Legal
Privacy Policy
Effective date: 26 February 2026
This Privacy Policy explains how Noble Nobilis LTD (“we”, “us”, “our”) collects, uses, and protects personal data when you use the Veridue platform (“Service”). We are committed to protecting your privacy in accordance with the UK GDPR and the Data Protection Act 2018.
1. Data Controller
The data controller for personal data processed through Veridue is:
Noble Nobilis LTD
37 Longfellow Way, London, SE1 5TB, United Kingdom
Email: privacy@veridueops.com
For data you upload about your own clients or business entities (“Customer Data”), you are the data controller and we act as your data processor. Our Terms of Service constitute the data processing agreement between us.
2. What Data We Collect
2.1 Account Data
- Name and email address (required to create an account)
- Company or firm name
- Password (stored as a one-way hash — we cannot read it)
- Billing address and VAT/tax number (collected by Paddle, not stored by us)
2.2 Customer Data (uploaded by you)
- Business entity names, states, and entity types
- Contact email addresses for compliance reminders
- Filing dates, deadlines, and compliance status records
- Any files you upload for AI entity extraction
2.3 Usage Data
- Pages visited, features used, and time spent in the application
- IP address and browser/device type
- Error logs and performance metrics
- Email delivery events (sent, delivered, opened, bounced, unsubscribed)
2.4 Communications Data
- Support requests and email correspondence with us
- Responses to surveys or feedback forms
3. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Providing and operating the Service | Contract performance |
| Processing subscription payments via Paddle | Contract performance |
| Sending transactional emails (reminders, receipts, alerts) | Contract performance |
| Improving the platform (analytics, bug fixes) | Legitimate interests |
| Sending product update emails to existing customers | Legitimate interests |
| B2B outreach to businesses at their published address | Legitimate interests (UK PECR) |
| Complying with legal obligations | Legal obligation |
| Fraud prevention and security | Legitimate interests |
We do not use your data for automated individual decision-making that produces legal effects without human review.
4. Who We Share Data With
We do not sell your personal data. We share data only with:
- Paddle.com Market Limited — payment processing and billing. Paddle is the Merchant of Record and processes your payment card data independently.
- Amazon Web Services (AWS) — cloud hosting (us-east-1 region), including Amazon SES for email delivery and DynamoDB for data storage.
- Anthropic — AI features (Claude API) process only the document text you submit for entity extraction. No personal identifiers are included.
- Legal and regulatory authorities — where required by law or court order.
All processors are subject to data processing agreements and required to implement appropriate security measures.
5. International Data Transfers
Our primary servers are located in the United States (AWS us-east-1). Transfers of personal data from the UK to the US are made under standard contractual clauses or equivalent safeguards as permitted by the UK GDPR.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data (active) | Duration of account + 90 days |
| Customer Data (entities, reminders) | Duration of account + 90 days |
| Proof Packs and compliance records | 7 years (regulatory default) |
| Billing records | 7 years (legal requirement) |
| Support correspondence | 3 years |
| Usage/analytics logs | 13 months |
| Email delivery logs | 12 months |
7. Cookies
We use the following cookies:
- Essential cookies — session management and security (cannot be disabled)
- Analytics cookies — anonymous usage statistics to improve the platform (opt-out available)
We do not use third-party advertising or tracking cookies. You can manage cookie preferences through your browser settings.
8. Your Rights
Under UK GDPR you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your personal data (“right to be forgotten”)
- Restriction — ask us to pause processing of your data
- Portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interests
- Unsubscribe — opt out of marketing emails at any time via the unsubscribe link in any email or by contacting us
To exercise any right, email privacy@veridueops.com. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).
9. Security
We implement industry-standard security measures including:
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for data at rest (AWS KMS managed keys)
- JWT-based authentication with short-lived tokens
- Automatic suppression of bounced and complained email addresses
- Role-based access controls within the platform
No system is 100% secure. If you discover a security vulnerability, please report it responsibly to security@veridueops.com.
10. Children
Veridue is a business platform and is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us at privacy@veridueops.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 14 days before they take effect. The current version is always available at veridueops.com/privacy-policy.
12. Contact
For any privacy-related questions or to exercise your rights:
Noble Nobilis LTD
37 Longfellow Way, London, SE1 5TB, United Kingdom
Email: privacy@veridueops.com