Privacy Policy

The data controller for this website is Thoughtseed, registered at:

WeWork 38/1A, Salarpuria Symbiosis, Arekere Village, Begur Hobli, Bannerghatta Road, Bangalore South, Bangalore, Karnataka 560076, India

You can reach our Data Protection Officer (DPO) at mohan@thoughtseed.space.

We collect only what we need:

• Identification & contact data — name, business email, company, role, country (when you book a demo or contact us).
• Account data — login email, hashed password, authentication tokens (for customers using the platform).
• Usage data — pages visited, referrer, approximate location (country/region from IP), device and browser type, time spent.
• Customer dossier data — documents uploaded by our customers for validation. We process this data strictly on behalf of the customer and under their instructions.
• Cookies & similar technologies — see our Cookie Policy.

We do not knowingly collect data of children under 16. We do not collect special-category data (health, political views, biometrics) through this site.

• Contract (Art. 6(1)(b)) — to provide the iverif.io service to customers, manage accounts and respond to your demo requests.
• Legitimate interest (Art. 6(1)(f)) — to secure the service, prevent abuse, measure aggregate site performance, and contact business prospects who match our ICP.
• Consent (Art. 6(1)(a)) — for non-essential cookies, marketing emails, and product analytics. You can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting and regulatory requirements.

• Operate, secure and improve the iverif.io platform.
• Validate documents in customer dossiers — extraction, cross-checks, validation reports — under the customer's instructions.
• Respond to demo requests, support tickets and commercial enquiries.
• Measure aggregate, anonymised site usage to understand which content is useful.
• Send transactional and (with consent) marketing communications.
• Meet our legal and contractual obligations.

We do not sell personal data, and we do not use customer dossier content to train AI models for any party outside the originating customer.

We share data only with carefully selected processors, all bound by Data Processing Agreements:

• EU cloud infrastructure — hosting, database, object storage (EU regions only).
• AI extraction providers — for document extraction, with EU data residency where available and zero-retention agreements.
• Email & calendar — for transactional email and demo scheduling.
• Analytics — privacy-friendly, EU-hosted analytics (only with cookie consent).
• Authorities — only where strictly required by law and after a written legal review.

A complete sub-processor list is available on request from the DPO.

Personal data of EU/UK individuals processed on the iverif.io platform is stored in the European Union. Where a sub-processor is established outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) and additional safeguards (encryption, access controls, pseudonymisation).

Thoughtseed is established in India. Where company-internal processing requires access from outside the EEA (for example, support engineering), it is performed under SCCs and limited to what is necessary.

• Demo requests & prospect contacts — up to 24 months from the last meaningful interaction.
• Customer accounts — for the duration of the contract plus 12 months, then deleted or anonymised.
• Customer dossier content — retained according to the customer's instructions in the Data Processing Agreement.
• Server logs — up to 90 days for security and abuse prevention.
• Invoicing & tax records — as required by applicable law (typically 7–10 years).

Under the GDPR you have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected;
• have your data erased (“right to be forgotten”);
• restrict or object to processing;
• data portability (receive a machine-readable copy);
• withdraw consent at any time, without affecting prior processing;
• lodge a complaint with a supervisory authority (your local Data Protection Authority).

To exercise any of these rights, email mohan@thoughtseed.space. We respond within 30 days.

We apply industry-standard technical and organisational measures: encryption in transit (TLS 1.2+) and at rest, access controls and least-privilege IAM, segregated environments for each customer, audit logs, vulnerability scanning, secure software development, and a documented incident response process. In the unlikely event of a personal data breach affecting your data, we notify the relevant authority within 72 hours and impacted users without undue delay.

We use a small number of cookies. Strictly necessary cookies are set automatically; analytics and marketing cookies are set only with your consent. See our Cookie Policy for the full list and to change your preferences.

We may update this Privacy Policy. The “Last updated” date at the top reflects the current version. Material changes will be notified by email to customers and via a banner on this site.