Privacy Policy

This Privacy Policy describes how Veristack Technologies Inc. (“Veristack,” “we,” “our,” or “us”) collects, uses, stores, and protects information in connection with the Veristack platform and the website at veristacktech.com (collectively, the “Service”). By using the Service, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, company name, and role. This information is used to provision your account, authenticate your identity, and communicate with you about the Service.

1.2 Project Data

When you use the platform, you may upload timesheet data, subcontractor invoices, field tickets, wage determinations, classification rate tables, and other project-related documents. This data is processed by the platform to generate T&M backup documentation. Veristack does not claim ownership of your project data.

1.3 Certified Payroll Documents

You may upload certified payroll documents that contain personally identifiable information (“PII”), including Social Security numbers and employee compensation data. All certified payroll documents are stored on encrypted servers (AES-256 at rest). As an additional security measure, the platform applies automatic PII redaction to remove sensitive identifiers before long-term storage. See Section 4 for details.

1.4 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, browser type, and device information. This information is used to improve the Service, diagnose technical issues, and monitor platform performance.

1.5 Cookies

The Service uses essential cookies required for authentication and session management. We do not use third-party advertising cookies or tracking pixels. We do not sell or share cookie data with advertisers.

2. How We Use Your Information

We use the information we collect to: (a) provide, operate, and maintain the Service; (b) process your project data and generate T&M backup documentation; (c) authenticate users and manage accounts; (d) communicate with you about your account, the Service, and support requests; (e) monitor and improve the performance, security, and reliability of the Service; and (f) comply with legal obligations.

We do not use your project data, certified payroll documents, or any uploaded content to train machine learning models, for marketing purposes, or for any purpose other than providing the Service to you.

3. How We Share Your Information

We do not sell your information. We do not share your information with third parties for their marketing purposes. We may share information in the following limited circumstances:

Service Providers. We use third-party service providers to host, secure, support, and operate the platform, including Amazon Web Services (hosting and storage), Railway (application hosting), Sentry (error monitoring), and Cloudflare (DNS and content delivery). These providers process data on our behalf and are bound by confidentiality and data protection obligations.

Legal Requirements. We may disclose information if required by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect the rights, safety, or property of Veristack, our users, or the public.

Business Transfers. In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

4. Certified Payroll and PII Protection

Veristack recognizes that certified payroll documents contain highly sensitive employee information. Our platform implements multiple layers of protection that meet and exceed industry standards for handling this data.

Encrypted Storage. All certified payroll documents are stored on encrypted servers using AES-256 encryption at rest and transmitted using TLS 1.2 or higher in transit. This is the industry-standard baseline for protecting sensitive construction payroll data and ensures that stored documents are not accessible in the event of unauthorized access to the underlying storage infrastructure.

Automatic PII Redaction. As an additional layer of protection beyond encryption, Veristack applies automated PII redaction to certified payroll documents. The platform uses a redaction pipeline to identify and permanently remove Social Security numbers and other sensitive identifiers from documents before long-term storage. If the platform cannot confirm that redaction has been completed, the document may be flagged for user review before long-term storage or further use. Users are responsible for reviewing flagged documents and confirming that any required redaction has been completed.

Defense in Depth. The combination of encrypted storage and automatic PII redaction provides defense in depth. Encryption protects the document at rest. Redaction removes the most sensitive identifiers from the document itself. Together, these measures are intended to reduce exposure of sensitive data in the event of a security incident. This layered approach is an intentional design choice that goes beyond the standard practice of encryption alone.

User Responsibility. Veristack’s security measures protect certified payroll data within the platform. Veristack is not responsible for the handling, transmission, storage, or disclosure of certified payroll documents or other sensitive information by users or their personnel outside the platform, including but not limited to downloading documents to local devices, transmitting documents via email or other unsecured channels, sharing account credentials, or otherwise making sensitive information available to unauthorized individuals. Users are solely responsible for their own handling of sensitive data before it enters the platform and after it leaves the platform.

5. Data Security

We implement reasonable and appropriate technical and organizational measures to protect your information, including: (a) encryption of all data in transit using TLS 1.2 or higher; (b) encryption of all data at rest using AES-256; (c) logical segregation of customer data using access controls designed to prevent unauthorized cross-customer access; (d) role-based access controls with multi-factor authentication supported where enabled; (e) security headers including HSTS and Content Security Policy; (f) audit logging of API requests and user actions; (g) automated dependency vulnerability scanning; and (h) external uptime and error monitoring.

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your account information for as long as your account is active or as needed to provide the Service. We retain project data for the duration of your subscription or engagement. Upon termination of your agreement with Veristack, we will provide a thirty (30) day data export period during which you may request export of your project data in a standard format. Following the data export period, we will delete your project data from the platform within thirty (30) days, unless you request an additional extension in writing or we are required to retain it by law. Account information (name, email, company) may be retained for legal and compliance recordkeeping purposes. We will confirm data deletion in writing upon request.

7. Your Rights

Depending on your jurisdiction, you may have the right to: (a) access the personal information we hold about you; (b) request correction of inaccurate information; (c) request deletion of your information; (d) object to or restrict certain processing of your information; and (e) request a copy of your information in a portable format. To exercise any of these rights, contact us at the address below.

8. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on our website and updating the effective date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Veristack Technologies Inc.

veristacktech.com

Email: support@veristacktech.com