How we handle the data you contribute.

Summary

Verinode is the first independent data trust for Restoration. What that means in practice:

• ·Your data is yours. Export, delete, or revoke access at any time.
• ·We never sell your data to insurance carriers. Codified in our Terms of Service.
• ·Three purposes only. Running the product, anonymized peer benchmarks, and improving our AI agents. Nothing else.
• ·Sensitive data stays encrypted with a key only you hold. Verinode cannot read it, even with full database access.
• ·Material changes require 30-day advance notice and your right to delete first.
• ·The Operator Advisory Council reviews material changes to this policy before publication.

The rest of this document is the detail.

What we collect

When you use Verinode, you give us access to three categories of data.

1. Business data

Data that describes how your restoration company operates:

• ·Jobs and claims: claim numbers, insured names, addresses, carriers, TPAs, categories, statuses, dates, amounts.
• ·Financial data: revenue, costs, margins, payment history, accounts receivable, cost profiles.
• ·Supplements: submitted, approved, denied amounts, reasons, response times.
• ·Vendors: who you buy from, what you pay, satisfaction ratings.
• ·Equipment, team members, certifications, safety records.
• ·Documents: the originals you upload (emails, PDFs, CSVs, photos) and the structured data extracted from them.

2. Interaction data

Pages you view, features you use, decisions you accept or reject, chat and voice conversations with IQ and its specialist agents, survey responses, and corrections you make to extracted data. Behavioural-data contribution is opt-in (default off).

A note on voice. When you talk to IQ instead of typing, your microphone audio is streamed to our speech-to-text provider (Deepgram) under a zero-retention flag, transcribed in flight, and discarded by the provider after the transcript is returned. Verinode stores the transcript on your chat log exactly as if you had typed it. The raw audio bytes are never retained by Verinode or by the provider. When IQ speaks back, only IQ’s typed reply is sent to the text-to-speech provider (OpenAI) for audio generation; your microphone audio never passes through OpenAI. Both providers are listed at verinode.ai/subprocessors.

3. Team contact information

Authorized user names and email addresses, role and permission assignments, and login history (for security auditing). We never use this for marketing outside of Verinode product updates you have opted into.

How we use it

Exactly three purposes. No others.

Purpose 1: Run the platform

Your raw business data powers the Verinode product you pay for: dashboards, signals, IQ advisory, decisions workspace, job-management intelligence, cost analysis, compliance tracking.

Purpose 2: Anonymized peer benchmarks

The analytical dimensions of your operational data feed cross-Operator benchmarks (carrier and vendor names, equipment models, dollar amounts, dates, categories). Your operator identifier is hashed with SHA-256 and a per-instance salt before reaching the intelligence layer, so no individual contributor can be identified. Identifying fields stay encrypted with your Vault Key and never leave your scope (see Protection below). The published cohort floor enforced in the Will-never list keeps small samples from leaking identity.

Anonymized aggregate contribution is the consideration for membership. There is no toggle; ending it means ending the membership.

Purpose 3: Improve our AI agents

Our specialist agents (margin analyst, vendor economist, carrier-scorecard analyst, safety coach, and others) improve with anonymized records of Operator situations and outcomes. We do not send raw data to any external model for training. Frontier-model calls go to Anthropic and OpenAI under contractual no-training terms, with all training and data-sharing toggles disabled in each provider’s console. A standard 30-day operational abuse-monitoring retention on the provider side still applies; we are working toward enterprise zero-retention agreements. Agent-learning contribution from your responses is optional and revocable in Settings → Privacy.

What we will never do

These commitments are built into our Terms of Service and cannot be changed without notifying you and giving you deletion rights first.

Sell raw business data to insurance carriers.

Not to primary insurers. Not to carrier-aligned data brokers. Not to any entity whose business model involves selling to insurance companies.

Expose your identity alongside your business metrics.

Benchmarks are aggregated and anonymized before they leave the PII database. The link back to your Operator account is severed via cryptographic hashing.

Share data with carrier-aligned analytics vendors or carrier subsidiaries.

Sharing with carrier-aligned third parties would defeat the structural purpose of the trust.

Publish benchmarks with cohorts smaller than 5 Operators.

Small cohorts risk identifying individual contributors through inference. 5 is the published minimum at national scope; 10 is the minimum for sensitive categories (financials, labour costs, profit margins).

Use your data to train external AI models.

Your data stays inside Verinode’s infrastructure. Frontier models are used for inference under enterprise no-training terms; your data is never added to any external training corpus.

Use your team members’ contact information for external marketing.

No lead-list resales. No partnerships with third-party vendors who want to pitch your team.

Change this policy without telling you.

Material changes are announced at least 30 days in advance with a summary of what is changing and why. If you disagree, you can delete your data before the change takes effect.

How your data is protected

The technical guarantees behind the commitments above.

