Website Privacy Policy
Scope
This Website Privacy Policy (“Policy”) explains how Verato, Inc. (“Verato,” “we,” “our,” or “us”) collects, uses, discloses, and retains personal information when you visit verato.com or any page that links to this Policy (the “Site”).
Important: When you use Verato’s cloud products or services under a Master SaaS Agreement, the processing of Customer Data—including any Protected Health Information (PHI) or other data uploaded into the platform—is governed by the separate Verato Product Data Privacy Policy and your contract. See the current version here.
Personal Information We Collect
| Category (Cal. Civ. Code § 1798.140 & Va. Code § 59.1‑575) |
Examples |
Sources |
Business / Commercial Purposes* |
Sold or Shared† |
Disclosed to Third Parties |
| Identifiers | Name, email, IP address, device ID | Directly from you; cookies | Site functionality, marketing, analytics, fraud prevention | No sale; shared for cross‑context ad services only with your consent | Analytics vendors, marketing partners, security service providers |
| Internet / Network Activity | Page views, clicks, referring URL, time stamps | Cookies, pixels, server logs | Site analytics, improving UX | No | Same as above |
| Geolocation (coarse) | Region inferred from IP | Cookies | Localize content, detect misuse | No | Security partners |
| Inferences | Propensity scores, interest segments | Derived internally | Tailor marketing | No | Not disclosed |
* Purposes are defined in § 7027 CPRA Regs. and Va. Code § 59.1‑578.
† “Sale” and “Share” have the meanings in Cal. Civ. Code §§ 1798.140 (ad)(ah). We do not knowingly sell personal information for monetary compensation.
Sensitive Personal Information:
We do not collect or process sensitive personal information (e.g., precise geolocation, health data) from mere browsing activity. Any sensitive data housed in Verato products is subject to the Product Policy and HIPAA‑driven Business Associate Agreements (BAAs).
How We Use Cookies & Similar Technologies
We use first‑ and third‑party cookies, pixels, and local storage to:
- remember your preferences.
- analyze Site traffic and performance.
- facilitate marketing communications if you opt‑in.
You can manage cookies through your browser. Refusing cookies may limit some Site features.
How We Disclose Personal Information
- We disclose personal information only:
- To service providers and contractors bound by written agreements that restrict use to our purposes.
- To analytics and advertising partners (limited identifiers) where you have consented.
- Where required by law, to protect rights, or in a corporate transaction.
- As otherwise described in this Policy or with your permission.
- We do not disclose website‑visitor information to unaffiliated third parties for their own direct marketing.
Data Retention
- We keep personal information for as long as necessary to fulfill the purposes described above or as required by law. For product data, retention and deletion are governed by the Product Policy and customer contracts.
Your Privacy Rights
| Right |
California Residents (CCPA/CPRA) |
Virginia Residents (VCDPA) |
| Access / Know |
✔ |
✔ |
| Correct Inaccuracies |
✔ |
✔ |
| Delete |
✔ |
✔ |
| Data Portability |
✔ |
✔ |
| Opt‑Out of Sale |
✔ |
✔ (opt‑out of sale) |
| Opt‑Out of Sharing / Targeted Advertising |
✔ |
✔ |
| Opt‑Out of Profiling (decisions with legal/effect) |
— |
✔ |
| Limit Use of Sensitive PI |
✔ (if collected) |
— |
| Non‑Discrimination / No Retaliation |
✔ |
✔ |
| Appeal Denial of Request |
— |
✔ (45 days to respond) |
How to exercise your rights
- Email: [email protected]
- Toll‑free: 703-650-5155 (California only)
For identity verification we may request limited additional data. Virginia residents may appeal a denied request by emailing [email protected] with “Privacy Appeal” in the subject line.
Do Not Sell or Share / Targeted Advertising
To opt‑out of cross‑context behavioral advertising or the sale of personal information, click “Do Not Sell or Share My Personal Information” in the footer or adjust settings in the Cookie pop up.
Global Privacy Control (GPC) Signal
Our Site honors GPC browser signals as a valid opt‑out request for that browser.
Children
The Site is intended for business professionals and is not directed to children under 13. We do not knowingly collect their personal information.
Information Security
We maintain administrative, technical, and physical safeguards—including AES‑256 encryption at rest and role‑based access controls—to protect data collected on the Site, consistent with SOC 2 Type II, HITRUST, and HIPAA standards.
International Transfers
The Site is hosted in the United States. If you access the Site from outside the U.S., you consent to the transfer and processing of your information in the U.S. under this Policy.
Links to Other Sites
Our Site may contain links to third‑party sites. We are not responsible for their privacy practices. Please review their policies.
Changes to This Policy
We may update this Policy periodically. When we do, we will revise the “Last updated” date and post the new version here. Material changes will be highlighted on the Site or emailed to registered users.
Contact Us
Verato, Inc.
1751 Pinnacle Drive, Suite 1700
McLean, VA 22102
Phone: (703) 650‑5155
Email: [email protected]
Last updated May 12, 2025