PRIVACY POLICY

Vertesia's privacy policy

Effective Date: May 22, 2026 | Last Updated: May 22, 2026

This Privacy Policy describes how Vertesia, Inc. ("Vertesia," "we," "us," or "our") collects, uses, and shares information about you when you visit our website at vertesiahq.com, use our products and services, or otherwise interact with us. Please read this policy carefully. If you disagree with its terms, please stop using our Services.

Questions or concerns? Submit the data subject access request form or refer to the "How Can You Contact Us?" section at the bottom of this page.

Table of Contents

  1. What Information Do We Collect?
  2. How Do We Process Your Information?
  3. When and With Whom Do We Share Your Personal Information?
  4. Do We Use Cookies and Other Tracking Technologies?
  5. How Long Do We Keep Your Information?
  6. How Do We Keep Your Information Safe?
  7. Do We Collect Information from Minors?
  8. What Are Your Privacy Rights?
  9. Controls for Do-Not-Track Features
  10. Do United States Residents Have Specific Privacy Rights?
  11. Information for International and EEA/UK Residents
  12. Do We Make Updates to This Policy?
  13. How Can You Contact Us?
  14. How Can You Review, Update, or Delete Your Data?

1. What Information Do We Collect?

In Short: We collect personal information that you provide to us, information collected automatically when you use our Services, and, in some cases, information from third-party sources.

Personal Information You Provide to Us

We collect personal information that you voluntarily provide when you:

  • Register for an account or our Services
  • Express interest in our products or services
  • Submit a contact or inquiry form
  • Participate in events, webinars, or surveys
  • Reach out to our customer support team
  • Apply for a job or partnership opportunity
Categories of Personal Information We Collect

Category

Examples

Collected

Shared with Certified Partners

A. Identifiers

Name, alias, postal address, phone number, email address, IP address, account name

Yes

Yes — for in-region support (see Certified Partners)

B. California Customer Records

Name, contact information, employment, financial information

No

No

C. Protected classification characteristics

Gender, date of birth

No

No

D. Commercial information

Transaction history, purchase details, financial data

No

No

E. Biometric information

Fingerprints, voiceprints

No

No

F. Internet/network activity

Browsing history, search history, interactions with our site

No

No

G. Geolocation data

Device location

No

No

H. Audio, electronic, or visual data

Images, audio/video recordings

No

No

I. Professional/employment information

Job title, work history, professional qualifications

No

No

J. Education information

Student records, directory information

No

No

K. Inferences

Profiles built from any of the above

No

No

L. Sensitive personal information

N/A

No

No
Additional Information We May Collect

We may also collect information outside these categories when you interact with us:

  • Through customer support channels
  • During participation in contests or surveys
  • In the course of delivering our Services or responding to your inquiries
  • At in-person events or through phone or mail
Information Collected Automatically

When you visit our website or use our Services, we automatically collect certain technical information, including:

  • Log data — IP address, browser type, operating system, referring URLs, pages visited, and timestamps
  • Device data — Device identifiers, screen resolution, and language settings
  • Usage data — Clickstream data, feature usage patterns, and session duration
  • Cookie data — See the Cookies and Tracking Technologies section for full details

This data is collected primarily through cookies, web beacons, and similar tracking technologies. It helps us maintain security, analyze trends, and improve our Services.

2. How Do We Process Your Information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, ensure security, prevent fraud, and comply with law. We may also process your information with your consent for other purposes.

We process your personal information for the following reasons:

Service Delivery and Account Management
  • To create and manage your account
  • To deliver the products, features, and Services you request
  • To fulfill and manage orders, payments, and subscriptions
  • To provide technical and customer support
Communication
  • To respond to your inquiries, comments, and feedback
  • To send administrative messages (e.g., account updates, security alerts)
  • To send marketing and promotional communications, where you have opted in or where permitted by law
  • To share information about our Services, events, and partner offerings
Business Operations and Improvement
  • To understand how our Services are used and improve them
  • To conduct internal analytics, research, and product development
  • To monitor and analyze usage and activity trends
  • To personalize your experience
Safety, Security, and Legal Compliance
  • To detect, prevent, and investigate fraud, abuse, or security incidents
  • To verify identity and prevent unauthorized access
  • To comply with applicable laws, regulations, and legal processes
  • To enforce our Terms of Service and other agreements
  • To protect the rights, property, and safety of Vertesia, our users, and the public

3. When and With Whom Do We Share Your Personal Information?

In Short: We may share your information in specific situations and with specific categories of third parties, including our Certified Partners who provide in-region support to prospects and customers.

We share personal information only as described below. We do not sell personal information to third parties for monetary consideration.

Certified Partners
Who Are Our Certified Partners?

Vertesia maintains a network of Certified Partners that have completed Vertesia's formal certification program, executed a binding Data Processing Agreement (DPA), and are authorized to represent, resell, and support Vertesia products and services within designated geographic regions.

Certified Partners are contractually required to:

  • Process your personal information solely for the regional support purposes described in this section
  • Maintain technical and organizational security measures appropriate to the risk
  • Comply with applicable data protection laws in their jurisdiction (including GDPR where applicable)
  • Promptly notify Vertesia of any breach or unauthorized access involving your data
  • Delete or return your personal information upon request or upon termination of the partner relationship
  • Refrain from disclosing your information to any sub-processor without Vertesia's prior written approval
What Information Do We Share with Certified Partners?

When you express interest in our Services, submit a contact form, register for an event, or engage with our sales or support team, we may share the following contact information with the Certified Partner assigned to your region:

  • Full name
  • Business email address
  • Company name and job title
  • Phone number (if provided)
  • Country, state, or region (as provided or reasonably inferred from your interaction)
  • General topic of interest or product inquiry

We do not share sensitive personal information, financial data, account credentials, or usage data with Certified Partners.

Why Do We Share This Information?

Sharing your contact information with Certified Partners is limited to the following purposes:

  • In-region sales support — Connecting you with a local representative who understands regional business requirements, communicates in your language, and responds within your time zone
  • In-region customer support — Providing ongoing technical and account support through a locally authorized partner for existing customers
  • Event coordination — Facilitating attendance or follow-up for regional events, webinars, or training sessions

This sharing is not a "sale" of personal information under the CCPA, CPA, CTDPA, UCPA, VCDPA, or other applicable privacy laws, as no monetary consideration is exchanged for your personal information.

How Is Regional Assignment Determined?

Regional assignment is based on one or more of the following:

  • The country or region you identify in a form or account profile
  • The regional domain or IP address associated with your interaction
  • The language preferences indicated during your engagement with us

We assign contacts to the Certified Partner that best serves your location to ensure timely and contextually relevant support.

Your Opt-Out Rights for Certified Partner Sharing

You may opt out of having your contact information shared with Certified Partners at any time by:

Upon receipt of a valid opt-out request, we will notify the relevant Certified Partner(s) to cease further processing of your data for this purpose, and we will suppress your record from future partner sharing. Opt-out requests are honored within 15 business days.

Other Sharing Scenarios

Business Transfers

We may share or transfer your information in connection with — or during negotiations of — a merger, acquisition, sale of company assets, financing, or dissolution of our company. We will notify you via prominent notice on our website if such a transfer occurs and your data is subject to a different privacy policy.

Legal Obligations and Protection of Rights

We may disclose your personal information if we believe disclosure is necessary to:

  • Comply with a legal obligation, court order, or government request
  • Enforce our Terms of Service or other agreements
  • Protect the rights, property, or safety of Vertesia, our users, or the public
  • Detect or prevent fraud, security breaches, or illegal activity
Service Providers

We share information with third-party vendors and service providers that perform services on our behalf, such as:

  • Cloud hosting and infrastructure providers
  • Analytics and monitoring platforms
  • Customer relationship management (CRM) tools
  • Email and communication platforms
  • Payment processing providers
  • Event and webinar platforms

Each service provider is bound by a written contract restricting their use of your data to the specific services they provide to us.

With Your Consent

We may share your information with other third parties when you have given us explicit consent to do so.

4. Do We Use Cookies and Other Tracking Technologies?

In Short: We may use cookies and similar tracking technologies to collect and store information about how you interact with our Services.

We use cookies, web beacons, pixels, and similar technologies to:

  • Keep you logged in and remember your preferences
  • Understand how visitors use our website
  • Measure the effectiveness of our marketing campaigns
  • Provide a personalized experience
Types of Cookies We Use

Type

Purpose

Essential cookies

Required for the website to function; cannot be disabled

Preference cookies

Remember your settings and choices (e.g., language, region)

Analytics cookies

Help us understand how visitors interact with our site

Marketing cookies

Track visits across websites to deliver relevant advertising

You can control cookie settings through your browser preferences or a cookie consent manager where provided on our site. Note that disabling certain cookies may impact your ability to use some features of our Services.

5. How Long Do We Keep Your Information?

In Short: We retain your personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law.

Retention by Data Category

Category

Retention Period

Account information (Category A)

For the duration of your account, plus a reasonable wind-down period

Contact inquiries and leads

Up to 3 years from last interaction, unless you opt out or request deletion earlier

Certified Partner shared data

Partners are required to retain only as long as necessary for in-region support purposes, and must delete or de-identify your data upon your opt-out, upon your account deletion request, or upon termination of the partner relationship — whichever occurs first

Legal and compliance records

As required by applicable law

Anonymized/aggregated data

Indefinitely (as it can no longer identify you)

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it. If immediate deletion is not possible (e.g., data stored in backup archives), we will securely store it and isolate it from further processing until deletion is possible.

6. How Do We Keep Your Information Safe?

In Short: We implement appropriate technical and organizational security measures to protect your personal information. However, no electronic transmission or storage system is 100% secure.

We use industry-standard security practices including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls limiting data access to authorized personnel only
  • Regular security assessments and vulnerability testing
  • Incident response procedures to detect, report, and respond to data breaches
  • Vendor security reviews for all third-party service providers and Certified Partners

Despite our safeguards, please be aware that transmitting information over the internet carries inherent risks. You should access our Services only within a secure environment and contact us immediately if you believe your account has been compromised.

7. Do We Collect Information from Minors?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

Our Services are not directed at individuals under the age of 18. We do not knowingly solicit data from or market to minors. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please submit the data subject access request form and we will promptly delete the information.

California Minors

If you are under 18 years of age, reside in California, and have a registered account with our Services, you have the right to request removal of any unwanted data that you publicly post on the Services. To make such a request, please contact us using the information in the How Can You Contact Us? section and include your email address and a statement that you reside in California. We will ensure the data is not publicly displayed, though it may not be completely removed from all systems (e.g., backups).

8. What Are Your Privacy Rights?

In Short: Depending on your location, you may have rights regarding access to and control over your personal information.

General Rights Available to All Users

Regardless of where you are located, you may:

  • Access the personal information we hold about you
  • Correct inaccurate or outdated information
  • Request deletion of your personal information, subject to legal retention requirements
  • Opt out of marketing communications at any time by clicking "unsubscribe" in any email
  • Opt out of sharing your contact information with Certified Partners (see Certified Partners)

To exercise any of these rights, submit the data subject access request form.

Additional rights for US state residents are described in Section 10. Additional rights for EEA and UK residents are described in Section 11.

Account Settings

If you have registered an account with us, you may review or change your account information by logging in to your account settings. Upon your request to terminate your account, we will deactivate or delete your account and personal information in accordance with our retention policy, except where we are required by law to retain certain information.

9. Controls for Do-Not-Track Features

In Short: We do not currently respond to Do-Not-Track signals, as no industry standard has been finalized.

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature that signals your preference not to have your browsing activity tracked. At this time, no uniform technology standard for recognizing and implementing DNT signals has been finalized by the relevant standards bodies. As a result, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates a choice not to be tracked online.

If a DNT standard is adopted in the future that we are required to follow, we will update this Privacy Policy to reflect that practice.

Some US state privacy laws (such as those in California, Colorado, Connecticut, and others) grant residents the right to opt out of certain "targeted advertising" or "profiling" using personal data. See Section 10 for details on how to exercise these rights in your state.

10. Do United States Residents Have Specific Privacy Rights?

In Short: If you are a resident of California, Colorado, Connecticut, Utah, or Virginia, you are granted specific rights regarding access to and control over your personal information.

California Residents
CCPA / CPRA Privacy Notice

This section applies only to California residents and is provided pursuant to the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

What Personal Information Do We Collect and Share?

We have collected the following categories of personal information in the past twelve (12) months:

Category

Examples

Collected

Disclosed for Business Purpose

A. Identifiers

Name, email, phone, postal address, IP address, account name

Yes

Yes — with Certified Partners for in-region support

B. California Customer Records

Name, contact info, employment, financial info

No

No

C. Protected classifications

Gender, date of birth

No

No

D. Commercial information

Transaction history, purchase details

No

No

E. Biometric information

Fingerprints, voiceprints

No

No

F. Internet/network activity

Browsing/search history, online behavior

No

No

G. Geolocation data

Device location

No

No

H. Audio, electronic, or visual data

Images, recordings

No

No

I. Professional/employment info

Job title, work history

No

No

J. Education information

Student records

No

No

K. Inferences

Profiles from any collected data

No

No

L. Sensitive personal information

N/A

No

No
Disclosures to Certified Partners

We share Category A (Identifiers) — specifically contact details such as name, email address, company name, job title, phone number, and region — with our Certified Partners for the business purpose of providing in-region sales and customer support. This sharing is not a "sale" of personal information and is not used for targeted advertising on behalf of the partner. Certified Partners may contact you solely regarding Vertesia products and services.

We Do Not Sell Your Personal Information

We have not sold personal information to third parties for monetary consideration in the preceding twelve (12) months, and we do not intend to do so. We do not share personal information with third parties for cross-context behavioral advertising purposes.

Shine the Light

California Civil Code Section 1798.83 ("Shine The Light") permits California residents to request, once per year and free of charge, information about categories of personal information (if any) we disclosed to third parties for their own direct marketing purposes. Vertesia does not disclose personal information to third parties for their own direct marketing purposes. Sharing with Certified Partners is limited to enabling those partners to provide Vertesia-related support and services to you directly — it does not authorize partners to market their own unrelated products to you.

Your CCPA Rights
  • Right to Know — You may request information about the categories and specific pieces of personal information we have collected, used, disclosed, or sold.
  • Right to Delete — You may request that we delete your personal information, subject to certain legal exceptions.
  • Right to Correct — You may request that we correct inaccurate personal information we maintain about you.
  • Right to Opt Out of Certified Partner Sharing — You may opt out of the sharing of your contact information with Certified Partners at any time (see Certified Partners).
  • Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.
  • Right to Limit Use of Sensitive Personal Information — We do not process sensitive personal information as defined under CCPA/CPRA.
How to Submit a CCPA Request

To exercise any of the above rights, you may email us at submit the data subject access request form

We will verify your identity before processing your request and will respond within 45 days, with a possible 45-day extension when reasonably necessary.

You may designate an authorized agent to submit a request on your behalf. We may require proof of authorization and may verify your identity directly.

Colorado Residents

This section applies only to Colorado residents under the Colorado Privacy Act (CPA).

Your CPA Rights
  • Right to be informed whether we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request deletion of your personal data
  • Right to obtain a portable copy of the personal data you previously shared with us
  • Right to opt out of processing for targeted advertising, sale of personal data, or profiling for decisions with legal or similarly significant effects
  • Right to opt out of sharing your contact information with Certified Partners for in-region support purposes
How to Submit a Request

Submit the data subject access request form.

If we decline your request and you wish to appeal, email us at contact@vertesiahq.com. We will respond to your appeal within 45 days and provide a written explanation of our decision.

Connecticut Residents

This section applies only to Connecticut residents under the Connecticut Data Privacy Act (CTDPA).

Your CTDPA Rights
  • Right to be informed whether we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request deletion of your personal data
  • Right to obtain a portable copy of the personal data you previously shared with us
  • Right to opt out of processing for targeted advertising, sale of personal data, or profiling
  • Right to opt out of sharing your contact information with Certified Partners for in-region support purposes
How to Submit a Request

Submit the data subject access request form

If we decline your request and you wish to appeal, email us at contact@vertesiahq.com. We will respond within 60 days with a written explanation.

Utah Residents

This section applies only to Utah residents under the Utah Consumer Privacy Act (UCPA).

Your UCPA Rights
  • Right to be informed whether we are processing your personal data
  • Right to access your personal data
  • Right to request deletion of your personal data
  • Right to obtain a portable copy of the personal data you previously shared with us
  • Right to opt out of processing for targeted advertising or sale of personal data
  • Right to opt out of sharing your contact information with Certified Partners for in-region support purposes
How to Submit a Request
Submit the data subject access request form.
Virginia Residents

This section applies only to Virginia residents under the Virginia Consumer Data Protection Act (VCDPA).

Definitions
  • "Consumer" means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.
  • "Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. It does not include de-identified data or publicly available information.
  • "Sale of personal data" means the exchange of personal data for monetary consideration. We do not sell personal data.
Your VCDPA Rights
  • Right to be informed whether we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request deletion of your personal data
  • Right to obtain a portable copy of the personal data you previously shared with us
  • Right to opt out of processing for targeted advertising, sale of personal data, or profiling
  • Right to opt out of sharing your contact information with Certified Partners for in-region support purposes
How to Submit a Request

Submit the data subject access request form

If we decline your request and you wish to appeal, email us at contact@vertesiahq.com. We will respond within 60 days. If your appeal is denied, you may contact the Virginia Attorney General to file a complaint.

Verification Process

Upon receiving your request, we will verify your identity by asking you to confirm information we already have on file. We will use information provided in your request solely for identity verification. If we cannot verify your identity through existing records, we may request additional information for security and fraud-prevention purposes, which will be deleted once verification is complete.

11. Information for International and EEA/UK Residents

In Short: If you are located outside the United States — including in the European Economic Area (EEA), United Kingdom (UK), or other international regions — this section describes your additional rights and how we lawfully process and transfer your data.

Data Controller

Vertesia, Inc. is the data controller for personal information collected through our websites and Services. Our contact details are provided in the "How Can You Contact Us?" section below.

Lawful Basis for Processing

Where the GDPR or UK GDPR applies to our processing of your personal information, we rely on the following legal bases:

Purpose

Legal Basis

Providing the Services you requested

Contract (Art. 6(1)(b)) — processing is necessary to perform our agreement with you

Sharing with Certified Partners for in-region support

Legitimate interests (Art. 6(1)(f)) — connecting you with local experts who serve your needs, balanced against your right to object and opt out

Sending marketing communications

Consent (Art. 6(1)(a)) — you may withdraw consent at any time

Complying with legal obligations

Legal obligation (Art. 6(1)(c))

Fraud prevention and security

Legitimate interests (Art. 6(1)(f))
Legitimate Interest Assessment — Certified Partner Sharing

For the sharing of contact information with Certified Partners, our legitimate interest is to provide you with timely, locally knowledgeable support from partners who understand your regional business environment, language, and time zone. We have assessed that this interest:

  • Is genuine — localized support meaningfully improves customer and prospect experience
  • Is necessary — it cannot be achieved equally well by Vertesia alone given our global reach
  • Does not override your interests — the scope of data shared is limited, partners are contractually bound, and you retain the right to object or opt out at any time with no negative consequence

If you wish to exercise your right to object to processing based on legitimate interests, see your rights below.

International Data Transfers

Your personal information may be transferred to and processed in countries outside of your own, including the United States. When transferring data from the EEA or UK to countries not recognized as providing an adequate level of data protection, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission (for EEA transfers)
  • UK International Data Transfer Agreements (IDTAs) (for UK transfers)
  • Adequacy decisions where applicable

When sharing data with Certified Partners in other jurisdictions, we require that appropriate transfer mechanisms be in place before any data is transferred.

Your Rights Under GDPR and UK GDPR

If you are located in the EEA or UK, you have the following rights:

  • Right of access — Request a copy of the personal data we hold about you
  • Right to rectification — Request correction of inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") — Request deletion of your personal data where we have no overriding legal basis to retain it
  • Right to restriction of processing — Request that we limit how we process your data in certain circumstances
  • Right to data portability — Receive your personal data in a structured, commonly used, machine-readable format
  • Right to object — Object to processing based on legitimate interests, including sharing with Certified Partners; we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests
  • Right to withdraw consent — Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
  • Rights related to automated decision-making — We do not make decisions solely based on automated processing that produces legal or similarly significant effects
How to Exercise Your Rights

Submit the data subject access request form. We will respond within 30 days, with a possible 60-day extension for complex or numerous requests (we will notify you of any extension and the reason).

You also have the right to lodge a complaint with your local supervisory authority, such as:

  • European Union: Your national Data Protection Authority (DPA)
  • United Kingdom: The Information Commissioner's Office (ICO) at ico.org.uk
Other International Residents

If you are located in another jurisdiction outside the United States, local laws may grant you additional privacy rights. We are committed to honoring applicable data protection principles in all regions where we operate. Submit the data subject access request form if you have questions about how your local law applies to our processing of your data.

12. Do We Make Updates to This Policy?

In Short: Yes, we update this policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

We will indicate the date of the most recent update at the top of this Privacy Policy and may notify you of material changes via email (if you have provided us with your email address) or by posting a prominent notice on our website prior to the change becoming effective.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Services after any changes to this policy constitutes acceptance of those changes.

13. How Can You Contact Us?

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please submit the data subject access request form.

14. How Can You Review, Update, or Delete Your Data?

Based on the applicable laws of your jurisdiction, you may have the right to request access to the personal information we collect from you, correct inaccuracies, or request deletion of that information. To submit a request, submit the data subject access request form.

We will respond to all verified requests in accordance with applicable law and within the timeframes specified in this policy.