Privacy Notice

What we collect, why, and how to control it.

The operational summary of what personal information Verinode collects, why we collect it, who we share it with, how long we keep it, and what rights you have. The structural commitments are in the Data Use Policy.

Written to be read, not skimmed. This Notice meets the operational disclosures required by GDPR Articles 13 / 14 and CCPA §1798.100.

Last updated: June 2026

Who we are

Verinode (“we,” “us”) is the data controller for personal information collected through verinode.ai and through our IQ, HQ, Research, and Advisory products. Verinode is currently pre-incorporation; until incorporation completes, the founder is the natural person responsible under applicable privacy law.

Contact for privacy matters: [email protected]. EU/EEA data subjects can use the same address until a formal EU representative is appointed.

What we collect, why, and on what legal basis

Account and operator data

  • What. Name, email, work phone, job title, role, company name, company address, service mix, business size.
  • Why. To operate the platform, route signals, generate operator-level analytics, and bill where applicable.
  • Lawful basis (GDPR). Contract performance (Art. 6(1)(b)) for account operation; legitimate interest (Art. 6(1)(f)) for analytics; consent (Art. 6(1)(a)) for benchmark contribution and behavioural telemetry.
  • Retention. For the life of the account plus 12 months; thereafter deleted or anonymized.

Operator business data

  • What. Jobs, costs, supplements, vendor relationships, carrier and TPA relationships, certifications, equipment, team members, financial periods, insurance policies.
  • Why. This is the operator’s own business data. We process it on the operator’s behalf to surface intelligence, decisions, and benchmarks back to that operator. We never sell it to insurance carriers. The binding commitment lives in the Data Use Policy.
  • Lawful basis. Contract performance (we are a processor for the operator).
  • Retention. Seven years (industry standard for restoration claim records); operator-configurable down to three years (insurance claim statute of limitations minimum). Operators may trigger erasure at any time.

Forwarded email content (data contributors only)

  • What. Emails forwarded by data contributors (typically project managers, estimators, claims admins) from their work accounts to their per-user Verinode address. Includes message bodies, attachments, sender addresses, and the identities of third parties (insurance adjusters, TPA staff, customers and homeowners) named in the chain.
  • Why. To extract structured supplement records, decision outcomes, and adjuster intelligence so the operator can negotiate better and learn from patterns across their own book of work.
  • Lawful basis. Consent of the contributor (Art. 6(1)(a)); legitimate interest balanced against third-party rights for the adjuster identity portion (Art. 6(1)(f)).
  • Retention. Raw emails 90 days hot, then 12 months cold (metadata and attachment hashes only), then full purge. Extracted structured data follows the operator-data seven-year retention.

Behavioural telemetry

  • What. How you interact with the platform. Feed item actions (act, not now, dismiss with optional reason), agent conversation outcomes (helpful, unhelpful, which artifacts you used, how many turns to action), and signal lifecycle timing.
  • Why. To improve the product and to make our internal AI agents (margin analyst, vendor economist, carrier scorecard analyst, safety coach, and others) better at giving grounded recommendations rather than generic AI advice. This is internal-only learning. Your data is not sent to OpenAI, Anthropic, or any external model vendor for training. Frontier-model inference uses Zero-Data-Retention API mode.
  • Lawful basis. Consent (Art. 6(1)(a)). Opt-in via the behavioural-data consent flag (per-user, default off) and revocable from Settings → Privacy. Revocation evicts the in-flight benchmark cache immediately and removes contributions from future aggregations within seven days.
  • Retention. Raw rows in the PII layer retained 12 months; anonymized aggregate patterns retained indefinitely (no link back to you).

Agent learning corrections

  • What. When you correct a value our LLM extracted incorrectly (for example a wrong vendor name or wrong document type), we record the field, the before and after values, and a snippet of the extraction context.
  • Why. To improve extraction accuracy on your subsequent uploads (your operator-specific context cache is invalidated immediately so the next extraction sees the corrected fact) and, in anonymized form, to inform prompt improvements globally.
  • Lawful basis. Contract performance (Art. 6(1)(b)). Improving the product you are paying for.
  • Retention. Indefinite while your account is active. Deleted within 30 days of an erasure request.

Third-party PII (adjusters, TPA staff)

  • What. Name, work email, work phone, role and title, signature data, response timing, decision patterns. Extracted from emails forwarded to us by data contributors who lawfully received them.
  • Why. To give the operator coherent intelligence about their carrier relationships (which adjusters approve fastest, who folds on escalation, who denies most often).
  • Lawful basis. Legitimate interest (Art. 6(1)(f)) under a balancing test that prioritises the operator’s operational interest in negotiating supplements, the contributor’s lawful possession of the email content, the third party’s expectation that work communications may be analysed by the recipient organisation, and our commitment to never sell, share, or aggregate this data back to insurance carriers in identifiable form.
  • Retention. Linked to the supplement or decision record; aggregate operator intelligence retained per the operator-data retention policy.
  • Right to object. Adjusters can request exclusion by emailing [email protected]. Verified requests are honoured within 30 days.

Cookies and similar technologies

  • What. Session cookies (essential for authentication), preference cookies (theme, dark mode), analytics cookies (Vercel and Cloudflare default analytics).
  • Why. Essential for the site to function; preference for personalisation; analytics for performance.
  • Lawful basis. Essential cookies under the strictly-necessary exception; preference and analytics under consent (cookie banner).
  • Retention. Session cookies expire on logout; preference cookies 12 months; analytics per Vercel and Cloudflare default.

