Privacy Policy
Last updated June 25, 2026
Introduction
Welcome to Veridia Technologies LLC (“Veridia,” “Our,” “We,” or “Us”). Veridia provides employers with a simple platform to onboard their employees, including the completion of federal onboarding forms such as the Form I-9 and Form W-4, along with the employer's own company documents.
We understand the impact Our privacy practices may have on You when You share data with Us, and We are committed to protecting Your privacy in all aspects of Our business. This Privacy Policy (“Policy”) explains what information We collect from Our end users, clients, partners, and Site visitors (“You,” “Your”); how We use that information; and the rights You may have with respect to Your Data.
To use certain features of Our Site or to access specific products and Services, We may need to process certain Personal Data. Where the processing of Personal Data is not essential to providing the Services, We give You the mechanisms necessary to manage Your preferences, as described in this Policy. If You do not agree to the processing of Personal Data that is essential to the functionality of the Site or the Services You request, You may not be able to use those features or Services.
Your Acceptance of This Policy and Modifications
We may change this Privacy Policy from time to time in Our sole and reasonable discretion. If We make material changes that alter Your rights or affect Your personal or sensitive data, We will notify You — and, where applicable, request Your active consent — by revising the date at the top of this page and providing written notice (such as a statement on Our homepage, an email, or a notification).
Any amended Policy supersedes all prior versions and is deemed accepted upon Your continued use of the Sites or Services, unless agreed otherwise in a valid, enforceable written agreement between Us and You.
Important Privacy Practice Notes
- We do not sell Your Data, and We do not share it for targeted or cross-context behavioral advertising or with any third party that is not required to provide You with the Services or Site.
- Some of Our Services may collect, store, transmit, or otherwise process sensitive data — including individually identifiable health information or PHI — in connection with Your use of the Sites or Services.
- Our Sites, Services, and communications may involve interactions with third parties regarding Your Personal Information. We engage trusted Sub-processors to perform specific services on Our behalf. When these providers process Your data as Sub-processors, that processing is covered by this Policy.
- For Your convenience, Our Sites, Services, or communications may contain links to websites, services, or products provided by third parties. When You click such a link and leave Our Site, any information You provide to those third parties — or that they collect from You — is governed by their own privacy policies. We are not responsible for the content, privacy practices, or data security of these independent sites, and We encourage You to review their policies before sharing any Personal Information.
- We may use single sign-on (SSO) integrations to offer third-party solutions or products. These links and integrations do not mean that We (a) endorse those websites, products, or services; (b) warrant the quality, usability, or accuracy of the information they present; or (c) warrant their privacy practices or data security. You acknowledge that We are not liable for the collection or use of Your information by third parties or third-party offerings, even when those offerings are made available through Our Sites or Services. The privacy practices of third parties are governed by their own policies.
- Our Services are intended for adults using the platform in connection with their employment. We do not knowingly collect Data from anyone under the age of 18, and the Sites and Services are not intended for use by minors. Consistent with COPPA, if You believe We have unintentionally collected information from a minor, please notify Us so that We may promptly delete it.
- Veridia does not provide professional legal, tax, or accounting advice or services. You should seek independent professional advice in these areas if needed.
Definitions
The following terms are used throughout this Policy.
- “Affiliate”
- means any entity that controls, is controlled by, or is under common control with Veridia Technologies LLC. Veridia currently has no Affiliates; references to Affiliates in this Policy apply only if Veridia's corporate structure changes in the future.
- “Business Information”
- means Your job title or department; and Your employer's name, phone number, postal address, payment information, company type, industry, and size.
- “Client”
- means a customer authorized by Us to access and use the Services, or a customer contracted directly with Us for the Services. For Veridia, a Client is typically an employer using the platform to onboard its employees.
- “Consent”
- means any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes — by a statement or clear affirmative action, written or verbal — that signifies agreement to the processing of personal data relating to You.
- “Cookies”
- means small text files that a web server in a given domain can read after placing them on Your device.
- “COPPA”
- means the Children's Online Privacy Protection Act.
- “Data”
- means, collectively: Order Information, Payment Information, Personal Information, Usage Data, Business Information, User Information, Sensitive Data, and User Content.
- “Data Controller”
- means the entity or natural person that determines the purposes and means of processing personal data. In some instances, Veridia may be the Data Controller.
- “Data Processor”
- means an entity or natural person that processes personal data on behalf of a controller. In some instances, Veridia may be the Data Processor.
- “Data Subject”
- means a natural person whose personal data is processed by Us.
- “Order Information”
- means information such as company name, contact name and details, products or services purchased, shipping address, telephone number, email address, and billing address.
- “Partner”
- means an entity that purchases subscriptions to the Services and is authorized by Us to provide access to and use of the Services to, or on behalf of, a Client.
- “Payment Information”
- means information required to process orders for the Services, such as Your name, credit card information, billing information, address, expiration dates, and processing codes.
- “Personal Information”
- means information associated with or used to identify You, such as Your first and last name, email address, postal address, phone number, and certain Usage Data under applicable law.
