Your Strategic Decisions Stay Private

At VERIQO AI, executive decisions are confidential. Our privacy-by-design architecture ensures your strategic queries are processed securely and retained only as required by law.

What We Collect

Minimal Personal Data

We collect only the information necessary to operate the service:

  • Account Email: Used for billing, authentication, and essential service communications only

  • Payment Information: Processed via Stripe (PCI-compliant third-party processor). Payment data is NOT stored on our servers

  • Usage Analytics:Anonymous query counts for service optimization (no content analysis or profiling)

What We Do NOT Collect

  • No query storage for marketing or profiling purposes

  • No search history or timing data retention

  • No decision patterns or strategic thinking profiles

  • No third-party data sharing of your queries

Data Retention Policy

Decision Queries and Analysis Outputs

  • Retention Period: 36 months from date of generation

  • Legal Basis: EU AI Act Article 13(2) — mandatory logging and transparency requirements for high-risk AI systems

  • UK GDPR Article 5(2) — accountability principle

  • EU GDPR Article 6(1)(c) — legal obligation to maintain records for regulatory investigations and potential legal claims

  • Rationale: EU and UK civil law limitation periods typically run 3 years. Retention enables defence against regulatory challenges and legal claims while complying with data storage limitation principles.

Audit Logs and Metadata

  • Retention Period: 36 months from date of generation

  • Content: Timestamps, system triggers, decision classifications, and regulatory flags (NOT query content or user identities beyond account ID)

  • Legal Basis: EU AI Act Article 13(2) and UK GDPR Article 5(2)

Payment Data

  • Retention Period: 6 years from transaction date

  • Legal Basis: UK HMRC requirements (Schedule 1, Taxes Management Act 1970) and EU VAT regulations

Anonymised Analytics

  • Retention Period: Indefinite

  • Legal Basis: GDPR Article 6(1)(f) — legitimate interest in product improvement and service optimization

  • Note: Anonymised data cannot identify individuals and is retained separately from personal data.

Your Data Rights Under GDPR and EU AI Act

Decision Queries and Analysis Outputs

  • Retention Period: 36 months from date of generation

  • Legal Basis: EU AI Act Article 13(2) — mandatory logging and transparency requirements for high-risk AI systems

  • UK GDPR Article 5(2) — accountability principle

  • EU GDPR Article 6(1)(c) — legal obligation to maintain records for regulatory investigations and potential legal claims

  • Rationale: EU and UK civil law limitation periods typically run 3 years. Retention enables defence against regulatory challenges and legal claims while complying with data storage limitation principles.

Audit Logs and Metadata

  • Retention Period: 36 months from date of generation

  • Content:Timestamps, system triggers, decision classifications, and regulatory flags (NOT query content or user identities beyond account ID)

  • Legal Basis:EU AI Act Article 13(2) and UK GDPR Article 5(2)

Payment Data

  • Retention Period:6 years from transaction date

  • Legal Basis: UK HMRC requirements (Schedule 1, Taxes Management Act 1970) and EU VAT regulations

Anonymised Analytics

  • Retention Period:Indefinite

  • Legal Basis: GDPR Article 6(1)(f) — legitimate interest in product improvement and service optimization

  • Note: Anonymised data cannot identify individuals and is retained separately from personal data.

Security Measures

  • Enterprise-Grade Encryption: All data in transit (TLS 1.3) and at rest (AES-256)

  • SOC 2 Type II Compliance: Certified security controls and audit procedures

  • Zero-Knowledge Architecture: Our infrastructure and team cannot access query content after processing

  • Access Controls: Role-based access restrictions; only authorised personnel can access audit logs

  • Regular Security Audits: Third-party penetration testing and vulnerability assessments

International Data Transfers

Data Processing Locations

  • Primary processing: United Kingdom

  • Secondary processing: Select infrastructure partners in compliant jurisdictions

Transfer Safeguards

  • UK-IDC Data Bridge: Adequacy decision covering approved transfer jurisdictions

  • Standard Contractual Clauses (SCCs):Module 1 (controller-to-processor) for all third-party processors

  • Encryption: All data encrypted in transit and at rest, ensuring compliance with GDPR Article 32

How We Use AI for Decision Support

System Purpose

VERIQO AI processes your strategic queries through a multi-agent orchestration system to provide board-level decision support across five executive perspectives: Financial, Legal, Strategic, Risk, and Research.

Important Disclaimer

VERIQO AI PROVIDES DECISION SUPPORT ONLY — NOT PROFESSIONAL ADVICE

  • We do NOT provide legal advice. All legal outputs require consultation with SRA/FCA-regulated professionals

  • We do NOT provide financial advice. All financial outputs require consultation with qualified advisors

  • We do NOT provide investment recommendations. All investment analysis requires human review and professional guidance

  • All outputs are AI-generated analysis only and must be validated by qualified professionals before execution

High-Risk AI System Disclosure (EU AI Act Article 13)

Classification

  • WVERIQO AI qualifies as a high-risk AI system under EU AI Act Annex III(5) due to its use in legal and employment decision support contexts.

Mandatory Human Oversight

VERIQO AI NEVER replaces human professional judgment. All outputs require review by qualified professionals before execution. Hard blocks are enforced for:

  • Employment termination decisions

  • Financial promotions (FCA-regulated activities)

  • Data subject rights exercises (GDPR Article 22)

  • Cross-border data transfers outside adequacy frameworks

Transparency Requirements

All outputs include the following mandatory disclaimer:

"AI-GENERATED ANALYSIS ONLY — NOT PROFESSIONAL ADVICEThis analysis is generated by artificial intelligence and is provided for decision support purposes only. It does NOT constitute legal, financial, or investment advice. You MUST consult qualified SRA/FCA-regulated professionals before taking any action based on this analysis. VERIQO AI Ltd bears no liability for decisions executed without proper professional review."

Geographic Scope and Liability

Jurisdiction-Specific Retention

VERIQO AI NEVER replaces human professional judgment. All outputs require review by qualified professionals before execution. Hard blocks are enforced for:

  • EU Users: Subject to EU AI Act and EU GDPR. 36-month retention mandatory

  • UK Users: Subject to UK GDPR and UK AI Framework (voluntary guidance). 36-month retention applied for consistency

  • Non-EU/UK Users: Subject to local laws. Minimum 12-month retention applied globally for liability protection

Liability Limitation

VERIQO AI Ltd's total liability is capped at fees paid by you in the preceding 12 months. No liability applies for decisions executed without consultation with qualified professionals.

Contact and Requests

Data Subject Requests

For data access, deletion, portability, or explanation requests, contact:

Privacy Concerns

If you have concerns about our privacy practices or believe we have violated your rights, you may lodge a complaint with your local data protection authority.

Policy Updates

Data Subject Requests

For data access, deletion, portability, or explanation requests, contact:

  • We may update this policy to reflect changes in law, regulation, or our practices. Material changes will be communicated via email to registered users. Your continued use of VERIQO AI following such updates constitutes acceptance of the revised policy.

End of Privacy Policy

This policy is effective as of February 4, 2026 and supersedes all previous versions.