Vault Key

Every operator account ships with a 30-character Vault Key, issued at sign-up and printed on your Membership PDF. The identifying parts of your data (customer names and contact details, claim numbers, your team’s personal information, full street addresses, free-text incident and supplement records, vehicle and equipment identifiers) are column-encrypted with this key. Verinode does not store the key in plaintext. Even with full database access, our engineers cannot read your Vault-encrypted fields without an authenticated operator session you initiated.

The encryption uses a three-key envelope (server root key, Vault Key, user password) with scrypt and HKDF key derivation, AES-256-GCM column encryption. Every Vault session start and decryption attempt writes an immutable row to the Vault audit log.

Everything else

• ·All data is encrypted in transit (TLS 1.3) and at rest (AES-256-GCM).
• ·PII databases have row-level security enforced on every table with no authenticated access policies. All data access goes through service-role clients with explicit Operator scoping.
• ·Row-level security and column-grant configuration are audited by an external firm at least annually.
• ·Verinode staff access to Operator PII requires multi-factor authentication and is logged. Operators can request a complete access log for their account at any time.
• ·Penetration testing is performed at least annually by a qualified third party.
• ·Any data incident affecting Operator data is communicated to affected Operators within 72 hours of discovery.

For the full architecture and sub-processor list, see verinode.ai/architecture and verinode.ai/subprocessors.

Your rights

Five concrete rights, exercisable at any time.

1. Hold the Vault Key.

The key issued at sign-up is yours. The mechanic is described in Protection above. Your right is to hold it, control session-time decryption, and revoke access by ending your membership.

2. Export your data.

All your Operator data, in CSV or JSON, at any time. No fees. No artificial delays.

3. Delete your data.

Processed within 30 days. Removes your data from the PII database, the intelligence layer (excluded from future benchmark calculations), backup systems (within 90 days), and LLM processing caches (within 7 days). Historical benchmarks that already included your data cannot be retroactively rebuilt, but your data is excluded from all future calculations.

4. See what we have on you.

A complete report of what Verinode holds about your operation, what anonymized benchmarks include your contributions, and which Verinode team members have accessed your account in the last 90 days. Delivered within 14 days.

5. Turn off agent learning.

Settings → Privacy. Disables the use of your accept/reject responses for agent improvement. Aggregate benchmark contribution continues as membership consideration.

The full process for exercising any right (and for third parties named in operator-forwarded data) lives at verinode.ai/data-subject-request.

The Operator Advisory Council

Verinode is run by Verinode. The Council exists to keep this policy under operator-side scrutiny so the commitments stay honest as the company grows. The Council advises. It does not govern.

Composition. Five to nine appointed members. At least three Operator seats (current or recently active senior-Operator level). Up to two Industry Voice seats (Restoration-specialist lawyers, industry publishers, senior consultants, trade-association leaders). No Council member may simultaneously hold employment, equity, or paid advisory relationships with insurance carriers or carrier-aligned data vendors.

What the Council reviews. Material changes to this Data Use Policy before publication. The methodology behind benchmark and research outputs. Operator-side concerns about how data is being used or represented.

What the Council does not do.Approve or veto Verinode’s product roadmap, pricing, partnerships, or hiring. Sit on the board. Hold equity by virtue of membership.

Public reporting.Every quarterly meeting produces a public update within 30 days. An annual Council report each January covers meetings, recommendations, Verinode’s responses, and concerns raised. Unaddressed concerns are documented in the next public update alongside Verinode’s response.

Current roster and the full Charter: verinode.ai/council.

What you consent to at sign-up

The consent flow at sign-up has three explicit items.

1. Anonymized aggregate contribution (always on).

Aggregates from your operational data may be combined with other Operators’ contributions to produce peer benchmarks and research outputs, under the cohort floor and encryption rules described above. There is no toggle; ending it means ending membership.

2. Agent learning from response patterns (optional, default on).

Your accept / reject / edit responses train our specialist agents. Individual responses are never exposed; only aggregate response patterns inform agent improvement. Revocable in Settings → Privacy.

3. Public recognition as a contributing operator (optional, default off).

Your company name may appear in public lists of contributing Operators. Off by default. Your data remains in published benchmarks either way; this controls only whether your name is attached to the contributor list.

Jurisdictional notes

United States.

Verinode complies with state-level privacy laws (CCPA in California, similar laws in Colorado, Virginia, Utah, Connecticut, and others as they take effect). Where state law grants you additional rights beyond what is in this policy, those rights apply to you automatically.

European Union and United Kingdom.

Not currently supported. EU-region PII deployment and GDPR-specific protections ship before any EU operators are onboarded.

Canada.

Supported with PIPEDA-equivalent protections. The governing law for the Terms of Service and this Policy is Ontario, Canada. Verinode is currently pre-incorporation; the founder is the natural person responsible under applicable privacy law until incorporation completes.

Other jurisdictions.

Contact us. We will either confirm coverage under this policy or provide a jurisdiction-specific addendum.

Contact

• Data rights requests (export, delete, access report): [email protected]
• Data policy questions: [email protected]
• Operator Advisory Council: [email protected]
• Security incidents: [email protected]