- “PHI”
- means protected health information as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Privacy Rule.
- “Sensitive Data”
- means government identifiers (such as a Social Security number, driver's license, state ID, or passport number) and citizenship or immigration status, which We collect as necessary to complete employment-eligibility and tax-withholding forms; financial account information; and any information that reveals race or ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns an individual's health.
- “Services”
- means the Veridia employee-onboarding platform and related applications, solutions, and products, which enable employers to onboard employees — including the completion of forms such as the Form I-9 and Form W-4 and the employer's own company documents.
- “Sites”
- means Veridia's website at www.veridia.tech and its subpages.
- “Third-Party Service Provider”
- means a third party that performs work for Us, or a portion of the Services on Our behalf.
- “UDID”
- means Your city location, device model and version, and device identifier.
- “Usage Data”
- means information about Your activity on the Site or Services that does not, by itself, identify You, such as: (a) browser type, operating system, webpages visited, access times, links clicked, and the page visited before navigating to Our Site or Services; (b) technical information about the device You use, including hardware model, operating system and version, unique device identifiers, location data, IP address, domain name, internet service provider, or network information; (c) information searched for, observed, or accessed while using the Services; or (d) metadata related to User Content, such as date, time, or location.
- “User”
- means any individual or entity that uses the Site or Services on behalf of a Client or Partner, or through the account or credentials of either — whether authorized or not — including employees, contractors, and agents. For Veridia, a User is typically an employee being onboarded by an employer.
- “User Content”
- means content uploaded or submitted by Users, such as information, documents, images, photographs, videos, notes, sounds, data, and posts.
- “User Information”
- means information such as name, username, password, email address, phone number, and address.
- “You” or “Your”
- means the individual visiting, accessing, or using the Site or Services — whether in their individual capacity or as a User, Partner, or Client, as the context requires.
Data We Collect and How We Use It
When We Collect Data From You
We may collect Data from You when You:
- Visit Our Site or use Our Services;
- Interact with one of Our chatbots or digital assistants;
- Interact with any of Our features, tools, or Services powered by artificial intelligence (AI), generative AI, large language models (LLMs), or machine learning (ML);
- Interact with Us online, by webinar, by phone, through customer support, or by email or other correspondence;
- Interact with Us in person, at an event or trade show (including with Our employees, agents, representatives, partners, Affiliates, or contractors);
- Opt in to Our marketing campaigns, newsletters, alerts, notifications, promotions, offers, or deals;
- Submit User Content to Us, directly or through Our Sites or Services;
- Submit a form or contact Us on Our Sites;
- Post information, comments, testimonials, or reviews about Us online;
- Interact with targeted online content that We or Our Third-Party Service Providers provide through third-party websites, communications, or applications;
- Are referred to Us by a third party, with Your consent; or
- Interact with Our third-party social media accounts.
Categories of Data and How We Use Them
Depending on how You use Our Sites and Services, We may collect the following categories of Data.
Personal Information and Business Information. We collect Personal Information that You voluntarily provide when You: (1) create an account or sign an order form; (2) express interest in Our Services or sign up to receive emails, marketing, or promotional information; (3) fill out a form or contact customer support, online or offline; (4) are given access to the Sites and Services by a Partner who shares Your information with Us so We can provide them; or (5) are referred to Us by a third party who, with Your consent, shares Your Personal Information for marketing or transactional Services. All Personal Information You provide must be true, complete, and accurate, and You must notify Us of any changes.
We may also collect Business Information directly from a Partner sponsoring Your access, or from a third party that has referred You. We use Your Personal Information solely to provide You with the Services and Site, and We do not share it with any third party not required to do so. You own Your Personal Information — We only process it to provide You the Services.
Biometric information. To confirm that the person completing onboarding matches their identity document, the Service may capture a selfie or live image and compare it to the photo on the document, using face-matching and liveness-detection technology. This biometric comparison is used solely to verify identity, is not used for any other purpose, is not sold, and is not stored after the verification is complete — it is retained only as briefly as needed to perform the match and is then deleted. Where required by law, We process biometric information only with appropriate notice and consent.
Payment Information. When You purchase Services, sign up to use them, or enter into an order form, We may collect Payment Information needed to process Your order. We do not store Payment Information. Instead, We use third-party payment gateways that store it in encrypted form under the Payment Card Industry Data Security Standard (PCI-DSS). By providing Payment Information, You: (1) represent and warrant that it is accurate and that You are authorized to use it; (2) agree to its collection for the purposes described here; and (3) where applicable, agree to automatic renewal charges if You have opted into a renewing subscription. We are not liable for payment issues, security incidents, or data breaches that occur at third-party payment gateways.
