Veridion

Privacy Policy

Last updated July 11, 2026 · Veridion is operated by Qubrise Technologies

Who we are

Veridion is a compliance-automation platform operated by Qubrise Technologies ("we", "us"). This policy explains what data we collect when you use Veridion, why we collect it, and the choices you have. The short version: we collect only what the service needs to function, we never sell it, and you can have it deleted.

What we collect

Account information. Your name and email address, handled by our authentication provider (Clerk). We never see or store your password.

Organization data you enter. Controls, policies, risks, vendors, questionnaires, training records, and evidence files you upload. This data exists so you can present it to auditors; it is yours.

Integration credentials. API tokens and keys you connect are encrypted at rest (AES-256-GCM) and used exclusively server-side to run read-only checks against your own accounts. They are never shown back in full, never logged, and are deleted when you disconnect the integration.

Device posture. If you enroll devices, the agent reports the hostname, operating-system version, and three pass/fail results (disk encryption, screen lock, OS updates). It reads nothing else — no files, no browsing, no location — and cannot change settings.

Scanner leads. If you use the free website scanner and ask for the report by email, we store the email address and the scanned URL.

Billing. Payments are processed by Dodo Payments as merchant of record. We store your plan and subscription status; we never see or store card numbers.

Technical logs. Standard server logs (IP address, request time) kept briefly for security and debugging.

How we use it

Only to provide and improve the service: running your compliance checks, generating your reports, and answering your support requests. We do not sell personal data, we do not share it with advertisers, and we do not use your organization's data to market to anyone.

AI features. When you generate a policy draft or questionnaire answer, relevant context about your organization is sent to Anthropic's API to produce the draft. Under Anthropic's API terms, this data is not used to train their models. If no AI key is configured, templates are used and nothing leaves our servers.

Subprocessors

We rely on a small set of infrastructure providers to run the service:

  • Vercel — application hosting
  • Supabase — database and evidence-file storage
  • Clerk — authentication
  • Dodo Payments — payment processing (merchant of record)
  • Anthropic — AI drafting, only when you use an AI feature

Each processes data only as needed to provide its function.

Retention and deletion

We keep your data for as long as your account is active. Deleting an item in the app (evidence, integration, device) deletes its data. To delete your account and organization entirely, email vinayak.ashwin@qubrise.com and we will remove all associated data, including uploaded files and encrypted credentials.

Security

All traffic is encrypted in transit (TLS). Integration credentials are encrypted at rest with AES-256-GCM. Access to production systems is restricted and authenticated. If we ever discover a breach affecting your data, we will notify you without undue delay.

Your rights

You can access, correct, export, or delete your personal data at any time — most of it directly in the app, or by emailing vinayak.ashwin@qubrise.com. We honor these rights for all users, consistent with the GDPR and India's Digital Personal Data Protection Act, 2023. Veridion is not directed at children under 18.

Changes

If this policy changes materially, we will update the date above and note the change in the app. Continued use after a change means you accept the updated policy.