Privacy policy

Updated: July 1, 2025

This document sets out the principles for the processing of personal data by VeriSearch.AI Sp. z o.o. in connection with the provision of the Service, which consists of making available an artificial intelligence-based system (hereinafter: "System"), as defined in the General Terms and Conditions.

The System can operate through various interfaces (e.g., chat, form, file upload, WhatsApp, intranet, etc.) and allows for the processing and generation of content based on data provided by the client (Licensee). Within the meaning of the GDPR, VeriSearch.AI acts as a data processor, and the client using the System is the data controller.

This Privacy Policy is for informational purposes. A detailed description of the technical and organizational measures we apply, information classification, and security management procedures can be found in our Information Security Policy (ISP). The legally binding obligations regarding the processing of data on behalf of the client, including the list of sub-processors and detailed security measures, are set out in the Data Processing Agreement (DPA), which is an integral part of the service agreement.

1. Data Processor and Controller Information

VeriSearch.AI Sp. z o.o.
ul. 1 Maja 13, 10-117 Olsztyn, Poland
KRS 0001124517, NIP 7394005298
email: kontakt@verisearch.ai

2. Scope and Categories of Data Processed

Depending on the use of the System, the following may be processed:

  • Identification data (e.g., name, surname, email),
  • Contact data (e.g., phone number, messenger ID),
  • Technical data (IP address, session ID, cookies, browser, location),
  • Data contained in documents, messages, and files uploaded by users (e.g., queries, notes, voice recordings, multimedia),
  • Voice data (audio files and transcripts): when using voice-based features, the System processes audio files containing the user's voice to convert them into text. Audio files are treated as personal data and may be subject to specific retention rules.
  • Data sent via API or external systems (e.g., order number, customer ID),
  • Data from communication channels such as WhatsApp, Messenger, Slack, intranet forms (including the content of communications).

The source of the data may be end-users (Users) or the client's systems integrated with the System (e.g., CRM, ERP).

The System is not intended by default for the processing of special categories of data (sensitive data) within the meaning of Art. 9 of the GDPR (e.g., data concerning health, political opinions). The controller undertakes not to send such data to the System without prior, separate arrangements with VeriSearch.AI.

3. Purposes and Legal Basis for Processing under GDPR

VeriSearch.AI processes personal data solely on the documented instructions of the controller (our client), which is to provide the Service. The legal basis that authorizes VeriSearch.AI to process data is the Data Processing Agreement (compliant with Art. 28 of the GDPR), concluded between VeriSearch.AI and the client.

The controller is responsible for ensuring a proper legal basis (compliant with Art. 6 and Art. 9 of the GDPR) for the processing of data they introduce into the System.

Notwithstanding the above, VeriSearch.AI may process certain data (e.g., technical logs) to fulfill its own legal obligations (legal basis: Art. 6(1)(c) of the GDPR) or for the purposes of its legitimate interests, which is to ensure the security and operational continuity of the System (legal basis: Art. 6(1)(f) of the GDPR).

4. Data Recipients and Sub-processors

We maintain a publicly available, up-to-date list of sub-processors on our website. This list also forms an annex to the Data Processing Agreement.

By default, we strive to use a Zero Data Retention mode, where data is not stored by the AI provider after processing. Furthermore, data may be disclosed to public authorities if required by applicable law.

5. Data Transfers and Processing Location

Our priority and default principle is to process all data entirely within the European Economic Area (EEA). Any transfer of personal data outside the EEA may occur only in exceptional, justified cases, after informing the Controller and solely on the basis of robust legal safeguards, such as Standard Contractual Clauses (SCCs).

6. Data Retention Period and Policy

  • System and application logs are stored for up to 30 days.
  • Security and audit logs, necessary to ensure accountability, are stored for a period of 12 months.
  • Production data backups are rotated on a 30-day cycle.
  • When using Zero Data Retention (ZDR) mode, data is not stored by the AI provider after processing.

7. Core Security Principles

  • Encryption in transit (TLS 1.2+),
  • Encryption at rest (AES-256),
  • Data isolation between clients (logical multi-tenant separation),
  • Role-Based Access Control (RBAC) and 2FA for operational staff,
  • Pseudonymization and anonymization mechanisms,
  • Monitoring, access logging, and data integrity control,
  • Internal audits and security testing,
  • Voice data minimization (audio files are by default deleted immediately after transcription).

8. Rights of Data Subjects

According to the GDPR, every natural person has the right to access their data, rectify it, erase it (right to be forgotten), restrict its processing, data portability, and object to processing. Requests in this regard should be directed to the data controller (VeriSearch.AI's client). VeriSearch.AI supports the fulfillment of these rights within its technical capabilities.

9. Procedure for Exercising Rights

A request is directed to the data controller (client). The controller, with the support of VeriSearch.AI, responds within one month. VeriSearch.AI provides all technical data and documentation necessary to fulfill the request.

10. Complaint to a Supervisory Authority

Every person has the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warsaw, Poland).

11. Cookies and Analytics

The VeriSearch.AI website may use cookies. Detailed rules are described in a separate Cookie Policy.

12. Changes to the Privacy Policy

VeriSearch.AI reserves the right to make changes to this Policy. Updates will be published on the website. In the case of material changes, clients will be notified.

Products
Customer Service
Social Media Engagement
Navigation
Why VS.ai
Products
Use Cases
Pricing
Knowledge
Our Clients
Team
Contact Us
Privacy policy
Information Security policy
List of Sub-processors
Sign up for email updates
Keep up with Ripple news and product features.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
©2024 Verisearch.ai
Developed by Igorev Agency