Usage Data and UDID. When You visit the Sites or use the Services, We may automatically collect Usage Data — such as Your IP address, the date, time, and duration of Your visit, the referral URL, the pages visited, and information about Your device and browser. We may also collect visitor data through third-party services such as Google Analytics to better understand visitor behavior, demographics, locations, and other metrics used to improve the Site and Services. We may additionally collect Your city location, device model and version, device identifier (UDID), and OS version. We collect this information to maintain the security and operation of the Services and for internal analytics and reporting. We do not sell or share Usage Data. We use it to diagnose and secure Our servers, administer proper use of Our websites, and improve and market the Services. Your IP address is also used to gather broad demographic information that does not personally identify You.
User Content. We may collect User Content that You provide through Our Sites or Services. By providing User Content, You represent and warrant that You have the rights, consents, and licenses required to do so. Depending on the Services You use and how You access them, We may share User Content with administrators, employers, sponsors, brokers, or Partners You have authorized. You may have the right to opt out of such sharing in certain circumstances. We do not own User Content; Clients own the User Content uploaded to or created through the Sites and Services.
Online Identifiers and Cookies. We may use cookies, web beacons, server logs, and similar technologies (“Data Collection Tools”) to collect Usage Data and improve Your experience. Web beacons (also called “tracking pixels”) are electronic images used within Our Site, Services, or emails. The information We receive through these tools does not contain personally identifying information, but it does help Us improve Your experience, see which features are popular, count Site visits, understand campaign effectiveness, and determine whether an email has been opened. Cookies also let Us store preferences and settings, enable sign-in, combat fraud, and analyze performance. Most browsers accept cookies by default; You can usually set Yours to remove or reject them, though doing so may affect certain features.
Feedback. We may collect Data when You provide feedback about the Sites or Services, whether online, by phone, or by email. Feedback You provide is owned exclusively by Us, except for any portion containing Your own Data. We use feedback only to analyze, develop, and improve Our business, Sites, Services, and customer support. You will not have any ownership, credit, or royalty rights in any work product We create from Your feedback.
Mobile Device Data. We may automatically collect device information (such as Your mobile device ID, model, and manufacturer), operating system and version, and IP address. We use Mobile Device Data for internal analytics only. We do not sell or share this data with any third party unless required to provide You the Services or Site.
Order Information. When You sign an order form to purchase the Services, We collect Order Information. We need this to process Your order; track, calculate, and apply any applicable credits, offers, or promotions; and contact You with invoices, billing, and account information.
Third Parties. When Data is transmitted to Us by third parties, We take measures to ensure it was collected lawfully and that the intended processing is permitted — including contractual safeguards, due diligence, and processing under applicable law. If We did not obtain Personal Information directly from You, We will inform You of the types of Personal Information received, the purposes for which We collect and use it, the types of non-agent third parties to which We may disclose it, and the choices We offer for limiting its use and disclosure.
Text Messaging (SMS)
When an employer uses Veridia to onboard a new hire, We send SMS text messages on Your employer's behalf to the mobile number provided — for example, a secure link to begin onboarding, identity-verification prompts, and related reminders. These are transactional onboarding messages, not marketing messages. Message frequency varies based on Your onboarding activity. Message and data rates may apply. You may reply STOP at any time to opt out, or HELP for help; You may also contact Us at help@veridia.tech.
Your employer must obtain Your consent before any message is sent — for example, in the offer letter or onboarding paperwork — and consent is never a condition of employment.
Reply STOP to stop future messages. To have Your mobile number removed from onboarding records, contact Your employer, who controls that data. See also Our Messaging Terms.
We do not sell mobile information, and We do not share mobile information — including mobile phone numbers and SMS opt-in or consent data — with third parties or affiliates for marketing or promotional purposes. We share it only with the service providers that help Us deliver these messages, such as Our messaging provider. Text-messaging originator opt-in and consent data will not be shared with any third parties.
Separately, Veridia acts as a service provider to Your employer. To provide the Services, We deliver Your onboarding record — which can include Your mobile number — to Your employer and the systems it designates, such as payroll or HRIS. Your employer controls that data. This is service delivery, not a sale and not a marketing share, and it never includes Your SMS opt-in or consent data.
General Use, Processing, and Transfers of Data
How We Use Data
In general, We use Data to provide Our Sites and Services, to perform Our agreements with Partners, Clients, and Users, and for related business purposes — such as product development, marketing, and legal compliance. Specifically, We use Data:
- To provide the Site and Services;
- To operate, maintain, develop, improve, or personalize the Services and other products We offer;
- To provide customer service and support, and to respond to Your comments, questions, and requests;
- To send technical notices, updates, security alerts, and support or transactional messages relating to Your account.
For the following purposes, We exclude Sensitive Data and User Content unless We have Your consent:
- To share aggregate, de-identified, or anonymized Data with authorized third parties;
- To communicate with You about products, offers, promotions, rewards, and events, unless You have opted out;
- To monitor and analyze trends, usage, and activities in connection with the Services;
- To assess and improve the effectiveness of Our marketing and promotional activities;
- To process Your transactions and send related information, such as confirmations and invoices;
- To refer You to third-party providers at Your request or with Your consent;
- To develop new products and services or improve existing ones;
- To power and develop solutions and Services that use artificial intelligence or machine learning;
- To improve Our AI models and features intended for Your use with the Services;
- To provide data insights to a Client's Partner or sponsor;
- To enforce Our Terms of Service and other applicable agreements or policies; and
- To carry out any other lawful purpose for which the information was collected.
