Verity Ledger
Behavioural proof & payment confirmation infrastructure

Privacy Policy

This policy explains how Verity Ledger collects, uses, and protects personal information, including data processed through our WhatsApp Business integration.

Effective date: 19 March 2026 Last updated: 19 March 2026

1. About Us

Verity Ledger ("we", "us", or "our") provides behavioural proof and payment confirmation infrastructure. Our registered business address and primary contact details are listed in Section 14 below.

We are the data controller for personal information we collect directly. Where we act as an operator of communication channels on behalf of our clients, we are a data processor and our clients are the data controllers.

2. WhatsApp Business API

Meta / WhatsApp requirement: This section satisfies Meta's requirement that businesses using the WhatsApp Business Platform publish a publicly accessible privacy policy that describes how they collect, use, and share data obtained through WhatsApp.

We use the WhatsApp Business Platform (provided by Meta Platforms Ireland Ltd.) to communicate with users and clients who contact us via WhatsApp. When you message us on WhatsApp:

  • Your WhatsApp account phone number and display name are received by us.
  • The content of messages you send us, including text, documents, images, and other attachments, is received and processed by us.
  • Message metadata (timestamps, message delivery status, read receipts) is available to us.

We use this information solely to respond to your enquiry, to provide the services you have requested, and to maintain a record of our communications for audit and support purposes.

WhatsApp messages are transmitted over Meta's infrastructure. Meta's own privacy policy applies to data held by Meta. You can review Meta's privacy policy at whatsapp.com/legal/privacy-policy.

We do not use WhatsApp message data to serve you advertisements, sell your data to third parties, or combine it with data from other sources for profiling purposes unrelated to the service you requested.

3. Information We Collect

Category Examples Source
Identity & contact data Name, email address, phone number, job title, company name You provide directly (web form, WhatsApp, email)
Communication content Messages, attachments, and metadata sent via WhatsApp or our contact form WhatsApp Business Platform, contact form
Usage data Pages visited, time on site, referring URL, browser and device type Automatically collected via server logs and analytics
Proof & transaction data Job records, proof-of-work submissions, payment confirmation records You or your employer provide via our platform
Technical data IP address, cookie identifiers Automatically collected

We collect only the information that is necessary for the purposes described in this policy.

4. How We Use Your Information

Purpose Lawful basis
Responding to WhatsApp, email, and web enquiries Legitimate interests / Pre-contractual steps
Providing and operating our platform and services Contract performance
Sending transactional notifications (proof confirmations, payment receipts) Contract performance
Improving our platform and diagnosing technical issues Legitimate interests
Complying with legal obligations Legal obligation
Keeping records for audit and dispute resolution Legitimate interests / Legal obligation

We will only send you marketing communications if you have opted in. You may opt out at any time by contacting us at the address in Section 14.

5. How We Share Your Information

We do not sell your personal information. We may share it with:

  • Meta Platforms Ireland Ltd. – through our use of the WhatsApp Business Platform, as described in Section 2.
  • Service providers – third-party companies that help us operate our business (hosting providers, analytics tools, communication infrastructure), bound by data processing agreements.
  • Our clients – where you are an end-user of a Verity Ledger-powered workflow operated by one of our clients, relevant proof and transaction data is shared with that client as the data controller.
  • Legal authorities – where required by law or to protect our legal rights.
  • Business transfers – in connection with a merger, acquisition, or sale of assets, with appropriate confidentiality obligations.

6. International Data Transfers

Our services and some of our service providers may process data in countries outside your home jurisdiction. Where personal data is transferred outside the European Economic Area (EEA) or South Africa, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses, adequacy decisions, or binding corporate rules).

WhatsApp processes data globally. Please refer to Meta's privacy policy and data transfer documentation for details.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy, or as required by law. Our default retention periods are:

  • Enquiry and communication records (including WhatsApp messages): up to 3 years from last interaction.
  • Platform proof and transaction data: for the duration of the client contract, plus up to 7 years for audit purposes.
  • Account data: until account deletion, plus 90 days for recovery purposes.
  • Server logs and analytics: up to 24 months.

You may request earlier deletion subject to our legal obligations (see Section 9).

8. Cookies & Similar Technologies

Our website uses cookies and similar tracking technologies to remember your preferences and analyse site usage. You may control cookies through your browser settings. Disabling cookies may affect site functionality.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access – request a copy of the personal data we hold about you.
  • Correction – request that inaccurate or incomplete data be corrected.
  • Erasure – request deletion of your personal data, subject to our legal obligations.
  • Restriction – request that we limit processing of your data in certain circumstances.
  • Portability – receive your data in a structured, machine-readable format.
  • Objection – object to processing based on legitimate interests.
  • Withdrawal of consent – where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us using the details in Section 14. We will respond within 30 days (or within the timeframe required by applicable law).

10. Children's Privacy

Our services are not directed at children under 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or disclosure. These include encryption in transit (TLS), access controls, and regular security reviews. No system is completely secure; we cannot guarantee absolute security of data transmitted over the internet.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of external sites and encourage you to review their privacy policies before providing any personal information.

13. Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our services after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this policy, wish to exercise your data rights, or want to report a privacy concern, please contact us:

If you are located in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.