📄 VERACITYHUB PRIVACY POLICY

Last Updated: 11/30/2025

This Privacy Policy explains how VeracityHub (“VeracityHub,” “we,” “our,” or “us”) collects, uses, stores, and protects information when customers access our website, platform, API services, mobile interfaces, and other products (collectively, the “Services”).

VeracityHub primarily serves as a Service Provider / Processor on behalf of business clients (“Customers”). Most personal data processed through VeracityHub is submitted by Customers through API requests or file uploads, and is not collected or sourced directly by VeracityHub.

1. Scope of This Policy

This Privacy Policy applies to:

• Visitors to VeracityHub.io
  
  

• Customer admin users
  
  

• Business-to-business (B2B) leads who interact with our site
  
  

• Personal information processed through our APIs and batch verification services
  
  

This policy does NOT apply to information collected directly from consumers by our Customers. Our Customers remain responsible for their own privacy notices and consents for consumer data they transmit to VeracityHub.

2. Role as Processor / Service Provider

For all API-based processing (verification, identity append, CNAM, OTP, reverse lookup, soft pull), VeracityHub acts as a Processor (GDPR), Service Provider/Contractor (CCPA) on behalf of Customers.

This means:

• We do not control the personal data sent to us.
  
  

• We do not sell or share personal data for cross-context behavioral advertising.
  
  

• We process data only according to Customer instructions.
  
  

• We do not store appended PII beyond what is necessary to return an API response.
  
  

• We do not use personal information for our own purposes.
  
  

3. Information We Collect

3.1 Information We Collect Directly (B2B Only)

We collect the following data directly from Customer admin users and site visitors:

• Name
  
  

• Email address
  
  

• Company name
  
  

• Username/password
  
  

• Billing details
  
  

• Payment information (processed via Stripe or other PCI-compliant providers)
  
  

• Support communications
  
  

• Website analytics
  
  

• B2B marketing leads
  
  

This information is used for account creation, authentication, communication, billing, and improving our Services.

3.2 Information Processed Through Our APIs (Customer-Provided)

Customers may transmit the following personal data types for verification purposes:

• Phone numbers
  
  

• Names
  
  

• Addresses
  
  

• Email addresses
  
  

• Identity attributes
  
  

• Carrier information
  
  

• CNAM data
  
  

• Device data
  
  

• Government database match results
  
  

• Soft credit pull identity matching information
  
  

Important:

VeracityHub does NOT collect this information directly.
VeracityHub does NOT store API-submitted personal data long-term.
VeracityHub does NOT repurpose or resell this information.

All such data is processed transiently and returned to Customers via API response or batch output.

3.3 Data Appended from Third-Party Sources

Some Services (identity append, reverse lookup, CNAM, soft pull) involve obtaining additional information from, or matching against, third-party data providers (“Subprocessors”).

We may append or enrich Customer-submitted data with:

• Name
  
  

• Address
  
  

• Email
  
  

• Line type
  
  

• Carrier
  
  

• Caller name (CNAM)
  
  

• ID verification match results
  
  

• Soft pull identity confirmation data
  
  

We do not store appended PII.

It is generated in real time, passed to the Customer, and discarded according to our short-term log retention policies.

3.4 Log Data

For security, operational integrity, and billing:

• API timestamps
  
  

• API key usage
  
  

• Status codes
  
  

• Latency
  
  

• Error logs
  
  

• Volume metrics
  
  

These logs may reference identifiers such as hashed phone numbers or truncated tokens.
We minimize exposure of sensitive data in logs.

4. How We Use Personal Information

We use information for:

1. Providing and operating the Services

• API verification
  
  

• Identity and risk evaluation
  
  

• Soft pull identity matching
  
  

• CNAM / carrier lookup
  
  

• Batch processing
  
  

2. Customer account administration

• User authentication
  
  

• Billing and invoicing
  
  

• Customer support
  
  

3. Security & compliance

• Monitoring system integrity
  
  

• Detecting fraud, abuse, and service misuse
  
  

• Compliance with legal requirements
  
  

4. Improving the platform

• Usage analytics
  
  

• Performance optimization
  
  

We do not use API-submitted personal data for marketing.

5. Sensitive Data

Certain Services may involve identity verification or soft pull matching against third-party databases.

VeracityHub:

• Does not access full consumer credit reports
  
  

• Does not make credit decisions
  
  

• Only returns identity/eligibility match metadata
  
  

• Acts solely as a Service Provider for Customer-authorized permissible purpose transactions
  
  

If you use our soft pull functionality, you agree to comply with FCRA requirements, including permissible use, user consent, and end-user disclosures.

6. How We Share Information

We share information only with:

1. Subprocessors / Vendors

Trusted service partners that support operations, including:

• Identity verification partners
  
  

• CNAM/carrier data providers
  
  

• OTP delivery providers (SMS gateways)
  
  

• Soft pull vendors
  
  

• Cloud hosting platforms
  
  

• Billing providers (e.g., Stripe)
  
  

• Security & logging infrastructure
  
  

All subprocessors are contractually bound to protect data.

2. Legal and Security

We may disclose information if required by law, subpoena, or to protect against fraud or misuse.

7. Data Retention

• API-submitted PII: not stored beyond transient processing.
  
  

• Logs: retained for security and billing purposes for a limited period.
  
  

• Admin/B2B user data: retained as long as the account remains active.
  
  

• Backups: rotated according to internal policies.
  
  

8. Data Security

We use technical and organizational measures to protect data, including:

• Encryption in transit
  
  

• Access control and authentication
  
  

• Network segmentation
  
  

• Log auditing
  
  

• Vendor security screening
  
  

• Least-privilege access policies
  
  

No platform can guarantee perfect security.

9. International Transfers

If data crosses borders, we use:

• Standard Contractual Clauses (SCCs)
  
  

• Subprocessor data protection agreements
  
  

10. Your Rights

Admin users may:

• Access and update profile data
  
  

• Request deletion of account information
  
  

• Disable or delete API keys
  
  

• Request data copies
  
  

Consumers whose data is processed through Customer API calls should contact the Customer, not VeracityHub.

11. Children’s Privacy

Our Services are not directed to children under 16 and we do not knowingly collect children’s data.

12. Changes to This Policy

We may update this Privacy Policy. Changes will be posted on this page.

13. Contact Information

If you have questions about this Privacy Policy, contact:

VeracityHub
Email: privacy@veracityhub.io
Address: 817 West Peachtree St. NE Ste P200 Atlanta, GA 20208