Privacy Notice
Last updated: May 2026
Vereon Intelligence Limited is registered in England and Wales. We are the data controller for the personal data described in this notice. This notice explains how we collect, use, and protect your information when you use our services at vereon.co.uk and companies.vereon.co.uk.
Contact: privacy@vereon.co.uk
1. What we collect and why
Account information
When you create an account, we collect your email address and an encrypted password. We use this to authenticate you, manage your subscription, and send service-related communications such as billing confirmations and password resets. Legal basis: contract performance.
Billing information
When you subscribe, payments are processed by Stripe. We do not store your card number, expiry date, or CVC. Stripe shares with us your Stripe customer ID, subscription status, and payment history. Legal basis: contract performance.
Usage data
We log which company lookups you perform, how many lookups you have remaining, and basic request metadata (timestamps, anonymised IP addresses). We use this to enforce usage limits, prevent abuse, and improve the service. Legal basis: legitimate interest (service integrity and improvement).
Company intelligence data
The intelligence briefs and scores we generate are about companies and their officers, not about our subscribers. This data is sourced from official UK public registers and statutory data sources. Where this public data includes the names and roles of company officers, persons with significant control, or other individuals, we process it under legitimate interest (providing commercial intelligence from publicly available official sources).
Cookies
We use only essential cookies required for authentication and session management. We do not use advertising or third-party tracking cookies.
2. How we use AI
Company intelligence briefs are generated by an AI model. The structured data we feed into the model is sourced entirely from public registers. The AI does not browse the internet or access private data to generate briefs. No subscriber personal data is included in AI prompts. Our AI provider’s data processing terms prohibit the use of inputs and outputs for model training.
3. Who we share data with
We share personal data only with processors who need it to deliver the service:
| Processor | Purpose | Location |
|---|---|---|
| Cloud database and authentication provider | Authentication, database | EU |
| Stripe | Payment processing | US (EU SCCs in place) |
| AI processing provider | Intelligence brief generation (company data only, no subscriber PII) | US |
| Document extraction provider | Financial document extraction (company data only, no subscriber PII) | US |
| Cloudflare | Web hosting, CDN, DDoS protection | Global |
| API hosting provider | API hosting | EU |
We do not sell your data. We do not share it with advertisers or data brokers.
4. International transfers
Some processors are based in the US. Transfers are protected by Standard Contractual Clauses (SCCs) and, where applicable, supplementary measures in line with UK GDPR requirements. You may request copies of the relevant SCCs by emailing us.
5. How long we keep data
| Data | Retention |
|---|---|
| Account data | Until you delete your account, plus 6 years for tax/legal records |
| Billing records | 6 years from transaction date (legal obligation) |
| Usage logs | 12 months, then anonymised |
| Company intelligence data | Refreshed periodically; no fixed deletion as it is derived from public sources |
6. Your rights
Under UK GDPR, you have the right to:
- Access your personal data (we will respond within 30 days)
- Rectify inaccurate data
- Erase your data (subject to legal retention obligations)
- Restrict processing in certain circumstances
- Object to processing based on legitimate interest
- Port your data to another provider (account and usage data)
- Withdraw consent where processing is based on consent
To exercise any right, email privacy@vereon.co.uk. We will respond within 30 days.
7. Data about company officers and individuals
Our service displays information about company directors, secretaries, persons with significant control, and other individuals whose details appear on public registers. This processing is carried out under legitimate interest — specifically, the widely recognised interest in providing access to and analysis of officially published corporate transparency data.
If you are a company officer and wish to raise a concern about how your publicly available data is displayed, please contact us at privacy@vereon.co.uk. Note that we source this data from statutory registers and our ability to remove it may be limited where it reflects current public record.
8. Security
We protect your data with encryption in transit (TLS), encryption at rest (cloud provider), hashed passwords (bcrypt), rate limiting, and access controls. API keys and secrets are stored as encrypted environment variables, not in source code.
9. Children
Our services are designed for business professionals. We do not knowingly collect data from anyone under 18. If we become aware that we hold data about a child, we will delete it promptly.
10. Changes to this notice
We will update this notice as the service evolves. Material changes will be communicated by email to active subscribers. The “last updated” date at the top indicates the current version.
11. Complaints
If you are unhappy with how we handle your data, you may lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would appreciate the chance to address your concern first — please email privacy@vereon.co.uk.