Privacy Notice

Version 1.0Effective April 23, 2026

Summary

What Verinode collects, how we use it, what we never do with it. Verinode never sells Operator data to carriers or vendors. You can export, restrict, or delete your data at any time.

Verinode Privacy Notice

Effective date: 2026-05-01 Version: 1.1

This Privacy Notice explains what personal information Verinode collects, why we collect it, who we share it with, how long we keep it, and what rights you have. It is written in plain language to be read, not skimmed. The full legal terms are in our Data Use Policy; this notice is the operational summary required by GDPR Articles 13/14 and CCPA §1798.100.

Who we are

Verinode Group ("Verinode", "we", "us") is the data controller for personal information collected through verinode.ai and our IQ, HQ, Research, and Advisory products.

Contact for privacy matters: privacy@verinode.com

If you are in the EU/EEA and need to contact us regarding GDPR rights, our point of contact is the same address until we appoint a formal EU representative.

What we collect, why, and on what legal basis

Account and operator data

What: name, email, work phone, job title, role, company name, company address, service mix, business size band.

Why: to operate the platform, route signals, generate operator-level analytics, and bill where applicable.

Lawful basis (GDPR): contract performance (Art. 6(1)(b)) for account operation; legitimate interest (Art. 6(1)(f)) for analytics; consent (Art. 6(1)(a)) for benchmark contribution and behavioural telemetry.

Retention: for the life of the account plus 12 months. After that, deleted or anonymised.

Operator business data (PII)

What: jobs, costs, supplements, vendor relationships, carrier/TPA relationships, certifications, equipment, team members, financial periods, insurance policies.

Why: this is the operator's own business data. We process it on the operator's behalf to surface intelligence, decisions, and benchmarks back to that operator. We never sell it to insurance carriers — see the Data Use Policy for the binding commitment.

Lawful basis: contract performance (we are a processor for the operator).

Retention: 7 years (industry standard for restoration claim records); operator-configurable down to 3 years (insurance claim statute of limitations minimum). Operator may trigger erasure at any time.

Forwarded email content (data contributors only)

What: emails forwarded by data contributors (typically project managers, estimators, claims admins) from their work accounts to their per-user Verinode address. Includes message bodies, attachments, sender addresses, and the identities of third parties (insurance adjusters, TPA staff, customers/homeowners) named in the chain.

Why: to extract structured supplement records, decision outcomes, and adjuster intelligence so the operator can negotiate better and learn from patterns across their own book of work.

Lawful basis: consent of the contributor (Art. 6(1)(a)); legitimate interest balanced against third-party rights for the adjuster identity portion (Art. 6(1)(f)).

Retention: raw emails 90 days hot, then 12 months cold (metadata + attachment hashes only), then full purge. Extracted structured data follows the operator-data 7-year retention.

Behavioural telemetry

What: how you interact with the platform — feed item actions (act / not now / dismiss with optional reason), agent conversation outcomes (helpful / unhelpful, which artifacts you used, how many turns to action), and signal lifecycle timing (time-to-action, time-to-resolution). Exact column-level detail is in our internal Records of Processing.

Why: to improve the product and to make our internal AI agents (margin analyst, vendor economist, carrier scorecard analyst, safety coach, etc.) better at giving you grounded recommendations rather than generic AI advice. This is internal-only learning — your data is not sent to OpenAI, Anthropic, or any external model vendor for training. Frontier-model inference uses Zero-Data-Retention API mode.

Lawful basis: consent (Art. 6(1)(a)) — opt-in via behavioral_data_consent (per-user, default off) and revocable from /profile?tab=privacy. Revocation evicts the in-flight benchmark cache immediately and removes contributions from future aggregations within 7 days.

Retention: raw rows in pii.* retained 12 months; anonymized aggregate patterns retained indefinitely (no link back to you).

Agent learning corrections

What: when you correct a value our LLM extracted incorrectly (e.g., wrong vendor name, wrong document type), we record the field, the before / after values, and a snippet of the extraction context.

Why: to improve extraction accuracy on your subsequent uploads (your operator-specific context cache is invalidated immediately so the next extraction sees the corrected fact) and, in anonymized form, to inform prompt improvements globally.

Lawful basis: contract performance (Art. 6(1)(b)) — improving the product you are paying for.

Retention: indefinite while your account is active; deleted within 30 days of an erasure request.

Third-party PII (adjusters, TPA staff)

What: name, work email, work phone, role/title, signature data, response timing, decision patterns. Extracted from emails forwarded to us by data contributors who lawfully received them.

Why: to give the operator coherent intelligence about their carrier relationships (which adjusters approve fastest, who folds on escalation, who denies most often).

Lawful basis: legitimate interest (Art. 6(1)(f)) under a balancing test that prioritises:

  • the operator's legitimate operational interest in negotiating supplements,
  • the contributor's lawful possession of the email content,
  • the third party's expectation that work communications may be analysed by the recipient organisation,
  • our commitment to never sell, share, or aggregate this data back to insurance carriers in identifiable form.

