Veribl logo
Start free

Privacy Policy

Last updated: March 16, 2026

1. Who We Are

Veribl (“we”, “us”, “our”) operates the Veribl platform at veribl.com and the Veribl dashboard at app.veribl.com. We provide a Digital Product Experience Platform that enables brands to create Digital Product Passports, manage product registrations, and engage consumers through QR-connected product pages.

For the purposes of data protection law, Veribl is the data controller for data we collect about visitors to our website and business users of our platform. When our business customers use Veribl to collect data about their consumers (product registrations, support chats, feedback), Veribl acts as a data processor on behalf of the business customer, who is the controller of that consumer data.

2. Information We Collect

2.1 Business Users (Scout Dashboard)

When you create an account and use our platform, we collect:

  • Account information: name, email address, company name
  • Billing information: processed and stored by Stripe (we do not store full card numbers)
  • Product data you upload: product names, descriptions, images, serial numbers, model numbers, manuals, and warranty terms
  • Brand assets: logos, colors, and custom domain configurations
  • Usage data: features accessed, dashboard interactions, API calls

2.2 Consumer End-Users (Product Pages)

When consumers interact with product pages created by our business customers, the following data may be collected on behalf of the business customer:

  • Product registration data: name, email, phone number (if provided), purchase date, retailer
  • QR scan data: timestamp, approximate location (country/region level from IP), device type
  • Support chat transcripts: messages exchanged with the AI support assistant
  • Feedback and reviews: ratings and comments submitted through product pages
  • Marketing consent: whether the consumer opted in to receive communications from the brand

2.3 Automatically Collected Data

When you visit our website or use our platform, we automatically collect:

  • Device information: browser type, operating system, screen resolution
  • Log data: IP address, access times, pages viewed, referring URL
  • Cookies and similar technologies: as described in Section 5 below

3. How We Use Your Information

3.1 Business Users

  • Provide, maintain, and improve the Veribl platform
  • Process subscriptions and billing through Stripe
  • Send service communications (account updates, security alerts, feature announcements)
  • Generate Digital Product Passports and QR codes
  • Provide analytics and reporting on product engagement
  • Deliver webhook notifications and API services
  • Enforce our Terms of Service and prevent abuse

3.2 Consumer End-Users

Consumer data is processed on behalf of our business customers for:

  • Product registration and warranty management
  • AI-powered customer support via product page chat
  • Sending transactional emails (warranty confirmations, product tips) on behalf of the brand, where the consumer has given consent
  • Aggregated analytics provided to the business customer (scan counts, registration rates)

3.3 Website Visitors

  • Understand how visitors use our website and improve content
  • Analyze traffic patterns and optimize performance
  • Detect and prevent fraud or abuse

4. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Contract performance: processing necessary to provide the Service to business users who have subscribed to our platform
  • Legitimate interest: analytics, security monitoring, and product improvement, where these interests are not overridden by your rights
  • Consent: marketing communications, non-essential cookies, and consumer email marketing (consent managed by the business customer)
  • Legal obligation: where we are required to retain data for tax, regulatory, or compliance purposes

5. Cookies and Tracking

We use a consent-based approach to cookies on our website. When you first visit, only essential cookies are active. Analytics and marketing cookies are not set until you provide consent via our cookie banner.

Essential Cookies

Required for the website and platform to function. These cannot be disabled and include session cookies and authentication tokens for logged-in users.

Analytics Cookies (Consent Required)

We use Google Analytics 4 to understand website usage. Before you consent, GA4 operates in cookieless mode using Google Consent Mode v2, which collects anonymous, aggregated data without storing cookies. After consent, GA4 may set cookies (such as _ga) for more detailed analytics.

Experience Cookies (Consent Required)

We use Microsoft Clarity to understand how visitors interact with our website through session recordings and heatmaps. Clarity only loads after you accept cookies. Clarity does not collect passwords, payment details, or other sensitive form inputs.

You can change your cookie preferences at any time by clearing your browser’s local storage for this site, which will cause the consent banner to reappear.

6. Data Sharing and Sub-Processors

We do not sell your personal data to third parties. We share data only with service providers who process it on our behalf under strict data processing agreements:

ProviderPurposeData Processed
VercelHosting & CDNRequest logs, IP addresses
StripePayment processingBilling & payment information
ResendTransactional email deliveryEmail addresses, email content
OpenAIAI-powered product support chatChat messages, product context
CloudflareDNS, SSL, custom domainsDomain configurations, request metadata
Google AnalyticsWebsite analyticsUsage data (with consent)
Microsoft ClaritySession replay & heatmapsInteraction data (with consent)

7. International Data Transfers

Our primary infrastructure is hosted within the European Union. Some of our sub-processors (such as OpenAI, Vercel, and Stripe) may process data in the United States. Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the EU-US Data Privacy Framework where applicable.

8. Data Retention

  • Business accounts: retained for the duration of your subscription. Upon account deletion, personal data is removed within 30 days. Billing records are retained for 7 years as required by tax law.
  • Consumer data: retained for as long as the business customer’s account is active. Business customers can delete individual consumer records at any time via the Veribl dashboard.
  • Analytics data: aggregated analytics are retained indefinitely. Raw event data is retained for 14 months.
  • Support chat logs: retained for 12 months, then automatically deleted.

9. Your Rights

Under the GDPR (EU/EEA Residents)

You have the right to:

  • Access your personal data and obtain a copy
  • Rectify inaccurate or incomplete data
  • Erase your data (“right to be forgotten”)
  • Restrict processing in certain circumstances
  • Data portability — receive your data in a machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with your local data protection authority

Under the CCPA (California Residents)

California residents have the right to:

  • Know what personal information is collected and how it is used
  • Request deletion of personal information
  • Opt out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your rights

For Consumer End-Users

If you are a consumer who interacted with a product page created by one of our business customers, please direct data access, correction, or deletion requests to the brand that created the product page. They are the data controller for your information. You can also use the unsubscribe link in any marketing email to stop receiving communications.

10. AI-Powered Features

Our platform includes an AI-powered support chat on product pages. Chat messages are sent to OpenAI for processing and are not used to train AI models. The AI assistant responds based on product documentation and information provided by the business customer. We recommend that consumers do not share sensitive personal information (financial details, government IDs) in chat conversations.

11. Children’s Privacy

Our platform is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

12. Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest
  • Role-based access controls and company-scoped data isolation
  • HMAC-SHA256 signed webhooks for secure data delivery
  • Regular security reviews and dependency updates
  • Secure authentication via NextAuth with session management

No system is 100% secure. If you discover a security vulnerability, please report it to [email protected].

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify business users of material changes via email. The “Last updated” date at the top of this page indicates when this policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions, data requests, or to exercise your rights, contact us at [email protected].