Legal Agreement

Privacy Policy

Effective: 1 January 2025 · Last updated: 27 December 2024
🔐
No data selling
We never sell your data to advertisers or third parties. Your work history is yours.
👁️
You control visibility
Choose what's public, what's private, and who gets to see your verified Passport.
🗑️
Delete anytime
Close your account and we'll delete your data within 30 days. No questions asked.
Contents
  1. What This Policy Covers
  2. Data We Collect
  3. How We Use Your Data
  4. Verification Data
  5. Third-Party Integrations
  6. Who Can See Your Passport
  7. Data Retention
  8. Cookies and Tracking
  9. Your Rights
  10. Data Transfers
  11. Changes to This Policy
  12. Contact and DPO

1What This Policy Covers

This Privacy Policy explains how LeaDe Technologies Ltd ("Veryfy", "we", "us") collects, uses, and protects your personal data when you use the Veryfy platform — including veryfy.io, the Veryfy mobile app, and embedded badge services.

We are committed to transparency. We don't use dark patterns, we don't sell your data to advertisers, and we give you direct control over who sees your professional record.

GDPR & UK DPA compliance: Veryfy is registered with the UK Information Commissioner's Office (ICO). We are the data controller for all personal data you provide on the platform.

2Data We Collect

We collect the following categories of data:

  • Account data: Name, email, password (hashed), profile photo (optional), and account preferences.
  • Passport data: Work history, role titles, company names, date ranges, artifacts and evidence you upload, skills, and narrative text you write.
  • Verification data: Names and email addresses of individuals you invite to verify your work, plus their responses (confirmed, declined, or no response).
  • Integration data: OAuth tokens and metadata from third-party services you connect (GitHub, LinkedIn, Jira, etc.). We do not store credentials — only the access tokens needed to pull metadata.
  • Usage data: Platform activity logs (page views, feature usage), analytics events (aggregated), and device/browser information (for security and debugging).

We do not collect: full code repositories, document contents, private messages, or any data beyond what is necessary to operate the platform and generate your LeaDe Score.

3How We Use Your Data

We process your data only for the purposes listed below, under the legal bases specified. We do not use your data for any other purpose without your explicit consent.

PurposeLegal Basis
Creating and managing your accountContract performance
Building your Capability PassportContract performance
Processing verification signals from connected platformsContract performance / Consent
Showing your Passport to employers (where public)Legitimate interests / Consent
Sending account notifications and product updatesContract / Legitimate interests
Improving the platform and scoring model (anonymised)Legitimate interests
Complying with legal obligationsLegal obligation

4Verification Data

Verification is central to the Veryfy platform. When you request verification from a manager, peer, or platform integration, the following data is processed:

  • Verifier identity: The name and email of the person you invite to verify. We use this only to send the verification request and record the response. Verifiers' email addresses are not displayed publicly.
  • Verification response: Whether the verifier confirmed, declined, or did not respond, along with a timestamp. No free-text comments from verifiers are stored without explicit consent.
  • Platform signals: When you connect GitHub, Jira, Figma, or other services, we receive metadata (commit counts, file names, sprint IDs) — not the raw content of your code or documents.

Verification data contributes to your LeaDe Score. You may withdraw a verification request at any time before it is confirmed. Confirmed verifications may remain on your Passport unless you delete the associated work entry.

5Third-Party Integrations

When you connect a third-party service (e.g. GitHub, LinkedIn, Figma, Google Workspace, Jira, Notion, Linear, Mixpanel), you authorise us to receive data from that service via OAuth. The specific data we receive depends on the permission scope you approve during connection.

We process this data to:

  • Import evidence into your Passport entries;
  • Assign Platform Pull verification signals;
  • Suggest entry descriptions based on imported metadata.

We do not pass your integration data to any other third party. You can disconnect any integration at any time from your Integrations settings, which revokes our access token. Previously imported evidence is not automatically deleted — you can remove it manually from your Passport.

Each third-party service operates under its own privacy policy. We recommend reviewing their policies before connecting.

6Who Can See Your Passport

Your Capability Passport has two visibility modes, which you control:

  • Public Passport: Visible to anyone with the link, including employers searching the Veryfy talent portal. This includes your name, work entries, skills, verification signals, and LeaDe Score.
  • Private entries: Individual work entries can be marked private. Private entries are visible only to you and never shared with employers or search.

Employer visibility: When an employer views your public Passport, we log the event (employer name, timestamp, pages viewed) and make this available to you in your Analytics dashboard under Profile Visibility.

Employers using the Veryfy talent portal agree to use Passport data only for legitimate hiring purposes and may not download, store, or redistribute it outside the platform.

7Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • Your public Passport is taken offline immediately;
  • Your personal data is deleted from our primary systems within 30 days;
  • Anonymised, aggregated data derived from your usage (e.g. for scoring model improvement) may be retained indefinitely — this data cannot identify you;
  • We may retain certain records for up to 7 years where required by law (e.g. financial records, legal disputes).

Verification records linked to third parties (e.g. a manager who confirmed your work entry) are anonymised upon account deletion — the verifier's name is removed but the verification signal status may be retained for audit purposes.

8Cookies and Tracking

We use a minimal set of cookies necessary to operate the platform:

  • Session cookies: Required to keep you signed in. These expire when you close your browser or after 30 days of inactivity.
  • Preference cookies: Store your UI preferences (e.g. theme, chart period). These are non-essential and can be cleared.
  • Analytics cookies: We use privacy-respecting first-party analytics to understand how features are used. No third-party advertising cookies are used.

We do not use cross-site tracking pixels, advertising networks, or fingerprinting technologies. You can clear all cookies by logging out and clearing your browser storage.

9Your Rights

Under UK GDPR and applicable data protection law, you have the following rights:

  • Right of access: Request a copy of all personal data we hold about you.
  • Right to rectification: Correct inaccurate data at any time (most data is editable directly in your profile).
  • Right to erasure: Request deletion of your account and personal data.
  • Right to portability: Export your Passport data in a structured, machine-readable format (JSON or PDF) from Account Settings.
  • Right to restrict processing: Ask us to pause processing your data in certain circumstances.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact privacy@veryfy.io. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

10Data Transfers

Veryfy's primary infrastructure is hosted in the European Economic Area (EEA). In some cases, data may be processed by sub-processors outside the EEA (e.g. cloud providers with global infrastructure). Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK ICO.

We maintain an up-to-date sub-processor list available on request at privacy@veryfy.io.

11Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and display a notice in the platform at least 14 days before the changes take effect.

Continued use of the platform after the effective date constitutes acceptance of the updated policy. You can always find the current version at veryfy.io/privacy.

12Contact and DPO

For any privacy-related questions, data requests, or complaints:

  • Email: privacy@veryfy.io
  • Data Protection Officer: Taiwo Adeyemi
  • Address: LeaDe Technologies Ltd, 20 Finsbury Street, London, EC2Y 9AQ, United Kingdom

You can also find our full Terms of Service at veryfy.io/terms.