We may derive information or draw inferences from Data collected when You use the Services — for example, inferring Your interest in Our products based on Your usage and past purchases. To improve the Services, We may use collected information in aggregated or de-identified form. We may combine Data You provide directly with other information We collect about You, and use the combined information as described in this Policy. Sensitive Data and User Content are not used for any purpose beyond the consented purposes.
Machine Learning and AI
With Your consent where required, and subject to Our agreements with the applicable Client, We — together with Our authorized Sub-processors, contractors, and agents — may use Your Personal Information and, where permitted, User Content to:
- Develop, train, or enhance AI or machine learning models, products, services, and features that are or may become part of Our Services (collectively, “AI Services”); and
- Analyze Your inputs, outputs, usage, and feedback relating to the AI Services, which We use in aggregate or de-identified form.
We do not use Sensitive Data — including Social Security numbers, other government identifiers, or citizenship and immigration status collected through onboarding forms — to train Our AI models. Where We act as a Service Provider or processor on behalf of a Client, We use Client and employee Data for AI training only to the extent permitted by Our agreement with that Client. Nothing in this section reduces Our obligations under applicable data protection and privacy laws.
Where We Process Data
We will only process Your Data as described in this Policy and for the purposes stated here. We process and host Data in the United States. We require all hosting services, Sub-processors, and Third-Party Service Providers to limit their access, use, sharing, and disclosure of Data through contractual commitments and required security and privacy standards.
Onward Transfers of Data
Veridia primarily stores and processes data about Clients and Site visitors in the United States. Where a business process requires Us to share Data relating to Clients or Partners with a third party, We bind that recipient by contract to use the Data only for the specified purpose and to provide an adequate level of data protection consistent with this Policy. This does not apply where a transfer is carried out under a statutory or other permissible legal obligation.
All uses of User Content and Sensitive Data must comply with this section; to the extent of any inconsistency with uses described elsewhere in this Policy, this section controls. When We become aware that an agent is using or disclosing sensitive information contrary to this Policy, We will take reasonable steps to prevent or stop it. We may be required to disclose an individual's personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Security, Incidents, Disclosure, and Retention
How We Keep Your Data Safe
We are committed to protecting Your Data and implement appropriate, industry-standard administrative, technical, organizational, and physical safeguards, including:
- Encryption in transit and at rest. Transport Layer Security (TLS) encryption, with both server authentication and data encryption, protects Data in transit on Our Site so that it is available only to authorized persons. We use industry-standard TLS whenever You send Us payment and billing information, and We encrypt sensitive information when We store it.
- Secure hosting. Our systems are hosted in cloud services selected, in part, for their use of firewalls, intrusion detection systems, and other technology that helps prevent outside access.
- Need-to-know access. We store Your Data in a secure operating environment accessible only to Veridia employees, agents, and contractors on a need-to-know basis, under contracts that require them to keep Your Personal Information private and secure.
Our technical safeguards also include:
- Unique password requirements and limited employee access;
- Destruction, deletion, or de-identification of Data, when permissible and applicable;
- Industry-standard security protocols;
- Employee training on handling sensitive data and breach procedures;
- Server authentication, data encryption, and firewalls;
- A designated security coordinator on the Veridia team;
- Contractual obligations binding Sub-processors, sub-contractors, and third parties to equivalent security practices;
- Backups; and
- Periodic audits and penetration testing.
No information system can be made 100% secure, and We cannot guarantee the absolute security of Your Data. We are not responsible for the security of information You transmit over networks We do not control, including the internet and wireless networks, or for data stored on Your device. You should only access the Services within a secure environment.
Data Breach Response
We will comply with all applicable international, federal, and state laws requiring notification to individuals, entities, or agencies in the event of a security incident or data breach, depending on the Data Subject's location. When We reasonably suspect or become aware of an unauthorized disclosure, data breach, or security incident involving any Data, We will notify the affected Client without undue delay — and, where Veridia is the controller of the affected Data, the affected individual — and We will mitigate the damage to the greatest extent reasonably possible. Where We act as a Service Provider or processor, We will support the affected Client in meeting its own notification obligations.
In the event of an actual data breach or unauthorized access to or disclosure of sensitive or personal data, the written notice (provided to the affected Client and, where Veridia is the controller, to You) will include, where available and known:
- What happened (the date or estimated date range of the incident);
- What information was involved (the types of personal information);
- What We are doing to resolve or mitigate the issue (and whether notice was delayed by a law enforcement investigation);
- What You can do to help;
- How You can get more information or contact Us;
- What We have done to protect affected individuals;
- Steps the affected person can take to protect themselves; and
- The steps We have taken to remediate the breach and the estimated timeframe for doing so.
