Privacy Policy
Last updated: 14 June 2026
Verifis ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, and your rights in relation to it.
1. Data We Collect
We collect the following information when you sign up for or use our service:
- Contact name and email address
- Company name
- AWS Account ID and IAM role name (provided during onboarding)
- AWS regions you specify for scanning
- Payment information (processed by Stripe, we do not store card details)
2. How We Use Your Data
We use your data solely to provide the Verifis service:
- To perform automated security scans of your AWS account on your plan's schedule (monthly for Startup, weekly for Growth and Compliance)
- To generate and email your PDF security posture report
- To process subscription payments via Stripe
- To communicate with you about your account or service updates
We process your personal data on the following legal bases under UK GDPR:
- Contract performance (Article 6(1)(b)): the majority of processing is necessary to perform the subscription contract you have entered into with us. This includes using your contact details, AWS Account ID, IAM role name, and region list to carry out security scans and deliver your PDF report; and sharing your payment details with Stripe to process subscription charges.
- Legitimate interests (Article 6(1)(f)): we may process your contact details to notify you of material changes to this policy, service updates, or issues affecting your account. We have assessed that our interest in communicating with active customers does not override your privacy rights.
3. AWS Access
Verifis accesses your AWS account using cross-account IAM role assumption. We do not store AWS credentials. The read-only IAM role you provide is used exclusively to perform security checks. You may revoke access at any time by deleting or modifying the IAM role in your AWS account.
4. Third Parties
We share data with the following third-party service providers only as necessary to operate the service:
- Stripe: Payment processing. Stripe's privacy policy applies to payment data.
- Sendgrid: Email delivery of your PDF security report. Sendgrid processes your email address solely to deliver emails on our behalf.
We do not sell your personal data to any third party.
5. Data Retention
Operational data: including your AWS Account ID, IAM role name, regions, scan results, and any integration credentials (Slack, Jira) is deleted within 30 days of cancellation.
Billing and transaction records: including your name, company name, email address, and payment history, are retained for 6 years to comply with our legal obligations under UK tax law, after which they are permanently deleted.
6. Your Rights
Under UK GDPR you have the right to access, correct, or delete your personal data. To exercise any of these rights, contact us at hello@verifis.co.
7. Cookies
We use Umami Analytics for page-view statistics. Umami collects no personal data and sets no cookies; it does not require your consent.
With your consent, we also load third-party advertising and analytics tools that set cookies:
You can accept or decline these cookies using the banner shown on your first visit, or at any time via the Cookie settings link in the page footer. Your preference is stored in your browser's local storage. If you decline, no third-party tracking cookies will be set.
Stripe may set cookies on its hosted payment pages; its cookie policy applies to those pages.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify active customers of material changes by email.
9. Contact
VerifisSuite 167775
PO Box 7169
Poole
BH15 9EL
United Kingdom