services by our platform.

Information We Get from Academic Institutions
We may receive PII from academic institutions, school districts, state agencies and similar institutions (“Academic Providers”) The type of PII collected from Academic Providers is similar to the personal information outlined above under “information you provide to us” and may also include student contact information, student demographic information such as age and gender, and student records such as grades, transcripts, class lists, students identification codes. When we obtain your PII directly from Academic Providers, we rely on their lawful authority to collect and use your PII and provide it to us so that we can provide you with Services. Academic Providers are solely responsible for obtaining all required consents and authorizations from the relevant individuals and for satisfying all obligations or rights owed to the Academic Provider’s data subject under application privacy laws. Verif-y is not responsible for the privacy policies or practices of the Academic Providers.

Information We Collect From Other Sources
We may also collect information about you from additional online and offline sources including commercially available third-party sources for the purposes of verifying eligibility and securely offering our services to you. We may combine this information with the PII and other information we have collected about you under this Privacy Policy.

Information Through Other Services
You may give us permission to collect your information in other services. For example, you may connect a social networking service (“SNS”) such as Facebook or Twitter. When you do this, it allows us to obtain information derived from those accounts.

SECTION 2.    USE OF YOUR PERSONAL INFORMATION

Verif-y does not sell, rent, provide or otherwise share your PII with any third parties other than as provided in this Privacy Policy or with your consent.

We use PII collected for the following purposes:

• the purposes you specifically provided the information;
• to register you as a client and establish an account for you;
• to provide you with the Services you signed up for;
• to provide services to our customers;
• to send you email notifications about our new or existing products and services, special offers, to request participation in surveys and/or other forms of market research to improve our products and services, or to otherwise contact you;
• verify your identity;
• to send emails to the email address you provide to us to verify your account and for informational and operational purposes, such as account management, customer service, or system maintenance;
• to enhance existing features or develop new features, products, and services;
• to provide advertisers and other third parties with aggregate information about our user base and usage patterns;
• to detect and prevent fraudulent transactions;
• to ensure internal quality control;
• to enforce our Terms;
• to perform accounting, auditing and other internal functions; and/or
• to carry out any other purpose for which the information was collected.

We also may use the information in other ways with your express consent, such as when you choose to use a service or participate in a program we may offer jointly with another entity. We also may use the information we obtain about you in other ways for which we provide specific notice at the time of collection.

Retention Of PII 
Verif-y retains the PII we receive as described in this Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

Our Legal Bases For Handling Of Your PII
The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your PII. To the extent those laws apply, our legal grounds are as set forth below.

• To honor our contractual commitments to you: much of our processing of PII is to meet our contractual obligations to our users. For example, we handle PII on this basis to create your account and provide our Services.
• Legitimate interests: in many cases, we handle PII on the ground that it furthers our legitimate interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals: this includes:
  • providing a safe and enjoyable user experience;
  • customer service;
  • marketing, e.g. sending emails or other communications to let you know about new features;
  • protecting our users, personnel, and property;
  • analyzing and improving our business, e.g. collecting information about how you use our Services to optimize the design and placement of certain features; and
  • Managing legal issues.
• Legal compliance: We need to use and disclose PII in certain ways to comply with our legal obligations.
• Consent: Where required by law, and in some other cases, we handle PII on the basis of your express or implied consent.
• To protect the vital interests of the individual or others.

SECTION 3     SHARING INFORMATION

Verif-y is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your information with certain third parties, as set forth below:

Consent: We may share information about you with your consent or at your direction.

Verif-y Pass, KYC and other Identity Verification Services: You understand and acknowledge that among the Services we perform are know your customer services (“KYC”), other identity verification services, and provision of the Verif-y Pass. When performing KYC or other identity verification Services, or with respect to the Verif-y Pass, we are hired by a third party to collect your PII for KYC or other identification purposes or in the case of the Verif-y Pass to assist in confirming certain information, including proof of Covid vaccination. When you submit PII for KYC or other identity verification purposes or in connection with the use of the Verif-y Pass, you hereby consent to Verif-y disclosing any portion of such PII submitted for such purposes, as permitted by applicable laws and regulations, to the third party who has hired us to perform such services.

Related Companies, Agents, Consultants and Related Third Parties: We may share information about you with Verif-y related companies as part of the delivery of our Services to you.  We may share information about you with affiliates, consultants, and other service providers to enhance the Services and products we can provide to you or for legal and routine business reasons. The types of service providers to whom we entrust PII include service providers for: (i) provision of IT and related services; (ii) provision of information and Services you have requested; (iii) payment processing; (iv) customer service activities; (v) fraud prevention; and (vi) in connection with the provision of the Services.

