Privacy Policy
Protecting your data with transparency and care.
Summary
Last Updated: 01 January 2026
The website https://www.veritos.ai, together with any related subdomains, dashboards, and web applications (including any beta or app versions) (collectively, the “Platform”), is owned and operated by Veritos Pte. Ltd. (“Veritos”, “we”, “us” or “our”).
This Privacy Policy (“Policy”) describes how we collect, use, disclose, process, retain, and protect personal data in accordance with the Personal Data Protection Act 2012 of Singapore (“PDPA”).
This Policy applies to:
• customers and subscribers,
• authorised users (including employees and representatives of our customers),
• partners and vendors, and
• any individual whose personal data is in our possession or under our control (collectively, “you”, “your”, or “user”).
By accessing or using the Platform, you acknowledge that you have read, understood, and agreed to this Policy.
Consent
By providing your personal data to us, you consent to Veritos collecting, using, and disclosing your personal data for the purposes described in this Policy.
Where required under the PDPA, we will seek your consent before:
• collecting additional categories of personal data; or
• using your personal data for purposes not previously notified to you, unless such collection or use is permitted or required by law.
If you do not agree with this Policy, you should not access or use the Platform or provide any personal data to us.
You may withdraw your consent at any time by contacting our Data Protection Officer (“DPO”) at dpo@veritos.ai. We will process your request within a reasonable time (generally within 10 working days). Please note that withdrawal of consent may affect our ability to provide certain services.
Personal Data We Collect
For the purpose of operating, maintaining, and improving the Platform, Veritos may collect the following categories of personal data, where applicable:
• Personal particulars (e.g. name, business contact details, email address, role, organisation);
• Account and authentication data (e.g. login credentials, user roles, access logs);
• Identity or verification information, where required by law or contractual obligations;
• Third-party account information (e.g. Google or SSO account details, profile picture, email address);
• Organisation and usage data relating to compliance workflows, policy acknowledgements, training participation, incident records, or audit activities;
• User communications and inputs, including messages, queries, uploaded documents, feedback, and support requests;
• Technical and usage data such as IP addresses, device identifiers, cookies, access logs, and activity records.
Where Veritos processes personal data on behalf of a customer (for example, employee or client data uploaded by the customer), Veritos generally acts as a data intermediary, and the customer remains the organisation with control over that data.
Accuracy of Personal Data
We rely on personal data provided by you or your organisation to deliver accurate and effective services. You are responsible for ensuring that the personal data provided is accurate, complete, and up to date.
Where you provide personal data of other individuals (e.g. employees, contractors, or third parties), you represent and warrant that:
• you have the authority to do so; and
• the relevant individuals have been informed of and consented to such collection, use, and disclosure, where required under the PDPA.
Continuation of Consent
Any consent given in relation to personal data provided to us shall, subject to applicable laws, continue to apply notwithstanding the termination of your account, or the death, incapacity, insolvency, or bankruptcy of the individual concerned.
Protection of Personal Data
Veritos implements reasonable administrative, physical, and technical safeguards to protect personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks.
These measures include, where appropriate:
• access controls and role-based permissions,
• encryption in transit and at rest,
• secure hosting environments,
• audit logs and monitoring,
• internal data protection policies and staff training.
Access to personal data is restricted on a need-to-know basis, and all employees and service providers are bound by confidentiality and data protection obligations.
While we take reasonable steps to protect personal data, no method of transmission over the Internet or electronic storage is completely secure. Accordingly, any transmission of personal data is at your own risk.
Use of Personal Data
Veritos may use personal data for the following purposes:
1. creating, administering, and managing user accounts;
2. providing access to and operating the Platform and its features;
3. delivering compliance, governance, audit, training, and AI-assisted services;
4. personalising user experience and platform configurations;
5. responding to enquiries, requests, feedback, or complaints;
6. providing system notifications, service updates, and operational communications;
7. administering subscriptions, billing, payments, and contractual obligations;
8. monitoring usage, performance, and security of the Platform;
9. preventing, detecting, and investigating fraud, misuse, or security incidents;
10. conducting analytics, research, and service improvements;
11. complying with legal, regulatory, audit, or governmental requirements;
12. managing risk, internal reporting, and record-keeping;
13. enforcing our rights and obligations; and
14. any other purpose notified to you with your consent, where required.
Marketing Communications
Where permitted by law, we may send you product updates or service-related communications. You may opt out at any time by following the unsubscribe instructions or contacting dpo@veritos.ai.
Disclosure of Personal Data
Veritos may disclose personal data where necessary for the purposes above, including to:
• cloud hosting and infrastructure providers;
• analytics, monitoring, and security service providers;
• payment processors and billing providers;
• professional advisers, auditors, and legal counsel;
• regulatory, governmental, or law enforcement authorities, where required by law;
• business partners or service providers engaged to support the Platform.
All third-party service providers processing personal data on our behalf are bound by written agreements requiring a standard of protection comparable to the PDPA.
Cross-Border Data Transfers
Personal data may be transferred, stored, or processed outside Singapore. Where this occurs, Veritos will take reasonable steps to ensure that:
the recipient provides a level of protection comparable to the PDPA; and
legally enforceable safeguards (such as contractual clauses) are in place.
Third-Party Websites
The Platform may contain links to third-party websites not operated by Veritos. This Policy does not apply to such websites, and we are not responsible for their privacy practices.
Cookies
The Platform uses cookies and similar technologies to:
• enable core functionality,
• improve user experience,
• analyse usage patterns, and
• enhance platform security.
You may disable cookies via your browser settings, but doing so may limit certain features of the Platform.
Retention of Personal Data
We retain personal data only for as long as necessary to fulfil the purposes outlined in this Policy, unless a longer retention period is required or permitted by law.
When personal data is no longer required, we will securely delete or anonymise it in accordance with our retention schedules.
Access & Correction
You may request access to or correction of your personal data held by Veritos by contacting dpo@veritos.ai. We may require identity verification and may charge a reasonable administrative fee where permitted under the PDPA.
Amendments
Veritos may update this Policy from time to time. Updated versions will be made available on our website. Continued use of the Platform after such updates constitutes acceptance of the revised Policy.
Data Breach Managements
In the event of a personal data breach, Veritos will assess the incident and, where required under the PDPA, notify affected individuals and the Personal Data Protection Commission (“PDPC”) as soon as practicable.
Contact Us
If you have any questions, requests, or concerns regarding this Policy or the handling of your personal data, please contact our Data Protection Officer at:
📧 dpo@veritos.ai
We aim to respond within 7 working days.