Retention: linked to the supplement / decision record; aggregate operator intelligence retained per the operator-data retention policy.

Right to object: adjusters can request exclusion at /legal/adjuster-opt-out or via privacy@verinode.com. Verified requests are honoured within 30 days.

Cookies and similar technologies

What: session cookies (essential for authentication), preference cookies (theme, dark mode), analytics cookies (Vercel/Cloudflare default analytics).

Why: essential for the site to function; preference for personalisation; analytics for performance.

Lawful basis: essential cookies under "strictly necessary" exception; preference and analytics under consent (cookie banner).

Retention: session cookies expire on logout; preference cookies 12 months; analytics per Vercel/Cloudflare default.

Who we share data with

We share data only with:

  1. Sub-processors that operate the platform on our behalf. The full list is at /legal/subprocessors and is updated when sub-processors change.
  2. The operator's own authorised users — within an operator account, data is shared among the team members the operator has invited.
  3. Industry advocacy partners — only aggregated, anonymised data, and only on operator-friendly terms (e.g., RIA "State of Restoration" report; never identifiable per-operator or per-adjuster).
  4. Legal authorities — only when required by law (subpoena, court order, regulatory request). We notify the affected operator when legally permitted.

We do not share with:

  • insurance carriers (Verisk, Cotality, Liberty Mutual, Allstate, etc. — never, in any form that identifies an operator or an adjuster);
  • advertising networks;
  • data brokers;
  • AI model training partners outside the contractual processors listed at /legal/subprocessors.

International transfers

If you are outside the United States, your data may be processed in the US. For EU/EEA data subjects, transfers rely on the European Commission's Standard Contractual Clauses (SCCs, 2021/914) executed with each US-based sub-processor. Documentation in our internal records of processing.

Regional deployment (including EU) is available for enterprise customers on request.

Your rights

Depending on where you live, you have some or all of these rights:

RightWhat it meansHow to exercise
Accessget a copy of your personal dataGET /api/privacy/my-data while signed in, or email privacy@verinode.com
Rectificationcorrect inaccurate dataedit in Settings, or email privacy@verinode.com
Erasure ("right to be forgotten")delete your datarequest from /profile?tab=privacy or email privacy@verinode.com; 72-hour SLA
Restrictionpause certain processingtoggle consents at /profile?tab=privacy
Portabilityget a machine-readable exportGET /api/privacy/my-data (JSON)
Objectobject to processing on legitimate-interest groundsemail privacy@verinode.com
Withdraw consentrevoke consents you previously gavetoggle off at /profile?tab=privacy; immediate effect on new processing
Complaintcomplain to a supervisory authorityEU/EEA: your local DPA. UK: ICO. CA: California AG.

Adjusters and other third parties whose identity appears in operator-forwarded emails may exercise the right to object via /legal/adjuster-opt-out or privacy@verinode.com.

How we secure your data

  • Encryption in transit: TLS 1.3 on every connection; HSTS forced.
  • Encryption at rest: Supabase Postgres + Storage at AES-256-GCM.
  • Access control: least-privilege RBAC; service-role keys for cross-tenant operations (server-side only); per-user JWT for user-scoped reads. Browser-side Supabase client is used for authentication only — never for data queries.
  • Tenant isolation: Postgres Row Level Security on every table containing operator data; the PII schema has no authenticated policies (deny-all by default).
  • Audit logging: consent changes, role changes, intelligence-layer queries, agent prompt changes, extraction corrections, and erasure requests all write to append-only audit tables. Inventory at docs/compliance/audit-logging-coverage.md.
  • Rate limiting: the intelligence layer enforces 100 benchmark queries/operator/minute to prevent enumeration attacks.
  • Vendor security: sub-processors evaluated annually; SOC 2 Type 2 / ISO 27001 reports verified; full list at /legal/subprocessors.
  • Zero-Data-Retention with LLM providers: Anthropic and OpenAI both contractually honor ZDR — they do not retain or train on our prompts. Verified quarterly per docs/runbook-zdr-verification.md.
  • Substantive compliance: Verinode is designed to meet SOC 2, ISO 27001:2022, GDPR, and CCPA requirements. Formal external certification is on our roadmap.

Full security and incident response procedures are documented internally in docs/compliance/. The agent-learning architecture and ISO 27001 control mapping are in docs/architecture/agent-learning-pipeline.md. Available to enterprise customers under NDA.

Children

Verinode is a B2B platform for restoration operators. We do not knowingly collect data from anyone under 16. If you believe we have, contact privacy@verinode.com and we will delete it.

Updates to this Notice

We update this Notice when our practices change. The version number and effective date at the top change with each update. Material changes are announced via email to operators and a prominent banner on the platform. We retain prior versions; previously accepted versions remain on record.

Contact

privacy@verinode.com — for any privacy question, request, or complaint.