Privacy Policy

Who We Are

Veri Q is a compliance operations platform used by brokerages and authorised users to manage customer due diligence records, screen customers against compliance lists, retain evidence, manage document requirements, and administer subscription billing.

For customer records uploaded and managed by a brokerage, the brokerage is normally the responsible party under POPIA, and Veri Q acts as an operator that processes information on the brokerage's instructions. For account registration, billing, platform security, support, and service administration, Veri Q may act as the responsible party.

Information We Process

Depending on how the platform is used, Veri Q may process:

• brokerage profile information, contact details, registration details, and authorised user accounts;
• customer due diligence information, including names, identity or passport numbers, contact details, nationality, address, occupation, risk level, and related KYC information;
• uploaded compliance documents, document review status, expiry dates, reminders, and audit history;
• screening requests, possible matches, review decisions, reports, exported evidence, and audit logs;
• subscription, plan, billing-event, PayFast reference, payment-failure, cancellation, and reconciliation information;
• support tickets, contact requests, feature suggestions, and related correspondence;
• technical information such as authentication activity, security logs, device/browser information, and usage activity needed to secure and operate the platform.

Why We Process Information

We process personal information only for specific, lawful, and legitimate purposes, including to:

• provide the Veri Q platform and the features requested by brokerages and authorised users;
• support compliance screening, customer due diligence, evidence retention, document reminders, and reporting workflows;
• administer user accounts, roles, access controls, security checks, and audit logs;
• process subscriptions, billing setup, failed-payment handling, cancellation, reconciliation, and receipts;
• respond to support requests, contact enquiries, and service communications;
• protect the platform, investigate abuse or security incidents, and maintain service integrity;
• comply with legal, regulatory, accounting, tax, and dispute-resolution obligations.

Legal Basis Under POPIA

POPIA sets conditions for lawful processing, including accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, and data subject participation. Veri Q applies these principles by limiting collection to what is needed, using information for defined compliance and service purposes, keeping appropriate records, and applying technical and organisational safeguards.

Depending on the context, processing may be based on consent, performance of a contract, compliance with legal obligations, legitimate interests of the brokerage or platform, protection of lawful rights, or another basis permitted by POPIA.

Special Personal Information

Compliance workflows may involve sensitive identifiers and information that requires careful handling. Brokerages must ensure they have a lawful basis to upload, screen, retain, and review customer information. Veri Q applies access controls, audit records, encryption for protected fields and files where configured, and role-based restrictions to reduce unnecessary exposure.

PayFast and Billing

Card and bank details are captured and processed by PayFast, not by Veri Q. Veri Q stores billing status, plan details, payment references, provider tokens in protected form where applicable, billing events, cancellation status, and reconciliation information needed to manage subscription access and support.

Sharing Information

We may share information only where necessary with:

• the brokerage that controls or administers the relevant customer records;
• authorised users within that brokerage, according to their role permissions;
• service providers that host, store, secure, process, or support the platform;
• PayFast and related payment processors for billing workflows;
• regulators, courts, law enforcement, auditors, or professional advisers where required or allowed by law.

We do not sell personal information.

Cross-Border Processing

Some service providers may process or store information outside South Africa. Where this happens, Veri Q will use appropriate safeguards, contractual controls, and service providers that support lawful processing and reasonable security protections.

Security

Veri Q uses role-based access controls, authentication, audit records, protected billing/provider references, encryption for sensitive text and document storage where configured, validation checks, and operational logging. No system is risk-free, but we take reasonable technical and organisational measures to protect personal information against loss, unauthorised access, misuse, disclosure, alteration, or destruction.

Retention

We retain personal information for as long as needed for the purposes described in this policy, the brokerage's lawful compliance requirements, subscription and support administration, legal obligations, audit evidence, dispute handling, and security. Where information is no longer needed, it should be deleted, de-identified, archived, or returned according to the applicable agreement and legal requirements.

Your Rights

Under POPIA, data subjects may have rights to:

• ask whether personal information is held about them;
• request access to their personal information;
• request correction or deletion of inaccurate, excessive, outdated, incomplete, misleading, or unlawfully obtained information;
• object to certain processing where POPIA allows it;
• withdraw consent where processing is based on consent;
• complain to the Information Regulator.

If your information was uploaded by a brokerage, please contact that brokerage first because it normally controls the customer record. Veri Q will support brokerages in responding to lawful data subject requests.

Security Incidents

If we become aware of a security compromise involving personal information, we will take reasonable steps to contain and investigate it and will support notifications to affected parties and the Information Regulator where POPIA requires this.

Contact and Complaints

For privacy requests or questions, contact the Veri Q administrator or the brokerage that manages your customer record. Platform administrators should route privacy requests to the appointed information officer or responsible privacy contact.

You may also contact the Information Regulator (South Africa) if you believe your rights under POPIA have been infringed.