GDPR

Effective date: April 1, 2026

Last updated: July 18, 2026

Verifex is developing and maintaining technical, organisational and contractual measures intended to support its obligations under applicable data-protection law. GDPR applicability and the roles of the parties depend on the relevant processing activity and customer relationship.

Verifex is operated by Sadat Nazarli, operating Verifex (Azerbaijan). For any request under this page, contact hello@verifex.dev.

Controller and processor roles

Verifex is a controller for data relating to your account, billing, service operation, security, and support. Verifex is a processor where you submit names, entities, or other inputs to our screening or KYB features for your own compliance purposes — there, you are the controller and we process the data on your instructions.

Data-subject rights

Where the GDPR applies, individuals may have rights of access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent where processing relies on consent.

How to make a request

Email hello@verifex.dev. Where the underlying data was submitted by a customer using our screening or KYB features, we generally direct the request to that customer as controller and assist them as processor.

International transfers and safeguards

Primary infrastructure is hosted in the European Union. Where personal data is transferred to a subprocessor outside the EU/EEA and a transfer mechanism is required, we rely on the European Commission's Standard Contractual Clauses (SCCs) or an equivalent mechanism. Per-vendor status is shown on our subprocessors page.

Subprocessors

Our canonical list of subprocessors, with purpose, data category, region, and transfer status, is at /subprocessors.

Security measures

Our technical and organisational measures are described on our Security page. Note that Verifex makes no formal GDPR certification claim, has not completed a SOC 2 examination, is not ISO 27001 certified, and has not completed an independent penetration test.

Readiness — in progress

We are candid about what is not yet complete. The following are in progress:

  • Records of Processing Activities (ROPA)
  • A formal retention and deletion schedule
  • Vendor DPA verification
  • A data-protection impact assessment (DPIA) for LLM-assisted processing
  • A transfer-impact assessment
  • Backup improvements
  • A company / entity transition

Data Processing Agreement

A Data Processing Addendum draft that addresses Article 28 obligations is available for contractual review at /dpa.