Privacy Policy

"VeriFyve," "we," "us," and "our" refer to the operator of the VeriFyve consumer anti-fraud service (the "Service"). This Policy explains what information we collect, how we use it, and your choices. It applies to VeriFyve's website, mobile experience, APIs, embeddable widgets, and partner integrations.

2.1 Information you provide

• Account details: name, DOB, email, password, phone number, profile photo.
• Content you submit for analysis: pasted text, URLs, screenshots, voicemail transcripts, sender identifiers (phone numbers, email addresses, handles), trusted contact lists, and any other material you upload to the Monitor, Second Opinion, or Lookup features.
• Communications you send to support and feedback you provide.
• Payment and billing details if you purchase a paid plan (collected by our payment processor; we receive limited tokens and metadata).

2.2 Information collected automatically

• Device and connection data: IP address, device identifiers, browser type, operating system, language, time zone, mobile carrier.
• Usage data: pages viewed, features used, scan results, click and scroll behavior, session duration, referring URLs, crash logs, and diagnostic data.
• Approximate location derived from IP address.
• Cookies, SDKs, web beacons, pixels, and similar technologies, including those of our advertising and analytics partners.

2.3 Information from third parties

• Identity verification, fraud prevention, and credit signal providers.
• Open-source intelligence (OSINT) sources used to enrich Lookup results.
• Social login providers if you sign in with a third-party account.
• Marketing, advertising, and data-broker partners that supplement the data we already hold about you.

Content you submit for analysis may incidentally include sensitive information (for example, financial account numbers shown in a screenshot of a suspicious message, government identifiers a scammer asked you to share, health references in a phishing email, or precise geolocation embedded in image metadata). You should redact anything you do not want us to process. We treat this material under the same uses described in Section 4, including the commercial uses described in Section 5, except where applicable law requires additional consent.

VeriFyve is designed to analyze text, email, and screenshots of communications for scam and phishing risk. Submissions containing profanity, abusive language, nudity, or sexually explicit imagery are not analyzed and the uploaded files are discarded at intake rather than stored in your case history or shared to the community feed. See the Legal & Disclaimers page, Section 1a, for the full acceptable-use scope.

• Provide, operate, secure, and improve the Service, including AI scoring of suspicious content and OSINT enrichment.
• Authenticate users, prevent fraud, abuse, and security incidents.
• Train, evaluate, and improve our and our service providers' machine-learning models, including models that power scam detection and content classification.
• Personalize content, recommendations, and educational material.
• Communicate with you about your account, security alerts, and product updates.
• Send re-engagement communications to members who haven't been active for an extended period (e.g., 15+ days), which may include summaries of team members' recent reports, activity from members in your state or neighboring states, and news stories. You can unsubscribe at any time using the link in any such email.
• Marketing, promotion, and advertising — both first-party and on behalf of partners.
• Aggregate, deidentify, or anonymize data and use the resulting data sets for any lawful purpose, including commercial analytics and resale.
• Comply with law and enforce our terms.

We share and, where lawful, sell personal information to the following categories of recipients:

• Affiliates and corporate group for any internal purpose.
• Service providers and processors (cloud hosting, AI inference, analytics, customer support, payment processing, communications).
• Advertising partners, ad networks, and ad-tech vendors for targeted advertising, measurement, and attribution.
• Data brokers, marketing partners, and analytics resellers in exchange for monetary or other valuable consideration. This may constitute a "sale" or "sharing" under U.S. state privacy laws (including the CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, and similar statutes).
• Financial institutions and partners that license our Partner API or embeddable widget, including the content and metadata of scans you initiate through their integrations.
• OSINT, fraud-intelligence, and threat-sharing networks.
• Acquirers in connection with a merger, financing, reorganization, bankruptcy, or sale of assets.
• Law enforcement, regulators, and other parties when we believe disclosure is required by law, necessary to protect rights, property, or safety, or to investigate fraud or security incidents.

We have sold or shared the following categories of personal information in the preceding 12 months: identifiers; commercial information; internet or other electronic network activity information; geolocation; inferences drawn from any of the above; and content you submitted to the Service. We do not knowingly sell or share the personal information of consumers under 16 without affirmative authorization.

The Service uses third-party large language models and other AI providers to analyze content you submit. Inputs and outputs may be retained by these providers under their own terms for model improvement, abuse monitoring, and security. We may also retain and use your inputs and outputs to train or fine-tune our own models. Automated decisions (for example, risk scores) are advisory and do not produce legal or similarly significant effects without human action by you.

