Privacy Policy

Effective Date: March 10, 2026 · Last Updated: March 10, 2026

Powerful Insight Ventures LLC d/b/a VeroFin ("VeroFin," "we," "us," or "our") is committed to protecting the privacy and security of your information. This Privacy Policy describes how we collect, use, store, and disclose data when you use our platform at verofin.co (the "Platform").

Given that our clients are law firms and regulated reporting persons, we understand the heightened sensitivity of the data entrusted to us, including information that may be subject to attorney-client privilege.

The Platform is designed and offered exclusively to business customers located in the United States for use in connection with U.S. regulatory obligations (including FinCEN reporting). We do not market or target the Platform to individuals in the European Economic Area, the United Kingdom, or other non-U.S. jurisdictions, and this Privacy Policy is intended to address our practices primarily under U.S. federal and state privacy laws. Certain rights and disclosures described below, including California-specific rights, apply only to residents of particular U.S. states where such laws are in force.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Full name and email address
• Firm name, address, and phone number
• Professional role or title
• Billing information (processed and stored by Stripe, Inc.)

1.2 Uploaded Documents

When you use the Platform to process filings, you may upload:

• Closing packs, settlement statements, and related real estate transaction documents
• Documents containing personally identifiable information (PII) including names, addresses, Social Security Numbers, Taxpayer Identification Numbers, and dates of birth of beneficial owners

1.3 Extracted Data

Our AI agents extract up to 111 FinCEN-required fields from your documents. This extracted data includes beneficial ownership details, property information, transaction amounts, and entity formation data. Extracted data is stored in your tenant-isolated database.

1.4 Usage Data

We automatically collect standard usage information including IP address, browser type, pages visited, timestamps, and referring URLs. This data is used solely for platform improvement and security monitoring.

2. How We Use Your Information

We use your information to:

• Provide, operate, and maintain the Platform
• Process documents through our AI extraction and validation agents
• Generate FinCEN-compliant XML files for your review
• Process payments and manage your subscription
• Send transactional communications (filing notifications, account updates)
• Monitor platform security and detect unauthorized access attempts
• Improve extraction accuracy and platform performance (using aggregate, anonymized metrics only)

3. Data Storage and Security

3.1 Infrastructure

• Database: Supabase (PostgreSQL) with row-level security policies ensuring strict tenant-to-tenant data isolation
• Document Storage: Supabase Storage with private bucket access controls
• Application Hosting: Vercel (US-based edge network)
• Payment Processing: Stripe, Inc. (PCI DSS Level 1 compliant)

3.2 Security Measures

• All data encrypted in transit via TLS 1.3
• Data at rest encrypted using AES-256
• Row-level security (RLS) policies enforce tenant isolation at the database level
• Supabase Auth with secure session management and HTTP-only cookies
• Signed upload URLs with expiration for document transfers
• Middleware-enforced authentication on all platform routes

4. Third-Party Service Providers (Sub-Processors)

We share data with the following providers solely as necessary to deliver the Platform:

We require all sub-processors to maintain appropriate security measures and to process your data only in accordance with our instructions. A current list of sub-processors is available on our Sub-processors page.

5. Data Retention

• Active accounts: Data is retained for the duration of your subscription.
• Uploaded documents: Stored for 90 days after filing completion, then automatically deleted, unless a longer retention period is reasonably necessary to comply with a legal obligation, respond to regulatory inquiries, or protect our rights in connection with an actual or reasonably anticipated dispute.
• Extracted data and XML outputs: Retained for the duration of your subscription and 30 days after cancellation to allow export, subject to the same legal and regulatory retention needs described above.
• Account deletion: Upon request, all associated data is permanently deleted within 30 days, except where longer retention is required by law or reasonably necessary to establish, exercise, or defend legal claims.
• Billing records and audit logs: Retained as required by applicable tax, accounting, and financial regulations, and to maintain an appropriate audit trail of Platform usage and access in the event of regulator or examiner review.

6. Your Rights

You have the right to:

• Access: Request a copy of all personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request deletion of your personal data and account.
• Export: Export your filings and extracted data at any time through the Platform.
• Withdraw Consent: Opt out of non-essential communications at any time.

To exercise any of these rights, contact us at support@verofin.co. We will respond within 30 days.

7. Attorney-Client Privilege

We acknowledge that documents uploaded by law firm clients may contain information protected by attorney-client privilege or the work product doctrine. Our access to and processing of such documents is performed solely in our capacity as a service provider acting at the direction of the uploading attorney. We do not review, disclose, or use privileged information for any purpose other than providing the Platform services.

8. Cookies and Tracking

We use the following cookies:

• Essential cookies: Authentication session cookies required for Platform functionality. These cannot be disabled.
• Analytics: We may use privacy-preserving analytics (e.g., Vercel Analytics) to understand aggregate usage patterns. No personal data is shared with advertising networks.

We do not use third-party advertising cookies, social media tracking pixels, or cross-site tracking technologies.

9. Children's Privacy

The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us immediately.

10. California Privacy Rights (CCPA)

If you are a California resident acting in a business or professional capacity, you may have additional rights under the California Consumer Privacy Act (CCPA) and related California privacy laws, including the right to know what personal information we collect, the right to request deletion in certain circumstances, and the right to opt out of the sale or sharing of personal information (where applicable). We do not sell personal information to third parties, and we do not use the Platform for targeted advertising or cross-context behavioral advertising.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you via email within 72 hours of becoming aware of the breach, in accordance with applicable federal and state notification laws. The notification will include: the nature of the breach, the data affected, steps we are taking to remediate, and recommended actions you should take.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect. The "Last Updated" date at the top of this page indicates when the policy was most recently revised.

13. Contact Information

For privacy-related inquiries or to exercise your rights: