Skip to content

Privacy Statement

Last updated: May 26, 2026

Article 1. Introduction

This website and associated online web application (collectively referred to as "Service") are owned and operated by VerifyPDF LLC, a limited liability company registered in the State of New Mexico, United States of America, with a registered address at 5203 Juan Tabo Blvd STE 2B, Albuquerque, New Mexico 87111, along with its subsidiaries (collectively referred to as "VerifyPDF", "we", or "us"). At VerifyPDF we understand that your privacy is important, and we are committed to protecting your personal data. This Privacy Statement explains how we collect, use, and share your personal information in accordance with the General Data Protection Regulation ("GDPR").

By using the Service, you agree to this Privacy Statement. If you do not agree with this Privacy Statement, you may not use the Service.

Article 2. Information We Process

We process personal information of users who utilize the Service, and we host documents on our servers that contain sensitive private information, including but not limited to bank statements, payslips, tax returns, W-2s and 1099s. This data may include names, contact details, financial information and other personal identifiers.

Article 3. Grounds for Data Processing

We process personal data under the following legal grounds:

  • Contractual Necessity: We process personal data as necessary to provide the Service, including managing your registration, allowing you to use the Service and sending tailored communications.
  • Legitimate Interest: We process personal data for our legitimate business interests, such as statistical analysis and to fight document fraud. Specifically, we use data to assess the risk of document fraud, which benefits our clients by reducing their exposure to fraudulent activities.
  • Consent: In cases where we need specific consent, we will ask for it separately.

Article 4. How We Use Your Data

We use your personal data for various purposes such as providing you access to and send you communications relating to the Service. We may use anonymized data for statistical analysis to improve the Service. We use your data to safeguard and assist you in detecting and preventing document fraud and ensuring the security of our systems.

Article 5. Data Protection

Your data is important to us and we take our role in protecting it very seriously. We are committed to implementing robust security measures and practices to ensure the confidentiality, integrity and availability of our services and your data. Our data environments are hosted within Amazon Web Services ("AWS") in the European Union and are exclusively accessed by EU-based engineers. We ensure no data traverses the internet without industry-standard encryption.

We stay up to date with the latest security patches and are vigilant about system vulnerabilities. We continuously monitor our systems for any potential weaknesses. When vulnerabilities are detected, we act promptly to apply necessary countermeasures. To minimize risks associated with traditional IT infrastructure management, we leverage serverless computing capabilities. Our serverless deployments are automated, further reducing human error and potential exposure points.

In line with the principle of least privilege, we restrict access to data and systems only to those who require it for their specific roles. This targeted approach to data access ensures that only authorized personnel have access to sensitive information. We have strong access control procedures in place to oversee who can access our systems and data. As part of these measures, all of the VerifyPDF staff uses 2-factor authentication to provide an additional layer of security, making it significantly more challenging for unauthorized individuals to gain access.

Article 6. Data Sharing

We do not sell your personal data. We share personal data only with the service providers we engage to operate the Service and only to the extent necessary for them to perform their role. The current list of approved subprocessors is set out in Schedule 3 of our Data Processing Addendum and currently comprises Amazon Web Services (document storage, database, transactional email, all hosted in the EU) and Stripe (subscription billing, EU billing entity). We have appropriate data processing agreements in place with each subprocessor to ensure GDPR-equivalent protection. We may also share personal data where required by law.

Article 7. Data Retention

We apply different retention periods to different categories of personal data:

  • Uploaded documents and personal data extracted from them: retained for a maximum of ninety (90) days from upload, after which they are deleted from primary and backup storage.
  • Account and billing data: retained for the duration of the Service and for up to seven (7) years after termination, to the extent required by tax and accounting law applicable to VerifyPDF.
  • Security and operational logs: retained for up to twelve (12) months for security monitoring, incident response and audit purposes, after which they are deleted or anonymised.
  • Unstructured business correspondence (such as email and contact-form submissions): retained for up to five (5) years for record-keeping and legal-compliance purposes.

We may also retain certain data on an anonymised basis for research and development purposes; anonymised data cannot be linked back to specific individuals. Retention periods may be subject to change as required by law or our legitimate business interests.

Article 8. Data Processing Agreement

Because VerifyPDF makes it possible to store and use data, we are regarded as a processor and we will process the personal data in a careful manner. Our Data Processing Addendum defines how we process and protect personal data on your behalf, lists our approved subprocessors and incorporates the EU Standard Contractual Clauses where applicable. The DPA forms an integral part of our Terms of Service and applies automatically to all customers processing personal data of EU, EEA, UK or Swiss data subjects through the Service. A counter-signed copy is available on request from [email protected].

Article 9. Your Rights

Under GDPR, you have the right to access, rectify, erase, restrict, port and object to the processing of your personal data. To exercise any of these rights or in case of questions or concerns regarding this Privacy Statement or the processing of your personal data, please contact our Data Protection Officer ([email protected]).

Article 10. Updates to This Statement

We may update this Privacy Statement periodically to reflect changes in our practices or applicable laws. We will make reasonable efforts to notify you of significant changes via email or through the Service. Please review this statement regularly to stay informed about how we handle personal data.