Privacy Policy
Last Updated: February 2026
1. Introduction
Welcome to VerisAI.eu (hereinafter "Service"), operated by Belvo s.r.o. (hereinafter "Controller", "we", "us"). We are committed to protecting your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
This Privacy Policy explains what personal data we collect, why we collect it, how long we keep it, and what rights you have in relation to it.
2. Data Controller
3. Data We Collect, Purpose, and Legal Basis
We process personal data only to the extent necessary to provide our AI Visibility Audit services and ensure the security of our platform.
-
Authentication Data (OAuth): When you sign in using Google or Microsoft, we receive your name and email address solely to authenticate your identity and prevent abuse of our diagnostic tools. We do not store your password.
Legal basis: Contract performance (Art. 6(1)(b) GDPR). -
Audit Request Data: When you submit a URL for audit, we process your email address to deliver the audit results, and the submitted URL as the subject of analysis. The URL is a publicly accessible web address and does not constitute personal data in the majority of cases. Where a URL contains personal identifiers, it is processed solely for the purpose of technical analysis.
Legal basis: Contract performance (Art. 6(1)(b) GDPR). -
Lead and Pricing Inquiries: When you submit a pricing or audit request form, we process your name, email address, phone number (if provided), and the URL(s) you submit. This information is used to respond to your inquiry and to deliver the requested service.
Legal basis: Contract performance (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR). -
Technical and Security Data: We process IP addresses and technical logs via Cloudflare Turnstile to verify you are human and to protect the platform against DDoS attacks and automated abuse.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — ensuring network security and fraud prevention.
4. Data Retention
We retain personal data only for as long as necessary for the purpose for which it was collected, in accordance with the GDPR principle of storage limitation (Art. 5(1)(e)).
| Data Category | Retention Period | Reason |
|---|---|---|
| OAuth authentication data (name, email) | Duration of active account + 30 days after deletion request | Service provision; grace period for account recovery |
| Audit request email | 12 months from last activity | Audit delivery and follow-up support |
| Submitted audit URLs | 12 months from audit date | Audit result delivery and service improvement |
| Lead and pricing inquiry data (CRM) | 24 months from last interaction, then deleted or anonymised | Business communication and service follow-up |
| IP addresses and security logs | 90 days | Security monitoring and abuse prevention |
| Cloudflare Turnstile verification data | As per Cloudflare's data retention policy (typically 90 days) | Bot protection and security |
5. Third-Party Processors
We use trusted third-party service providers to operate our Service. All processors are bound by Data Processing Agreements (DPA) in compliance with GDPR Art. 28. Data transfers to third countries are covered by Standard Contractual Clauses (SCC) or equivalent adequacy mechanisms.
- Google LLC (USA/EU): Authentication (Google Sign-In), application hosting (Google Apps Script, Google Drive), and email delivery (Gmail API). Google's DPA and SCCs are available at cloud.google.com/terms/data-processing-addendum.
- Microsoft Corporation (USA/EU): Authentication (Microsoft Entra ID / MSAL). Microsoft's DPA is available at aka.ms/DPA.
- Cloudflare, Inc. (USA/Global): Security, bot protection (Turnstile), and content delivery (CDN). Cloudflare's DPA is available at cloudflare.com/gdpr.
- HubSpot, Inc. (USA/EU): Customer relationship management (CRM). Contact data from audit and pricing inquiries may be stored in HubSpot for service follow-up and communication management. HubSpot's DPA is incorporated into their Customer Terms of Service and is available at legal.hubspot.com/dpa.
6. Cookies and Local Storage
We use only strictly necessary technical mechanisms (Local Storage, Session Cookies) required for:
- Maintaining your sign-in state (OAuth tokens).
- Security verification (Cloudflare Turnstile).
We do not use tracking, analytics, or advertising cookies. No consent banner is required as we use only strictly necessary mechanisms.
7. Web Auditing and Third-Party Websites
Our Service performs automated technical analysis of publicly accessible websites submitted by users. This analysis involves fetching publicly available HTML content, robots.txt files, and metadata from submitted URLs. We do not collect or process any personal data from the websites we audit beyond what is publicly accessible. Audit results are delivered solely to the user who submitted the request.
8. Your Rights
Under GDPR, you have the following rights. To exercise any of them, contact us at contact@verisai.eu. We will respond within 30 days.
- Right of access (Art. 15): Obtain a copy of the personal data we hold about you.
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): Request deletion of your data ("Right to be forgotten").
- Right to restriction (Art. 18): Request that we limit processing of your data.
- Right to object (Art. 21): Object to processing based on legitimate interest.
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
9. Supervisory Authority
If you believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with the supervisory authority in the Czech Republic:
Pplk. Sochora 27
170 00 Praha 7
Česká republika
Tel: +420 234 665 800
E-mail: posta@uoou.cz
Web: www.uoou.cz
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or third-party processors. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact
For any questions about this Privacy Policy or to exercise your rights, contact us at:
Email: contact@verisai.eu