If content you submit to the Service — including through Second Opinion, Monitor, or Lookup — describes or depicts illegal activity (for example, threats of violence, weapons offenses, illegal drug sales, trafficking, child exploitation, or other criminal conduct) or bodily harm to yourself or others, we may flag, retain, and review that content in a safety queue. Where we believe in good faith that disclosure is appropriate to prevent harm or comply with law, we may share that content, your account information, and related metadata with local, state, federal, or international law enforcement, emergency services, or other lawful authorities, with or without further notice to you. If you or someone else may be in immediate danger, please follow your local laws and contact emergency services or the appropriate authorities directly.

We and our partners use cookies, SDKs, pixels, and similar technologies to operate the Service, remember preferences, measure performance, and deliver advertising. Where required, we will present a consent banner. You can control cookies through your browser; disabling them may break parts of the Service. We honor Global Privacy Control (GPC) signals as a valid opt-out of "sale" and "sharing" for the browser sending the signal.

We retain personal information for as long as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Uploaded screenshots and analysis artifacts are retained for at least 90 days unless you pin a case or applicable law requires longer retention. Aggregated and deidentified data may be retained indefinitely.

Depending on where you live, you may have the right to:

• Know, access, correct, delete, or receive a portable copy of your personal information.
• Opt out of the sale or sharing of personal information and of targeted advertising.
• Limit the use and disclosure of sensitive personal information.
• Withdraw consent where processing is based on consent.
• Appeal a denial of a privacy request.

To exercise these rights, email privacy@verifyve.app or use the in-app "Do Not Sell or Share My Personal Information" link in Settings. We will verify your identity before responding. You may use an authorized agent.

EEA, UK, and Swiss residents: our legal bases include consent, performance of a contract, our legitimate interests in operating and improving the Service, and compliance with legal obligations. You may lodge a complaint with your supervisory authority.

We use administrative, technical, and physical safeguards designed to protect personal information. No system is perfectly secure, and we cannot guarantee the security of information transmitted to or stored on the Service.

We process personal information in the United States and other countries that may not provide the same level of protection as your jurisdiction. Where required, we use Standard Contractual Clauses or other lawful transfer mechanisms.

The Service is intended for users aged 16 and older. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK). Contact us to request deletion if you believe we have.

We may update this Policy from time to time. Material changes will be communicated through the Service or by email. Your continued use of the Service after the effective date constitutes acceptance.

Privacy questions: privacy@verifyve.app. Postal mail address available on request.

VeriFyve includes features that let you share scam reports publicly — including the Trends feed and shareable report pages (e.g., /p/<report-id>). Content you choose to share, including redacted screenshots, scam type, narrative, and risk score, becomes publicly accessible to anyone with the linkand may be indexed by search engines and re-shared by third parties. We strip your name and direct identifiers from shared posts, but you are responsible for redacting anything sensitive in the underlying screenshot or text before sharing. You can request removal of a shared post at any time by contactingprivacy@verifyve.app.

VeriFyve offers a Partner API and an embeddable widget that financial institutions, credit unions, and other partners may deploy on their own properties. When you use VeriFyve through a partner integration (for example, scanning a message from your bank's website or mobile app):

• The partner may receive the content and metadata of the scan, the risk score, red flags, verdict, and your interaction with the result.
• The partner may correlate the scan with your account at the partner institution.
• The partner's own privacy policy and terms govern their handling of that data; VeriFyve is not responsible for partner practices.
• If you were enrolled in VeriFyve through a partner code or single-sign-on, your membership may end when the partner ends sponsorship; we will notify you and offer continuation on a paid plan.

The Scam Academy and news features ingest articles, advisories, and educational material from public sources, government agencies, and third-party feeds. We track which lessons and news items you view and complete in order to award progress, surface relevant material, and report aggregate engagement. Third-party content shown in the Academy is the property of its respective publisher; links open to external sites governed by their own terms.

When you share screenshot-backed scam reports, VeriFyve may award you a public Validator Shield badge, with up to three stars (one per five screenshot posts shared) and an Elite Validator tier at 30+ posts. The badge and its tier are publicly visible next to your display name on shared posts, in Trends, and on your public profile. Aggregate counts of your shared posts may be displayed alongside the badge. You can opt out of the badge program in Settings; opting out hides the badge but does not retroactively unshare posts you have already published.