VerifyDoc Privacy Policy + Data Policy

This Privacy Policy + Data Policy explains how VerifyDoc collects, accesses, uses, stores, shares, retains, and deletes personal data and document-related data when you use the VerifyDoc website, dashboard, Google Docs integration, Microsoft Word integration, signing workflows, verification pages, and related services.

For privacy, deletion, or Google user data questions, contact hello@verifydoc.ai.

For anonymous public verification checks, VerifyDoc does not require account creation and does not collect the following by default:

• government identification numbers or exact GPS location
• payment card data in verification-only flows
• personal contact details of a verifier unless they actively submit them to us

This limitation does not apply to authenticated workspace users, invited signers, or connected Google Docs users, where contact details, audit events, and security telemetry are required to operate the service.

We use data to provide, secure, and improve the VerifyDoc service.

• create and manage workspaces, user sessions, and connected editor integrations
• generate verification QR codes, verification records, certificates, and dashboards
• export or freeze immutable document snapshots for controlled signing and evidence workflows
• send transactional emails such as sign invites, verification codes, and resets
• record audit trails, detect abuse or fraud, and investigate incidents
• measure product performance, maintain service quality, and support customers
• send product updates and marketing emails only where a user has opted in or where another lawful basis applies

When a user connects Google Docs or authorises VerifyDoc with Google, we access Google user data only to provide or improve user-facing VerifyDoc features for that user or their workspace.

• We use Google account email and basic profile data to identify the connected Google user and link that connection to the correct VerifyDoc workspace.
• We use Google Docs and Google Drive file access only to read the authorised document, generate verification QR blocks, prepare immutable signing snapshots, and maintain the related verification or signing workflow.
• We store Google OAuth tokens and connection metadata to maintain the integration until the user disconnects it or the workspace removes it.
• We do not sell Google user data, use Google user data for targeted advertising, transfer it to data brokers, or use Google user data accessed through Google Workspace APIs to train general-purpose AI or machine learning models.
• We do not use Google user data for credit-worthiness, lending, personalised advertising, retargeting, or interest-based advertising.

VerifyDoc does not sell personal data, including Google user data.

We may share data only in the following categories of circumstances:

• with service providers that help us host, secure, monitor, and operate the platform, including cloud infrastructure, storage, and logging providers
• with email delivery providers such as MailerSend or a configured SMTP relay when we send transactional emails or sign invitations
• with Google where required to operate the Google Docs integration and authorised API requests on the user's behalf
• within the customer's workspace where a user has invited teammates, signers, or reviewers into a document workflow
• with professional advisers, regulators, or law enforcement where legally required
• as part of a merger, acquisition, or restructuring, subject to appropriate confidentiality and continuity obligations

We use technical and organisational safeguards designed to protect data.

• encryption in transit and encryption at rest where supported by the service layer
• access controls, role separation, credential hashing, and secrets management
• monitoring, audit logging, fraud controls, and environment-level isolation
• signed evidence manifests, document hashes, and tamper-evident records for signing and verification workflows

We retain data for the period needed to provide the service, preserve signed evidence, prevent fraud, meet contractual obligations, and comply with applicable law.

• Audit logs: 365 days
• Billing events: 365 days
• Email outbox and delivery records: 90 days
• Verification records: 2555 days
• Backups: 30 days

Google OAuth tokens, editor connection metadata, source snapshots, and signing records are retained while the related workspace or signing workflow remains active, unless the data is deleted earlier or a longer retention period is required for evidentiary, security, or compliance reasons.

Users may request deletion or disconnection by contacting hello@verifydoc.ai. Some data may be retained after a deletion request where needed to preserve completed audit trails, signed artifacts, legal obligations, dispute resolution records, or fraud-prevention evidence.

Operational retention defaults are also published on our Data retention page.

• request access to personal data we hold about you
• request correction of inaccurate or incomplete information
• request deletion where applicable under law and contract
• disconnect integrations or stop future Google Docs access
• opt out of marketing emails using the unsubscribe link or by contacting us
• manage cookie preferences through the site cookie controls

To exercise these rights, contact hello@verifydoc.ai.

We may update this policy as our product, integrations, or legal obligations change. If we materially change how we access or use Google user data or other personal data, we will update this page, revise the last updated date, and provide additional notice where required in the product, by email, or through the relevant customer account workflow.