LinkedIn integration (connected third-party)

  • What. Only if you choose to connect your LinkedIn account: an OAuth access token, an optional refresh token, your LinkedIn member identifier (the OpenID sub), the scope you granted, and connection timestamps. We do not store your LinkedIn name, photo, or any other profile content.
  • Why. So you can publish a post, or share a Verinode research article, to your own LinkedIn profile in one step. We post only the content you compose and approve, to your own account.
  • Lawful basis. Consent (Art. 6(1)(a)), given through LinkedIn’s authorization screen and revocable at any time by disconnecting in Settings.
  • How it is stored. Tokens are encrypted at rest with our key-management root key and held in the PII layer (deny-all access). They are never included in a data-access export and never shared with anyone.
  • Retention. Kept while the connection is active. When you disconnect, we revoke the token with LinkedIn and delete the stored tokens. The connection is also deleted on an erasure request.

Who we share data with

We share data only with:

  1. 1.Sub-processors that operate the platform on our behalf. The full list is available on request to [email protected] and is updated when sub-processors change.
  2. 2.The operator’s own authorised users. Within an operator account, data is shared among the team members the operator has invited.
  3. 3.Industry advocacy partners. Only aggregated, anonymized data, and only on operator-friendly terms. Never identifiable per operator or per adjuster.
  4. 4.Legal authorities. Only when required by law (subpoena, court order, regulatory request). We notify the affected operator when legally permitted.

We do not share with:

  • ·insurance carriers (Verisk, Cotality, primary insurers) in any form that identifies an operator or an adjuster;
  • ·advertising networks;
  • ·data brokers;
  • ·AI model training partners outside the contractual sub-processors we use to operate the platform.

Connected third-party integrations

Some features let you connect an outside service that you control directly. LinkedIn is the current example: when you connect it, you authorize Verinode to post content you compose to your own LinkedIn profile, and the content you publish goes to LinkedIn. These services are connected third parties, not sub-processors. You initiate the connection, you decide what is published, and you can revoke access at any time by disconnecting. LinkedIn acts as an independent controller of whatever you post, governed by its own privacy policy. We never send your operator business data, benchmarks, or other operator content to these services.

International transfers

If you are outside the United States, your data may be processed in the US. For EU/EEA data subjects, transfers rely on the European Commission’s Standard Contractual Clauses (SCCs, 2021/914) executed with each US-based sub-processor.

Regional deployment (including EU) is available for enterprise customers on request.

Your rights

Depending on where you live, you have some or all of these rights.

Access.
Get a copy of your personal data. Available in-app via Settings → Privacy, or by emailing [email protected].
Rectification.
Correct inaccurate data. Edit in Settings, or email [email protected].
Erasure (right to be forgotten).
Delete your data. Request from Settings → Privacy or email [email protected]. 72-hour SLA.
Restriction.
Pause certain processing. Toggle consents at Settings → Privacy.
Portability.
Get a machine-readable export of your data. Available in-app.
Object.
Object to processing on legitimate-interest grounds. Email [email protected].
Withdraw consent.
Revoke consents you previously gave. Toggle off at Settings → Privacy. Immediate effect on new processing.
Complaint.
Complain to a supervisory authority. EU/EEA: your local DPA. UK: the ICO. California: the California Attorney General.

Adjusters and other third parties whose identity appears in operator-forwarded emails can object via [email protected].

How we secure your data

  • ·Encryption in transit. TLS 1.3 on every connection; HSTS enforced.
  • ·Encryption at rest. Database and storage encrypted at AES-256-GCM. Identifying operator data is additionally column-encrypted with a Vault Key only the operator holds.
  • ·Access control. Least-privilege role-based access; service-role keys for cross-tenant operations are server-side only. The browser-side client is used for authentication only, never for data queries.
  • ·Tenant isolation. Row-level security on every table containing operator data. The PII schema is deny-all by default.
  • ·Audit logging. Consent changes, role changes, intelligence-layer queries, agent prompt changes, extraction corrections, and erasure requests all write to append-only audit tables.
  • ·Rate limiting. The intelligence layer enforces 100 benchmark queries per operator per minute to prevent enumeration attacks.
  • ·Vendor security. Sub-processors evaluated annually; SOC 2 Type 2 / ISO 27001 reports verified.
  • ·Zero-Data-Retention with LLM providers. Anthropic and OpenAI both contractually honour Zero-Data-Retention. They do not retain or train on our prompts. Verified quarterly.
  • ·Substantive compliance. Verinode is designed to meet SOC 2, ISO 27001:2022, GDPR, and CCPA requirements. Formal external certification is on the roadmap.

Full security and incident-response procedures are documented internally and available to enterprise customers under NDA.

Children

Verinode is a B2B platform for restoration operators. We do not knowingly collect data from anyone under 16. If you believe we have, contact [email protected] and we will delete it.

Updates to this Notice

We update this Notice when our practices change. The version number and effective date at the top change with each update. Material changes are announced via email to operators and a prominent banner on the platform. We retain prior versions; previously accepted versions remain on record.

Contact

For any privacy question, request, or complaint: [email protected].

This is a living document. Material changes are announced in advance and require renewed acceptance for active operators.