To protect Your Data, We may suspend Your use of the Services without notice during an investigation if a security breach is suspected. Such suspension will not be considered a breach of any applicable agreement between Us and You.
How We Disclose Your Data
Veridia does not sell, license, trade, or otherwise share Your Personal Information or any personally identifiable information with any entity or person, except as expressly described in this Policy or where We have a legal basis to do so. You always have the right to withdraw any consent You previously provided by contacting Us at privacy@veridia.tech.
In addition to the processing and transfer practices described above, We may disclose Your Data in the following circumstances, and as otherwise permitted by applicable law:
- With Your consent. With Your consent or at Your direction, including where We notify You through the Sites or Services that the information You provide will be shared in a particular manner and You provide it.
- With Partners. With Partners, so they understand their Client's use of the Services, or to perform functions initiated by Partners or on behalf of Clients or Users. Data Subjects must consent before We transfer their Sensitive Data or User Content.
- With Sub-processors and Service Providers. With Sub-processors that process Your Data so that You can access and use the Services.
- To authorizing persons. If You use the Services on behalf of another person or organization (such as Your employer), We may provide Your Data to that authorizing party. We have no control over their use of Your Data, and that use is not subject to this Policy. If You do not want Your Data disclosed to that party, You should contact them directly and provide Us with written notice of Your election to opt out; if You do, We cannot guarantee the Services will remain available to You.
- To service providers. We may provide Your Data to suppliers and Service Providers in connection with operating Our websites and delivering the Services — for example, payment processing, analytics, customer support, billing, and maintenance. We require them to use Your Data only for the purposes for which it is provided and to protect it consistently with this Policy. If You do not want Your Personal Information disclosed to Our Service Providers, You may not be able to use the Site or Services.
- In business transfers. If We undergo a business transfer — such as a merger, restructuring, acquisition, or sale of all or part of Our assets — You acknowledge and consent to the transfer and continued use of Your Data by the recipient, provided they comply with this Policy or a similar one. We will notify You by email or a prominent notice on the Sites of any such change.
- For law enforcement and legal reasons. We may disclose Your Data to legal or professional counsel, or to a government agency or court that has asserted lawful authority — including in response to investigations, subpoenas, warrants, or court orders, or where We reasonably believe the information may be useful in investigating unlawful activity. We will do Our best to disclose only the necessary and required Data.
- As aggregated or de-identified information. We may provide aggregate statistics about Our Clients, sales, and traffic patterns to third parties, but these statistics will not include personally identifying information. To the extent permitted or required by law, You can opt out of having Your information shared by contacting Us at privacy@veridia.tech, though doing so may affect Your ability to use the Services.
Legal Bases for Processing
We process information on behalf of Our Partners, Clients, and Users, in which case We act as a Data Processor. We will only use Your Data where We have a lawful basis to do so. You have the right to request that Your Data not be processed by Us, though this may impair the quality and deliverability of Our Services. Our lawful bases include:
- Contractual necessity. We may process Data to perform Our obligations and exercise Our rights under this Policy, the Terms of Service, or service agreements that enable Us to provide the Services. Where We process Data due to contractual necessity, failure to provide it will result in Your inability to use some or all of the Services that require it.
- Legitimate interest. We may process Data when We have a legitimate business interest, such as operating, analyzing, and improving the Services; marketing; providing customer support; protecting against fraud and security threats; completing corporate transactions; and complying with legal obligations.
- Consent. In some cases We process Data based on consent You grant at the time of collection. We will indicate this at the point of collection, and You may withdraw Your consent at any time by emailing Us at privacy@veridia.tech with the user ID or email address associated with Your account so We can verify and honor Your request. Some Sensitive Data — such as the government identifiers and citizenship or immigration status required to complete the Form I-9 and Form W-4 — is collected as a legal and employment necessity rather than on the basis of consent. For other Sensitive Data that is not necessary to provide the Services — such as information revealing health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or sex life — We will request consent before collecting it.
- Other grounds. From time to time, We may need to process Data to comply with a legal obligation (such as a court order, subpoena, audit, or investigation), to protect Your vital interests or those of other Data Subjects, or for a task carried out in the public interest.
Data Retention
Unless You request the deletion of Your Data, We keep the Data We collect for as long as reasonably necessary to fulfill the purposes for which it was collected, to perform Our contractual and legal obligations, and for any applicable statute-of-limitations periods for bringing or defending claims. When We no longer have a legitimate business need to process Your Data, We will delete, de-identify, or anonymize it. If deletion is not immediately possible (for example, because Data is stored in backup archives), We will securely store it and isolate it from further processing until deletion is possible.
If You have elected to receive marketing communications, We retain information about Your marketing preferences for a reasonable period from the date You last expressed interest in Our products — such as when You last opened an email from Us or stopped using Your account. We retain information derived from cookies and similar technologies for a reasonable period for analytics and internal business purposes.
