Privacy Policy

VeriStay Ltd ("VeriStay", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

1. Data Controller

For the purposes of UK GDPR and the Data Protection Act 2018, the data controller is:

VeriStay Ltd
128 City Road
London EC1V 2NX
United Kingdom

Email: info@veristay.app

2. Information We Collect

2.1 Information You Provide

Account Information: Business name, contact name, email address, phone number
Property Data: Property details, room information, inspection records
Media Content: Photos and videos uploaded during inspections
Payment Information: Billing details (processed securely by Stripe)
Communications: Messages sent through our support channels

2.2 Automatically Collected Information

Usage Data: Pages visited, features used, time spent, clicks
Device Information: IP address, browser type, operating system, device identifiers
Location Data: Approximate location based on IP address
Cookies: See our Cookie Policy for details

3. Legal Basis for Processing (UK GDPR Article 6)

We process your data based on the following legal grounds:

Processing Activity	Legal Basis
Providing the Services	Contract Performance - necessary to fulfil our agreement with you
AI processing of inspection images	Contract Performance - core service functionality
Sending service communications	Legitimate Interests - keeping you informed about your account
Security and fraud prevention	Legitimate Interests - protecting our systems and users
Analytics and improvement	Legitimate Interests - improving our Services
Marketing communications	Consent - only with your explicit opt-in
Legal compliance	Legal Obligation - where required by law

4. How We Use Your Information

We use your information to:

Provide, maintain, and improve our Services
Process AI analysis on inspection images
Send service-related communications (account alerts, updates)
Provide customer support
Analyse usage patterns and optimise performance
Detect and prevent fraud, abuse, or security incidents
Comply with legal obligations
Enforce our Terms and Conditions

5. Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

5.1 Service Providers

Microsoft Azure: Cloud hosting and infrastructure (EU/UK regions)
Stripe: Payment processing (PCI DSS compliant)
SendGrid: Email delivery
AI Processing: Image analysis services

5.2 Legal Requirements

We may disclose data when required by law, court order, or to protect our legal rights.

5.3 Business Transfers

In connection with any merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change.

6. International Data Transfers

Your data is primarily stored and processed in the United Kingdom and European Economic Area (EEA).

Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the UK ICO
Adequacy decisions where available
Data processing agreements with all sub-processors

7. Data Retention

We retain your data for as long as your account is active or as needed to provide Services:

Data Type	Retention Period
Account Data	Until account deletion + 30 days
Inspection Data	Configurable by tenant (default: 2 years)
Media (Photos/Videos)	As per tenant retention settings
Backup Data	Up to 90 days after deletion
Audit Logs	7 years (legal compliance)

Data subject to legal hold will be retained until the hold is released.

8. Your Rights (UK GDPR)

You have the following rights regarding your personal data:

Right of Access: Request a copy of your data
Right to Rectification: Correct inaccurate data
Right to Erasure: Request deletion ("right to be forgotten")
Right to Data Portability: Export your data in a machine-readable format
Right to Restriction: Limit how we process your data
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Revoke consent at any time (where consent is the legal basis)
Rights Related to Automated Decision-Making: Request human review of automated decisions

To exercise these rights, contact us at info@veristay.app. We will respond within 30 days.

9. Data Security

We implement industry-standard security measures:

Encryption in transit (TLS 1.3)
Encryption at rest (AES-256)
Multi-factor authentication (MFA) support
Regular security audits and penetration testing
Strict access controls and audit logging
SOC 2 Type II compliance (in progress)

10. Cookies and Tracking

We use cookies and similar technologies for:

Essential Cookies: Authentication, security, session management
Analytics Cookies: Usage statistics (with consent)
Preference Cookies: Remember your settings

See our Cookie Policy for full details and management options.

11. Third-Party Services

Our Services integrate with third-party providers who have their own privacy policies:

12. Children's Privacy

VeriStay is a business-to-business service not intended for individuals under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or in-app notification at least 30 days before changes take effect.

Continued use after changes constitutes acceptance of the updated policy.

14. Complaints

If you have concerns about how we handle your data, please contact us first at info@veristay.app.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow SK9 5AF

Website: ico.org.uk
Helpline: 0303 123 1113

15. Contact Us

For privacy-related questions or to exercise your rights:

VeriStay Ltd
Data Protection Officer
128 City Road
London EC1V 2NX
United Kingdom

Email: info@veristay.app