Privacy Policy

Verilic Pte. Ltd. ("Verilic", "we", "us") is the data controller responsible for personal data collected through the Verilic platform. Our Data Protection Officer can be reached at dpo@verilic.com.

We collect the following categories of personal data:

• Account data: name, email address, phone number, role.
• Business data: company name, industry, Singapore UEN (if provided), business address.
• Document data: compliance document files, extracted metadata (licence numbers, expiry dates, issuer names, holder names).
• Usage data: IP address, browser type, pages visited, timestamps.
• Communications: emails and WhatsApp messages sent by the platform.

Under the PDPA, we collect and use personal data for the following purposes:

• Providing and operating the Platform (contractual necessity).
• Sending compliance reminders and notifications (legitimate interest / consent).
• Account verification and security (legitimate interest).
• Billing and subscription management (contractual necessity).
• Improving our AI extraction features using aggregated, anonymised data (legitimate interest).
• Complying with legal obligations under Singapore law.

We do not sell your personal data. We share data only with:

• Service providers: cloud infrastructure (AWS), email delivery (Postmark/Resend), payment processing (Stripe). These providers are contractually bound to protect your data.
• AI providers: document content may be sent to AI model APIs (Anthropic Claude) for extraction. Data is processed on our behalf and not retained by the AI provider beyond the request.
• Your agency: if your account is managed by an agency on Verilic, the agency can view your compliance documents.
• Law enforcement: where required by applicable Singapore law or a valid court order.

Your data may be processed in servers located outside Singapore (e.g., AWS ap-southeast-1 region is in Singapore; other regions may apply for redundancy). Any cross-border transfer is carried out with adequate safeguards in accordance with the PDPA's Third Schedule requirements.

We retain personal data for as long as your account is active or as necessary to provide services. Upon account termination:

• Document files and metadata are retained for 30 days, then permanently deleted.
• Audit logs are retained for 7 years as required by Singapore accounting and compliance regulations.
• Billing records are retained for 5 years as required by IRAS.

As a Singapore data subject, you have the right to:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Withdrawal of consent: withdraw consent where processing is based on consent (note: withdrawal may affect your ability to use certain features).
• Data portability: request your data in a machine-readable format.

To exercise any of these rights, contact our DPO at dpo@verilic.com. We will respond within 30 days as required by the PDPA.

We use essential cookies for authentication (session tokens stored in secure localStorage). We do not use advertising or cross-site tracking cookies. Analytics are privacy-preserving and aggregated.

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest for sensitive data, access controls, and regular security reviews. All team members with access to personal data are bound by confidentiality obligations.

In the event of a data breach affecting your personal data, we will notify you within 3 days of discovery as required by the PDPA Notification of Data Breaches 2021.

The Platform is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors.

We may update this Privacy Policy from time to time. When material changes are made, we will notify you in-app and require your acknowledgement before you can continue using the Platform.

For privacy questions or to lodge a complaint, contact our Data Protection Officer:

Verilic Pte. Ltd.
Email: dpo@verilic.com

If you are unsatisfied with our response, you may contact the Personal Data Protection Commission (PDPC) of Singapore at www.pdpc.gov.sg.