Do Not Track
Some browsers and mobile operating systems include a “Do Not Track” (DNT) feature, or send opt-out preference signals such as the Global Privacy Control (GPC). Because We do not sell Personal Information and do not use it for targeted or cross-context behavioral advertising, We are not required to act on these signals, and at this time Our Sites and Services do not respond to DNT signals. We remain committed to providing meaningful privacy choices, and You may still control the collection and use of certain information through other means — such as adjusting Your device or browser settings or opting out of specific data collection practices described in this Policy. Our third-party service providers and other parties may have their own policies regarding these signals, which We encourage You to review.
Your Data Rights
All U.S. Residents
You have certain rights with respect to Your Data, and We want to help You review and update Your information to keep it accurate. We may limit or reject a request in certain cases — for example, if it is frivolous, unverified, or unduly burdensome; if it jeopardizes the rights of others; if it is not required by law; if the burden of providing access would be disproportionate to the privacy risk; or if it would materially alter how We provide the Services. In some cases, We may need additional information to verify Your identity and the nature of Your request. We will take reasonable steps to respond to all requests within 45 calendar days.
How requests are handled. For much of the Data We process — including onboarding records such as the Form I-9, Form W-4, and employer documents — Veridia acts as a Service Provider (processor) on behalf of Your employer, who is the controller of that Data. If You are an employee and Your request concerns onboarding Data, We will forward Your request to Your employer and assist them in responding; in many cases You should contact Your employer directly. For Data where Veridia is the controller (such as information collected from Site visitors or Our own marketing contacts), We respond to Your request directly.
To exercise any of the following rights, contact Us at privacy@veridia.tech:
- Access. Request more information about, and a copy of, the Data We hold about You.
- Rectification. Request that We correct, edit, or supplement information that is incorrect or incomplete.
- Erasure. Request that We delete some or all of Your Personal Information. Note that if You request deletion of information required to provide the Services, Your account will be deactivated and You will lose access to the Services, forfeiting any refunds, credits, or other outstanding items. Disposition may include shredding hard copies; erasing, freezing, anonymizing, or de-identifying data; or otherwise making the information unreadable — unless retention in original form is required by law enforcement, legal proceeding, court order, or subpoena.
- Portability. Request a copy of Your Personal Information in a machine-readable format, and request that We transmit it to another controller where technically feasible.
- Withdrawal of consent. Where We process Your Personal Information based on consent, withdraw that consent at any time by writing to Us. If You do, You may need to provide express consent on a case-by-case basis where a particular use or disclosure is necessary to provide some or all of the Services. Where We act as a Data Processor on behalf of a Client, requests to withdraw consent will be directed to and completed by that Client. For questions about end users' rights over their Data, email Us at privacy@veridia.tech.
- Objection. Let Us know that You object to the further use or disclosure of Your Personal Information for certain purposes, such as marketing.
- Restriction of processing. Ask Us to restrict further processing of Your Personal Information.
- Opt out of marketing communications. Use the “unsubscribe” function in any marketing email. You cannot unsubscribe from transactional emails or those containing important information about Your account, rights, or responsibilities, and You will continue to receive these for as long as You have an account with Us.
- Disable cookies. Disable cookies before visiting the Sites, though doing so may prevent certain features from working properly.
- File a complaint. File a complaint about Our data or privacy practices with the supervisory authority in Your jurisdiction.
Exercising your rights. To request more information or to exercise the rights described above, contact Us by:
- Calling Us at 1-801-797-1310; or
- Emailing Us at privacy@veridia.tech describing the nature of Your request.
Only You, or someone legally authorized to act on Your behalf, may make a verifiable consumer request. You may make a verifiable request for access or data portability twice within a 12-month period. The request must provide enough information for Us to reasonably verify that You are the person about whom We collected the information (or an authorized representative) and must describe Your request in enough detail for Us to understand and respond to it. We cannot respond if We cannot verify Your identity or authority. We will use the information You provide in a request only to verify Your identity or authority. We endeavor to respond within 45 days; if We require more time (up to 90 days), We will inform You of the reason. Any information We provide will cover only the 12-month period preceding the request.
Links to Other Websites
Our Sites and products may contain links to other sites, products, or services operated by independent third parties that We think may interest You or that are offered as part of Our Services. We encourage third parties to follow appropriate privacy standards, but We make no warranties regarding the privacy or data practices of any third-party website You access through Our Sites, applications, or communications.
Supplemental Rights for California Residents
If You are a California resident, You have additional rights under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA), as described below.
Personal Information collected. We do not sell Your Personal Information, and We do not share it for cross-context behavioral advertising. We share Data only so that We — and Our Partners and authorized third parties — can provide the Services to You. We collect information that identifies, relates to, describes, or could reasonably be linked with a particular user, household, or device (“CCPA Personal Information”). The categories We have collected from Site Users within the last 12 months are described in Appendix A. Personal Information does not include publicly available information, information from public government records, de-identified or aggregated information, or other information excluded from the CCPA's scope. We will not collect additional categories of Personal Information, or use the information We collected for materially different or incompatible purposes, without notice to You.
