Privacy Policy

1. Introduction

Veritaport Limited ("we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, store, and protect your data when you use our products and services — including VeriGo and CivicOS (collectively, the "Services").
We comply with the UK GDPR, EU GDPR, and all applicable data protection laws. By using our Services, you consent to the practices described in this Policy.

2. Information We Collect

2.1 Personal Information (VeriGo Users)

We collect only the information necessary to provide and improve your experience:

• Account Information: Name, email address, and authentication credentials
• Profile Data: Optional preferences such as travel mode or eco-score goals
• Usage Data: App interactions, mobility patterns, challenge progress, and rewards participation
• Device Data: IP address, operating system, and device type
• Communications: Feedback, customer support queries, and email correspondence

We do not collect unnecessary personal identifiers such as government IDs or sensitive biometrics.

2.2 Institutional and Sensor Data (CivicOS Clients)

CivicOS processes aggregated, anonymized data from third-party sensors (e.g., VivaCity Labs) and other infrastructure sources. This data may include:

• Traffic flow counts and congestion levels
• Pedestrian and cyclist activity metrics
• Incident or crossing data used for safety analytics
• Environmental metrics such as vehicle density or emission zones

This data cannot identify individuals and is used solely for analytical and reporting purposes by authorized institutional clients (e.g., councils or transport authorities).

2.3 Automatically Collected Data

For all platforms, we may collect technical information to maintain system health:

• Browser and app version
• Session duration and feature performance
• Crash logs and response times
• Security events or access anomalies

This helps us ensure reliability, diagnose issues, and enhance user experience.

3. How We Use Your Information

We process your data strictly for legitimate and transparent purposes, including:

• Operating and maintaining the Services
• Providing personalized recommendations and insights
• Supporting user accounts and resolving technical issues
• Processing payments and managing subscriptions
• Conducting anonymized analytics for service improvement
• Ensuring security, detecting fraud, and maintaining compliance
• Communicating product updates or critical announcements

We never use your data for advertising or resale to third parties.

4. Data Sharing and Disclosure

We do not sell, rent, or trade personal data. Data sharing is limited to the following cases:

• Service Providers: Trusted partners providing cloud hosting, payment processing, or analytics (all bound by confidentiality and data-processing agreements)
• Legal Requirements: When required by applicable law or in response to lawful requests
• Business Transfers: In case of a merger, acquisition, or asset sale, your data will remain protected under equivalent terms
• Explicit Consent: When you authorize sharing for a defined purpose (e.g., third-party rewards integration in VeriGo)

All transfers comply with GDPR and relevant international safeguards.

5. Data Security

We employ industry-standard security practices to safeguard your information:

• Encryption in transit (TLS) and at rest
• Secure cloud infrastructure with regular penetration testing
• Role-based access control (RBAC) and authentication policies
• Routine vulnerability assessments and staff training
• Continuous monitoring and anomaly detection

In the unlikely event of a data breach, we will notify affected parties and relevant authorities as required by law.

6. Your Rights and Choices

Under GDPR and applicable laws, you have the following rights:

• Access: Obtain a copy of your personal data
• Rectification: Correct inaccurate or incomplete information
• Erasure (“Right to be Forgotten”): Request deletion of your data
• Portability: Receive data in a structured, machine-readable format
• Restriction: Request limited processing in certain situations
• Objection: Object to processing based on legitimate interests
• Withdrawal: Withdraw consent at any time (without affecting prior lawful processing)

You can exercise these rights by contacting our Data Protection Officer (see Section 12).

7. Account Deletion and Data Retention

7.1 Account Deletion (VeriGo Users)

You can delete your account at any time through the in-app settings or by contacting support. Upon deletion:

• Your account will be deactivated within 24 hours
• All personal data will be permanently deleted within 30 days
• Any linked rewards or progress data will be irretrievably removed

7.2 Data Retention (CivicOS Clients and System Data)

• Institutional analytics: retained in aggregated, anonymized form only
• Billing and financial records: 7 years (legal requirement)
• Support communications: 3 years for service quality tracking
• Technical logs: up to 12 months, then anonymized or deleted

We retain the minimum amount necessary to meet legal or operational obligations.

8. International Data Transfers

Your data may be processed in the United Kingdom, European Economic Area (EEA), or trusted third countries.
We ensure protection through:

• Standard Contractual Clauses (SCCs) approved by the EU/UK authorities
• Adequacy decisions where applicable
• Vendor due-diligence and ongoing compliance checks

9. Cookies and Tracking Technologies

We use minimal cookies and tracking tools, only where necessary:

• Essential Cookies: Enable login and platform functionality
• Analytics Cookies: Measure performance and usage (only with consent)
• Preference Cookies: Save user settings and display options
• Security Cookies: Prevent abuse and unauthorized access

You can adjust cookie settings through your browser or device preferences.

10. Children's Privacy

Our Services are not directed to individuals under 16. We do not knowingly collect personal data from minors.
If you believe a child has provided personal data, contact us immediately — we will take prompt steps to delete it.

11. Changes to This Privacy Policy

We may update this Policy periodically to reflect operational or legal changes.
You will be notified via:

• Updated version posted on our website or in-app
• Email or in-app notice for material changes
• Revised "Last updated" date above

Continued use of our Services after such updates constitutes acceptance of the revised Policy.

12. Contact Information

For privacy inquiries, data requests, or GDPR rights: