Privacy Policy

1. Who we are

Verix (“Verix,” “we,” “us,” or “our”) provides biometric payment credential infrastructure for physical point-of-sale environments. This Privacy Policy explains how we handle personal information collected through our website, waitlist forms, merchant enquiry forms, and investor briefing requests. It does not cover the biometric credential product itself — that is governed by separate terms agreed with each merchant operator.

2. Information we collect

2.1 Information you provide directly

When you complete a form on this website, we collect:

• Waitlist form: full name, email address, phone number.
• Merchant enquiry form: full name, work email address, job title / role, company name, and a free-text message describing your setup.
• Investor / partner briefing form: full name, work email address, fund or organisation name, job title / role, nature of inquiry, and a free-text message.

All form fields are mandatory. We do not collect payment card details on this website.

2.2 Information collected automatically

Our hosting provider (Vercel) collects standard server-side access logs that may include your IP address, browser user-agent, referring URL, and the date and time of each request. We do not use cookies for tracking or advertising on this website. No analytics scripts, retargeting pixels, or session-recording tools are deployed.

3. How we use your information

We use the information you submit exclusively to:

• Respond to your enquiry and provide you with information about Verix products, pilots, or investment briefings relevant to your request.
• Follow up with waitlist registrants about kiosk enrollment availability in their region.
• Maintain internal records of business leads and investor enquiries.

We do not sell, rent, or trade your personal information to any third party for their own marketing purposes. We do not use your information for automated decision-making or profiling.

4. Third-party service providers

To operate this website and process form submissions, we rely on the following service providers. Each acts as a data processor on our behalf:

Both providers are certified under recognised data transfer frameworks. Where data is transferred from the European Economic Area or UK to the USA, we rely on standard contractual clauses and applicable adequacy decisions.

5. Biometric data (BIPA)

This website does not collect biometric information. Biometric facial data is processed only when a shopper enrolls through a Verix-enabled terminal or merchant kiosk as part of the payment credential product — not through this website.

When the Verix payment credential product is deployed by a merchant partner, the following principles govern biometric data:

• No raw images stored. Enrollment creates a one-way mathematical template. Raw biometric data is never transmitted off the capture device.
• Explicit consent required. Shoppers provide written (or equivalent electronic) informed consent before any biometric data is collected, consistent with the Illinois Biometric Information Privacy Act (BIPA) and analogous state laws.
• Right to deletion. Shoppers may delete their biometric enrollment at any time through the Verix app or a participating merchant kiosk. Deletion is immediate and permanent.
• No sale of biometric data. Verix does not sell, lease, trade, or profit from biometric identifiers or information.
• Retention schedule.Biometric templates are deleted within three years of last use, or sooner upon the shopper’s request or expiry of the applicable commercial relationship.

Separate biometric data notices are provided to shoppers at the point of enrollment by the relevant merchant operator in accordance with applicable law.

6. Data retention

We retain form submission data for as long as is reasonably necessary to follow up on your enquiry and maintain records of our business relationships. In practice, this means:

• Waitlist data: retained until your waitlist position is fulfilled or you request deletion, and for up to 24 months thereafter.
• Merchant and investor enquiry data: retained for up to 36 months from the date of your enquiry, or longer where we have an ongoing business relationship with you.

You may request deletion at any time by contacting us at privacy@verix.com. We will action deletion requests within 30 days.

7. Your rights

Depending on your jurisdiction, you may have the right to:

• Access a copy of the personal data we hold about you.
• Correct inaccurate or incomplete personal data.
• Delete your personal data (“right to be forgotten”).
• Restrict or object to our processing of your data.
• Portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email privacy@verix.com. We will verify your identity before processing the request and respond within 30 days (extendable by a further 60 days for complex requests, with notice).

8. EU and UK GDPR

For individuals in the European Economic Area or the United Kingdom, the legal basis for processing your personal information is:

• Legitimate interests (Article 6(1)(f) GDPR) — to respond to business enquiries, maintain our waitlist, and conduct normal commercial communications. We have assessed that our legitimate interests are not overridden by your interests or fundamental rights in this context.
• Performance of a contract or pre-contractual steps (Article 6(1)(b)) — where you have requested information about entering into a commercial relationship with Verix.

Verix is the data controller in respect of the personal data collected on this website. If you have a concern about our processing, you have the right to lodge a complaint with the supervisory authority in your country of residence.

9. California residents (CCPA / CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to know what personal information we collect, use, or disclose.
• Right to delete personal information we have collected from you.
• Right to correct inaccurate personal information.
• Right to opt out of the sale or sharing of personal information. We do not sell or share personal information as defined under the CCPA.
• Right to non-discrimination for exercising your CCPA rights.

To exercise these rights, email privacy@verix.com with the subject line “CCPA Request.”

Categories of personal information collected in the past 12 months: identifiers (name, email, phone number), professional information (employer, job title), and the contents of your message. We have not sold or shared any personal information with third parties for cross-context behavioural advertising.

10. Security

Form data is transmitted over TLS 1.3 and stored in a private, access-controlled Google Sheet accessible only to authorised Verix personnel. We apply reasonable administrative, technical, and physical safeguards consistent with the sensitivity of the data. No transmission over the internet is completely secure, and we cannot guarantee absolute security.

11. Children

This website is not directed to children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you believe we have inadvertently collected information from a child, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” at the top of this page. Material changes will be communicated to individuals who have submitted contact forms where we hold a current email address. Continued use of this website after a change constitutes acceptance of the updated policy.

13. Contact us

Questions, requests, or complaints about this Privacy Policy should be directed to:

See also our Terms of Service.