Disclosing Personal Information. In the preceding 12 months, We have disclosed identifiers and California Customer Records personal information categories for the business purposes described in this Policy.
Sale of Personal Information. In the preceding 12 months, We have not sold any of Our Users' Personal Information.
Your California rights. Under the CCPA and CPRA, California residents have the rights to: (1) notice; (2) access and to request; (3) know; (4) delete, anonymize, or de-identify; (5) opt out; (6) non-discrimination; and (7) notice of financial incentive. We may deny a deletion request where retaining the information is necessary for Us or Our service providers to complete certain business purposes, contractual obligations, or legal obligations. To exercise these rights, write to Us at privacy@veridia.tech.
Access to specific information and data portability. You may request that We disclose information about Our collection and use of Your Personal Information over the past 12 months. Once We receive and confirm Your verifiable request, We will disclose:
- The categories of Personal Information We collected about You;
- The categories of sources from which it was collected;
- Our business or commercial purpose for collecting or sharing it;
- The categories of third parties with whom We share it;
- The specific pieces of Personal Information We collected about You; and
- If We disclosed Your Personal Information for a business purpose, the categories of Personal Information each category of recipient obtained.
Deletion request rights. You may request that We delete the Personal Information We collected from You and retained, subject to certain exceptions. Once We receive and confirm Your verifiable request, We (and Our service providers) will delete, de-identify, or anonymize it, unless an exception applies. After deletion, We may not be able to honor outstanding or earned credits, refunds, points, or promotions. We may deny a deletion request where retaining the information is necessary to:
- Complete a transaction or provide a service You requested, or otherwise perform Our contract with You;
- Detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible;
- Debug to identify and repair errors that impair intended functionality;
- Exercise free speech or another right provided by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest, when deletion would seriously impair the research and You previously provided informed consent;
- Enable internal uses reasonably aligned with Your expectations based on Your relationship with Us; or
- Comply with a legal obligation.
How to exercise Your rights. To exercise the access, portability, or deletion rights described above, submit a verifiable consumer request by:
- Emailing privacy@veridia.tech with “Veridia – California Privacy Rights Request” in the subject line; or
- Calling Us at 1-801-797-1310.
Only You, or someone legally authorized to act on Your behalf, may make a verifiable request. You may make a verifiable request for access or data portability twice within a 12-month period. The request must provide enough information to reasonably verify Your identity (or authority) and describe Your request in enough detail for Us to respond. Making a request does not require You to create an account, though if You have one, You can make the request through it. Please do not submit more personally identifiable information than You have already provided to Us.
Response timing and format. We endeavor to respond within 45 days; if We require more time (up to 90 days total), We will inform You in writing of the reason and the extension period. We will deliver Our response electronically. Any disclosures will cover only the 12-month period preceding the request and will explain any reasons We cannot fully comply. For portability requests, We will provide Your Personal Information in a readily usable format that allows You to transmit it without hindrance. We do not charge a fee unless a request is excessive, repetitive, or manifestly unfounded; if We determine a fee is warranted, We will explain why and provide an estimate before proceeding. We will not discriminate against You for exercising any CCPA right, though if You request deletion or anonymization, You may forfeit outstanding or earned credits, refunds, or promotions and will lose access to the Services.
Service provider obligations. To the extent Veridia acts as a Service Provider and You (or Your employer) act as a data controller or processor under applicable law, the following obligations apply. The Personal Data We receive from or on behalf of You will be used only for the business purposes specified in Our agreement. As a Service Provider, We will not:
- Sell or share personal information;
- Retain, use, or disclose personal information for any purpose other than the business purposes specified in Our contract, or as otherwise permitted by applicable privacy law;
- Retain, use, or disclose Personal Data outside the direct business relationship between You and Us;
- Combine Personal Data received from or on behalf of You with Personal Data from another source, except as necessary to perform the specified business purpose and as permitted by applicable regulations; or
- Engage any sub-processor to assist in processing Personal Data without notice to You and without a written contract imposing the same obligations set out in this Policy.
Subject to the terms of any agreement with Us, You may monitor Our compliance with this Policy — including manual reviews, automated scans, and assessments or audits at least once every 12 months. We agree to comply with all other applicable requirements under the CCPA, CPRA, and other relevant privacy regulations to protect the confidentiality of consumer personal information.
Other US State Privacy Rights
Depending on where You live, other US state privacy laws — such as those in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and a growing number of other states — may give You rights similar to those described above for California residents. Subject to the conditions and exemptions in Your state's law, these rights may include:
- Access / know. Confirm whether We process Your Personal Information and request a copy of it.
- Correction. Request that We correct inaccurate Personal Information.
- Deletion. Request that We delete Personal Information We collected from or about You.
- Portability. Obtain a copy of Your Personal Information in a portable, machine-readable format.
- Opt out. Opt out of targeted advertising, the “sale” of Personal Information, and certain profiling. As noted throughout this Policy, Veridia does not sell Personal Information and does not use it for targeted or cross-context behavioral advertising.
