Verivoo

Legal

Privacy Policy

Last updated: 11 June 2026

Verivoo AG (“Verivoo”, “we”, “us”) operates a software-as-a-service platform for supplier certificate management, compliance tracking and document expiration monitoring. This policy explains what personal data we process when you use the Verivoo web application, the supplier upload portal or our marketing website, why we process it, and the rights you have.

1. Who is responsible

The controller for data processed through Verivoo is Verivoo AG, Strumbergächerstrasse 22, Zürich, Switzerland. For privacy questions contact supportverivo@gmail.com.

2. Data we collect

Account and team data

  • Name, work email address and password (stored hashed) when you create an account
  • Phone number, if you enable SMS-based two-factor authentication
  • Names, email addresses and roles of team members you invite (Admin, Manager, Viewer)
  • Company name and workspace settings

Supplier and certificate data

  • Supplier master data you enter: company names, contact persons, contact email addresses and phone numbers
  • Certificate documents (PDF files) you or your suppliers upload, including all archived previous versions
  • Metadata extracted from those documents: certificate type, issue date, expiration date and validation warnings
  • Notes, activity logs and audit trail entries created while you work

Billing data

  • Billing address and, for company accounts, company name, VAT number and contact person
  • Payment method reference (card brand, last four digits and expiry, never the full card number, which is handled by our payment processor)
  • Invoice and subscription history

Technical data

  • Log data required to run and secure the service (IP address, browser type, timestamps)
  • Cookie data according to your consent, see the Cookie Policy

3. How uploaded certificates are processed

When a PDF is uploaded, Verivoo validates the file (type, size and integrity) and stores it encrypted. Files are only accessible to authenticated members of your workspace and, for a specific certificate, to the supplier who received a secure upload link for exactly that certificate.

4. How AI document analysis works

Verivoo automatically reads uploaded certificates to extract the certificate type, issue date and expiration date, and assigns a confidence score to every extraction. This analysis runs on document text only; results are suggestions that your team can always review and override. Extracted dates are used solely to power expiration monitoring and reminders inside your workspace, uploaded documents are not used to train models and are never shared with other customers.

5. How reminder emails are sent

Verivoo sends automated reminder emails before certificates expire (by default 90, 60, 30 and 7 days in advance, configurable by your admins). These emails are addressed to the responsible team member or the supplier contact stored in your workspace, contain the certificate name and expiry date, may attach the current certificate PDF, and include a secure upload link through which the supplier can submit a renewed document without creating an account. Supplier contact details are processed exclusively for this purpose, on behalf of your organisation.

6. How supplier information is stored

Supplier data belongs to your workspace. It is stored in encrypted databases in the European Union, is never sold or shared with third parties for their own purposes, and is deleted when you delete the supplier or your workspace.

7. How billing information is processed

Payments are processed by a PCI-DSS compliant payment provider. Verivoo never stores complete card numbers; we keep only the information needed to show you your payment method and to issue invoices. Invoices and the related billing records are retained as long as commercial law requires.

8. Why we process data (legal bases)

  • Contract, providing the platform, processing uploads, sending reminders, billing
  • Legitimate interest, securing the service, preventing abuse, improving the product
  • Consent, analytics/functional cookies and optional product news
  • Legal obligation, retaining invoices and accounting records

9. Retention

Workspace data is retained while your subscription is active. After account deletion, certificates, supplier data and the audit trail are deleted within 30 days; billing records are kept for the legally required retention period.

10. Your rights

Depending on applicable law (GDPR, Swiss FADP) you can request access, correction, deletion, restriction, portability and object to processing. Write to supportverivo@gmail.com, we answer within one business day. You may also lodge a complaint with your supervisory authority.

11. Changes

We update this policy when the service changes. Material changes are announced in the application at least 14 days in advance.