Legal Requirements: We may disclose information we obtain about you (1) if we are required to do so by law or pursuant to legal process (such as a court order or subpoena); (2) in response to requests by government agencies, such as law enforcement authorities; (3) to establish, exercise or defend our legal rights; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (5) in connection with an investigation of suspected or actual illegal activity; or (6) otherwise with your consent or at your direction.

Business Transfers: If all or part of our company is sold, merged or otherwise transferred to another entity, the PII you have stored with us may be transferred as part of that transaction.

Aggregated Non-Personal Information: We may share aggregated non-personal information about you with third parties. This is information that is combined with the non-personal information of other Users and does not include PII. We also may not limit the third parties’ use of the aggregated information.

SECTION 4     YOUR ABILITY TO SHARE YOUR PII

Some of our Services allow you to share your Verif-y profile and other PII you have disclosed on the Verif-y platform to third parties.  You are the only one that can consent and request that your information be sent to a third party for viewing.  Once you direct Verif-y to send your PII to a third party, Verif-y is not liable for any of such PII sent to the requested third party, including without limitation any liability for any actions such third party may take with respect to your PII. We encourage you to read or discuss privacy policies and confidentiality issues with the third party you are sending your Verif-y profile to.

SECTION 5     WHERE INFORMATION IS PROCESSED – YOUR CONSENT TO PROCESSING AND TRANSFERRING YOUR PII IN AND TO THE U.S. AND OTHER COUNTRIES

Verif-y is based in the United States. If you are visiting from the European Union or other regions with laws governing data collection and use, no matter where you are located, you consent to the processing and transferring of your information including your PII in and to the U.S. and other countries. The laws of the U.S. and other countries governing data collection and use may not be as comprehensive or protective as the laws of the country where you live.  By accessing and using our Services and our platform, you consent that Verif-y may transfer, process, store, use and disclose your data and PII as described in this Privacy Policy.

SECTION 6     YOUR CONSENT TO VERIF-Y EMAILING YOU

By using the Services or providing your PII to us, you agree that we may communicate with you electronically regarding security, privacy, administrative issues and promotional matters relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on www.verif-y.com or sending an e-mail to you. You may have a legal right to receive this notice in writing.

If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. We will process your request within a reasonable time after receipt. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain communications regarding Verif-y and our Services and you will not be able to opt out of those communications (e.g., communications regarding updates to our Terms or this Privacy Policy).

SECTION 7     UNSOLICITED INFORMATION

You may provide us with ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and we shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.

SECTION 8     YOUR CHOICES

We will provide reasonable opportunity for individuals to access, update, or delete PII about them that we have in our possession. We will not use PII provided to us for purposes incompatible with the purpose for which it was provided without obtaining authorization from the subject of the information. If you wish to request access, or deletion of your personal information please contact us at privacy@verif-y.com.  Note that we may retain certain information as required by law or for legitimate business purposes. We will respond to your request within a reasonable timeframe, usually within thirty (30) business days.

Although Verif-y makes good faith efforts to provide individuals with access to their PII, there may be circumstances in which Verif-y is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question or where it is commercially proprietary. If Verif-y determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries.

The rights and options described above are subject to limitations and exceptions under applicable law. In addition to those rights, you have the right to lodge a complaint with the relevant supervisory authority. However, we encourage you to contact us first, and we will do our very best to resolve your concern.

SECTION 9     WHAT YOU CAN DO TO KEEP YOUR INFORMATION SECURE

Remember that the email verification and two-factor authentication methods we use are for your protection. Consistent with best practices, we recommend that you always create a password that is at least eight characters in length, and that integrates at least one upper and one lower case character, a special character (like an asterisk), and a number. The more random your password, the better.  You do not want to use a word that can be found in a dictionary, nor should you use the names of your friends and family, your birthday, or any other PII associated to you (e.g. your social security number, your street address, the make and model of your vehicle, to name but a few).  For more information about how to create a complex password we recommend reviewing the post from a former Director of NIST entitled Easy Ways to Build a Better P@$5w0rd dated October 04, 2017. While industry best practice is for service providers to invalidate any and all cookies that may have been temporarily stored in the web browser cache, when in doubt, you are advised to remove cookies that may have been stored during your web browsing session.

Viruses are dangerous. They can slip into your system without your knowledge. Some viruses such as Trojan Horses can capture the contents of your system, including your passwords. Installing up-to-date antivirus software and running it will help thwart these and other unwanted programs.

SECTION 10   DATA SECURITY

We take appropriate technical and organizational measures against unauthorized or unlawful processing of PII and other data and against accidental loss or destruction of, or damage to, PII and other data. Please accept however, no security measures are perfect or impenetrable, and Verif-y cannot guarantee that the information submitted to, maintained on, or transmitted from its systems will be completely secure. Verif-y is not responsible for the circumvention of any privacy settings or security measures contained on the Verif-y platform by any users or third parties.