- Appeal. Where required by Your state's law, appeal Our decision on Your request. If We deny Your appeal, We will provide information on how to contact Your state attorney general.
Because much of the Data We process consists of onboarding records that We handle as a Service Provider or processor on behalf of Your employer, We will route requests concerning that Data to Your employer, as described under All U.S. Residents above. To exercise any of these rights, contact Us at privacy@veridia.tech or 1-801-797-1310. We will respond within the timeframe required by applicable law (generally 45 days, subject to permitted extensions), and We will not discriminate against You for exercising Your rights.
Contact Us
If You have any questions or complaints regarding this Privacy Policy, please contact Us at:
Veridia Technologies LLC
Attn: Legal Department
1290 N Main Street
Bountiful, UT 84010
Phone: 1-801-797-1310
Email: privacy@veridia.tech
Appendix A — Categories of Personal Information
This appendix describes the categories of Personal Information We may collect, the sources of that information, and the business and commercial purposes for which We use it. It supplements the California and other US state privacy sections above. Whether a given category is collected depends on how You use the Services and on the onboarding requirements set by Your employer (for example, the documents an employer requires in addition to the Form I-9 and Form W-4).
The categories below correspond to those defined in the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
Categories of Personal Information Collected
| Category | Examples | Collected | Sources |
|---|---|---|---|
| A. Identifiers | Real name, alias, postal address, email address, phone number, account name, Social Security number, driver's license or state ID number, passport or immigration document number, IP address, unique device or online identifiers | Yes | You; Your employer (Client/Partner); automatically through Your use of the Services |
| B. California Customer Records information (Cal. Civ. Code § 1798.80(e)) | Name, signature, Social Security number, address, telephone number, employment information, bank account or payment card information, other financial details | Yes | You; Your employer; payment processors |
| C. Protected classification characteristics (under California or federal law) | Citizenship or immigration status, national origin, marital status, age; other characteristics only where an employer's onboarding documents require them | Yes (limited) | You; Your employer |
| D. Commercial information | Records of products or Services purchased or considered; subscription and order history | Yes | You; Your employer |
| E. Biometric information | A selfie / live image compared to the photo on an identity document (face match with liveness detection), used only to verify identity and not stored after verification | Yes (limited) | You (during identity verification) |
| F. Internet or other electronic network activity | Browsing and usage history, interactions with the Sites or Services, device and browser information | Yes | Automatically through Your use of the Services; analytics providers |
| G. Geolocation data | Approximate location derived from IP address; city-level device location | Yes | Automatically through Your use of the Services |
| H. Audio, electronic, visual, or similar information | Customer-support call recordings; uploaded images or documents | Yes (limited) | You; Your employer |
| I. Professional or employment-related information | Current or former employer, job title, work eligibility and onboarding records, tax-withholding information | Yes | You; Your employer |
| J. Non-public education information (FERPA) | Education records maintained by an educational institution | No | — |
| K. Inferences | Preferences and characteristics inferred from the information above, such as interest in Our products | Yes | Derived by Us from the categories above |
Sensitive Personal Information (CPRA)
Because the onboarding process involves federal employment forms, We may collect the following categories of Sensitive Personal Information. We use Sensitive Personal Information only to perform the Services, to comply with legal obligations, and for the other limited purposes permitted by the CCPA/CPRA — not to infer characteristics about You.
| Category | Examples | Collected |
|---|---|---|
| Government identifiers | Social Security number, driver's license, state ID, or passport number (collected via the Form I-9 and Form W-4) | Yes |
| Citizenship or immigration status | Work-authorization and identity documents collected via the Form I-9 | Yes |
| Financial account information | Bank account or payment card details, where required for payroll or payment | Yes (limited) |
| Precise geolocation | Location within a radius of 1,850 feet | No |
| Racial or ethnic origin, religious or philosophical beliefs, or union membership | — | No, unless included in documents an employer requires |
| Health information | Benefits-enrollment or other health-related information, where included in an employer's onboarding documents | Yes (limited) |
| Biometric information | Face match of a selfie to an identity-document photo, with liveness detection — used only to verify identity and not stored after verification | Yes (limited) |
| Genetic, sex life, or sexual orientation data | — | No |
| Contents of mail, email, or text messages not addressed to Us | — | No |
Business and Commercial Purposes
We collect and use the categories above for the business and commercial purposes described in the How We Use Data section of this Policy, including to: provide and operate the Services; complete and process onboarding forms (such as the Form I-9 and Form W-4) and an employer's own company documents; verify identity and work eligibility; process payments; provide customer support; maintain the security and integrity of the Services; comply with legal obligations; and improve the Services.
Disclosure of Personal Information
In the preceding 12 months, We may have disclosed the categories of Personal Information above to the following types of recipients for a business purpose: the employer (Client or Partner) on whose behalf the information is collected; Sub-processors and Third-Party Service Providers (such as hosting, payment, analytics, and support providers); and government agencies, legal or professional advisors, or other parties where required by law. We do not sell Personal Information, and We do not share it for cross-context behavioral advertising.