VerisumVerisum

Privacy Policy

Last updated: 24 February 2026

1. Introduction

Verisum Ltd ("Verisum", "we", "us", or "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal data when you use our websites (verisum.org and app.verisum.org) and services.

We take a privacy-first approach: we use cookie-free analytics, collect minimal data, and never sell your information.

2. Information We Collect

We collect the following types of information:

  • Account information: When you create an account on app.verisum.org, we collect your name, email address, and organisation name
  • Assessment data: Governance assessment responses, trust scores, and related organisational data you provide through the platform
  • Newsletter subscriptions: If you subscribe to our newsletter, we collect your email address
  • Usage data: Anonymous, aggregated analytics data collected via Plausible Analytics (no cookies, no personal identifiers)

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain our services, including governance assessments, monitoring, and verification features
  • Generate trust scores, governance reports, and compliance documentation
  • Send you service-related notifications and updates
  • Improve our services based on aggregated, anonymised usage patterns
  • Respond to your enquiries and support requests

4. Email Marketing

We use Hostinger Reach for email marketing. If you subscribe to our newsletter or marketing communications, you can unsubscribe at any time using the link provided in every email, or by contacting us directly.

We will never send you marketing emails without your explicit consent.

5. Analytics

We use Plausible Analytics, a privacy-friendly analytics tool that:

  • Does not use cookies
  • Does not collect personal data
  • Does not track users across websites
  • Is fully compliant with GDPR, CCPA, and PECR
  • Stores all data in the EU

6. Cookies

Our marketing website (verisum.org) does not use cookies. Our application (app.verisum.org) uses only essential session cookies required for authentication and security. We do not use tracking cookies, advertising cookies, or third-party cookies of any kind.

7. Data Sharing

We share your data only with the following service providers, solely for the purposes of operating our services:

  • Hostinger: Web hosting and email marketing infrastructure
  • Plausible Analytics: Privacy-friendly website analytics
  • Supabase: Database and authentication infrastructure for the application platform
  • Stripe: Payment processing for paid subscription tiers

We do not sell, rent, or trade your personal information to any third parties for marketing or advertising purposes.

8. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate personal data
  • Right to erasure: Request deletion of your personal data
  • Right to restriction: Request restriction of processing of your personal data
  • Right to data portability: Request transfer of your data in a machine-readable format
  • Right to object: Object to processing of your personal data
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at hello@verisum.org. We will respond to your request within 30 days.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: Retained while your account is active, deleted within 30 days of account closure
  • Assessment data: Retained while your account is active
  • Newsletter subscriptions: Retained until you unsubscribe
  • Analytics data: Aggregated and anonymised, retained indefinitely

10. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by updating the "Last updated" date above and, where appropriate, by sending you a notification. Your continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at hello@verisum.org.

Verisum Ltd
United Kingdom