Last updated: January 7, 2026
Privacy Policy
1. Overview
At Verifi ("we," "our," or "us"), protecting your privacy is a fundamental priority. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our AI-powered accounting automation platform that operates directly inside your ERP (the "Service"). Our operations comply with the General Data Protection Regulation (GDPR, EU) and other applicable data protection laws.
Contact:
- Email: compliance@verifi.finance
- Data Protection Officer (DPO): hello@verifi.finance
2. Who Controls Your Data
Verifi acts as the Data Controller for all personal data collected through our platform.
3. What Data We Collect
a. Account & Authentication
- Email address
- Hashed login credentials
- Authentication tokens and session details
- User settings and preferences
b. Financial & Business Data
- Bank transactions and statements
- Invoices, receipts, and accounting records
- VAT, tax information, and reconciliation metadata
- ERP integration data (accessed with your explicit permission)
c. Documents & Uploads
- Uploaded files (e.g., scanned receipts, documents)
- OCR-extracted content
- File metadata (e.g., size, type, creation date)
d. Technical Data
- IP address and device details
- Browser type and operating system
- Usage patterns, session times, and API activity
e. Communication Data
- Messages, support requests, feedback, and survey responses
f. Cookies & Tracking
- Essential (authentication, session security)
- Analytics (service diagnostics and usage statistics)
- Preferences (e.g., language, UI layout)
4. How We Collect Data
- Directly: When you register, upload documents, or contact support
- Automatically: Via cookies, analytics tools, APIs, or our platform
- Via Integrations: Through your ERP and connected systems—always with your explicit approval
5. Legal Basis for Processing (GDPR)
| Legal Basis | Purpose |
|---|---|
| Contract (Art. 6(1)(b)) | To deliver and support our services |
| Legitimate Interests (Art. 6(1)(f)) | Service improvements, analytics, fraud prevention |
| Consent (Art. 6(1)(a)) | Marketing communications, optional cookies |
| Legal Obligation (Art. 6(1)(c)) | Tax and regulatory compliance |
6. How We Use Your Data
- Operate, deliver, and enhance the Service
- Automate repetitive accounting tasks within your ERP
- Match and analyze financial transactions
- Process and extract data from uploaded or integrated documents
- Provide support and respond to inquiries
- Send important notifications and service updates
- Monitor system performance and manage security risks
- Comply with legal and regulatory requirements
Data Retention: All data is stored exclusively within the European Union (EU). Your data never leaves EU territory, and all data is stored solely in secure EU-based infrastructure.
Data Deletion: All processed data, especially from document analysis, ERP synchronization, and automation recommendations, is erased within 24 hours of processing unless required for ongoing accounting activities or by law.
7. Human Oversight & User Responsibility
Verifi leverages AI-powered automation to accelerate manual accounting tasks within your ERP. However, all automated actions and recommendations are subject to explicit human approval prior to final posting in your accounting records.
Important: The user (you) retains full responsibility for verifying, reviewing, and approving all journal postings and financial record entries suggested by Verifi. The final accuracy and compliance of posted entries remains your obligation, even when assisted by AI or Service automation. Our platform accelerates your work—it does not replace your professional judgment.
8. Who We Share Your Data With
a. Trusted Service Providers
For a complete list of our service providers and security practices, please visit: https://trust.verifi.finance/
9. International Data Transfers
All personal data and AI processing are hosted and managed entirely within the EU. If, in specific cases, limited data must leave the EEA, it will only occur under:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions (as recognized by the European Commission)
- Encryption and rigorous access controls
10. Data Retention
| Data Type | Retention Period |
|---|---|
| Active account data | While active + 30 days |
| Deleted account data | Permanently erased after 30-day grace period |
| Financial records | 7 years (statutory requirement) |
| Uploaded documents | Subscription term + 1 year |
| Logs & analytics | 90 days to 2 years (anonymized when required) |
AI-processed and synchronized data is permanently erased within 24 hours of completion of the relevant task, unless required for troubleshooting, ongoing reconciliation, or a legal obligation.
11. Data Security
We devote extensive resources to ensuring your data is safe, including:
- Encryption: TLS 1.3 in transit, AES-256 at rest
- Access Control: Role-based permissions and multi-factor authentication
- Continuous Monitoring: 24/7 system monitoring, audit trails, incident response
- Secure Development: Consistent security reviews, OWASP-compliant practices
- Vendor Management: Regular audits and strict contractual obligations
12. Your Rights
You have the right to:
- Access your personal data
- Rectify inaccuracies
- Request deletion ("right to be forgotten")
- Restrict or object to processing
- Receive a copy of your data (data portability)
- Withdraw consent at any time
- Request a review of automated decisions by a human
To exercise these rights, email compliance@verifi.finance. We typically respond within 30 days.
13. Children's Privacy
Verifi is not designed for users under 16 years of age. We do not knowingly collect or process children's personal data.
14. Cookies & Tracking Technologies
- Essential Cookies: For login security and basic service operation
- Analytics Cookies: To improve and debug the Service
- Preference Cookies: Store your display and language choices
You may control cookie settings within your browser. We do not use third-party advertising cookies.
15. Data Breach Response
If a data breach occurs, we will:
- Notify data protection authorities within 72 hours (where appropriate)
- Inform affected users if there is a significant risk to their rights or freedoms
- Investigate and contain the incident rapidly
- Maintain records of incidents and remedial actions
16. Supervisory Authority
If you have concerns, you may contact your local Data Protection Authority or the Danish Data Protection Agency.
17. Policy Updates
We may update this policy as our service, technology, or legal requirements evolve. For major changes, we will notify you by:
- In-app notification
- Prominent notice on our website
Your continued use of the Service indicates acceptance of any revised policy.
18. Contact
- General inquiries: compliance@verifi.finance
- DPO: hello@verifi.finance
- Rights requests: compliance@verifi.finance (Subject: "GDPR Request – [Your request]")
19. Key Terms
- Personal Data: Information identifying an individual
- Processing: Any action performed on personal data
- Data Controller: The entity determining the purposes and means of processing personal data
- Data Processor: Someone handling data solely on the controller's instructions
20. Compliance & Industry Standards
We maintain compliance with:
- GDPR (EU)
- ePrivacy Directive
- Relevant national and industry-specific laws
We adhere to best practices:
- ISO 27001, SOC 2, OWASP, NIST frameworks
- Ongoing privacy and security audits and assessments
If you have any questions or need further information regarding this Privacy Policy or our data practices, please contact us at compliance@verifi.finance.