SECTION 11   THIRD PARTY SERVICES

Verif-y’s platform includes links to other sites whose privacy and security practices are different than the ones we implement at Verif-y. If you submit PII to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any platform you visit.

SECTION 12   CHILDREN’S POLICY

The Services are not directed to individuals under the age of 18 and Verif-y does not knowingly collect PII or other information from anyone it knows is under the age of 18.

SECTION 13   MODIFICATIONS

We may change this Privacy Policy from time to time. If we do, we will let you know by appropriate means such as by posting the revised policy on this page with a new “Last Updated” date. All changes will become effective when posted unless indicated otherwise. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. If you object to any changes, you may close your account. Continuing to use our Services and our platform after we publish or communicate a notice about any changes to this Privacy Policy means that you are consenting to the changes.

SECTION 14   GOVERNING LAW

By choosing to visit or utilize the Services or otherwise provide information to us, you agree that any dispute over privacy or the terms contained in this Privacy Policy will be governed by the law of the State of Pennsylvania and the adjudication of any disputes arising in connection with Verif-y or the Services will be in accordance with the Terms.

SECTION 15   REDRESS AND ACCOUNTABILITY/ CONTACT US

If after reviewing this Privacy Policy, you would like to submit a request or you have any questions or privacy concerns, please send us an email at privacy@verif-y.com.

Verif-y will address your concerns and attempt to resolve any privacy issues in a timely manner

SECTION 16  BIOMETRIC DATA RETENTION

Verif-y will retain biometric data only until the occurrence of the first of the following: (i) the initial purpose for collecting or obtaining such biometric data has been satisfied, or (ii) three years following your last interaction with Verif-y.

SECTION 17   NOTICE TO CALIFORNIA USERS

The information provided in this section applies only to California residents.

We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide an explanation of the rights and choices we offer California residents regarding our handling of their personal information, along with information regarding the categories of personal information we collect, use and share.

1. CALIFORNIA RESIDENTS’ PRIVACY RIGHTS

The CCPA grants California residents the following rights:

(i) Information. You can request information about how we have collected, used and shared and used your personal information during the past 12 months.
(ii) Access.  You can request a copy of the personal information that we maintain about you.
(iii) Deletion. You can ask us to delete the personal information that we collected or maintain about you.

Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request.  If we deny your request, we will communicate our decision to you.  You are entitled to exercise the rights described above free from discrimination.

1. HOW TO SUBMIT A REQUEST

• To request access to or deletion of personal information from our databases send an email to us at: privacy@verif-y.com.
• Identity verification. CCPA requires us to verify the identity of the individual submitting a request for their personal information before providing a substantive response to the request.  Because we take the privacy and security of your personal information seriously, we will verify your identity by asking you to both (a) provide certain information about yourself, and then (b) provide us with a notarized affidavit. Once your identity is verified, we will work to provide you with your requested information in a timely manner.
• Authorized agents.  California residents can empower an “authorized agent” to submit requests on their behalf.  To protect your privacy we will require the authorized agent to have a written authorization confirming that authority.

1. PERSONAL INFORMATION THAT WE COLLECT, USE AND SHARE
   
   VERIF-Y will never sell or rent your personal information without your consent. 

Information we collect:

• From you directly: Our Services may collect information directly from you, which identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular consumer or device (“Personal Information”). This personal information may be collected directly from you on our Platform or through the Services, or indirectly from you, for example by observing your actions in the Services or on our Platform.
• From Covered Businesses. Our Services also collects such Personal Information about you indirectly from educational institutions, school districts, or other types of organizations that may be a covered business under the CCPA. In such event Verif-y is deemed an exempt third party as defined in the CCPA, that processes Personal Information on behalf of such covered business for business purposes of electronic ordering, fulfillment, and delivery of academic credentials and data. Such processing activities are governed by the contract between Verif-y and such covered business and the privacy policy of such covered business. This privacy notice to California Residence shall not apply to Personal Information collected from covered businesses as set forth in the paragraph. Please see the privacy policy and notices from such covered businesses.

As described above in this Privacy Policy, we do use cookies and other tracking tools on our website to analyze website traffic and facilitate advertising.

The CCPA requires that companies disclose their collection and use of specific categories of Personal Information enumerated in CCPA. Below is a table of those categories and a notification as to whether Verif-y collects each. Please note that, while each “CCPA category” may cover many types of personal information, Verif-y collects, uses and shares only the personal information described in this Privacy Policy.