Privacy Policy
Last updated
Thank you for choosing to be part of our community at Verda, ("Verda", "we", "us", or "our"). Your privacy is important, and we are committed to respecting it.
When you visit our website verda.com, and use our services, you entrust us with your personal information. As a European company, we take this trust especially seriously.
Contents
- Privacy Policy
- WHAT THIS POLICY COVERS
- INFORMATION WE COLLECT AND PROCESS
- WHY DO WE COLLECT AND USE YOUR INFORMATION?
- WHERE DO WE STORE YOUR DATA?
- KEEPING YOUR DATA SAFE
- YOUR PRIVACY RIGHTS
- DO WE SHARE YOUR INFORMATION WITH ANYONE?
- HOW LONG DO WE KEEP YOUR INFORMATION?
- DO WE COLLECT INFORMATION FROM CHILDREN?
- DO WE MAKE UPDATES TO THIS POLICY?
- CONTACT US AND HELP US IMPROVE
- DATA PROTECTION OFFICER
WHAT THIS POLICY COVERS
This Privacy Policy covers and explains how we collect, use, and safeguard your personal data when you:
- Visit our website verda.com
- Use our services
- Interact with our sales and marketing activities and/or events.
We refer to them collectively in this privacy policy as the " Sites".
Additionally, our use of cookies and similar tracking technologies is governed by our separate Cookie Policy, which provides detailed information about how we use cookies to enhance your browsing experience and collect usage data.
When you use our services as our customer and we process the data you provide on your behalf, such processing is governed by our Terms & Conditions, which integrates Data Processing Terms (DPA).
If you are applying for a role at Verda, please refer to our separate Recruitment Privacy Notice, which describes how we process candidate data throughout the hiring process.
INFORMATION WE COLLECT AND PROCESS
Personal information you share with us
We collect and use your personal information that you voluntarily provide when registering, using our services, engaging with our Sites, or contacting us. We act as the data controller for this information.
| Category | Description |
|---|---|
| Name and Contact Information | First and last name, email address, city, country, street address and phone number, and other similar contact details you provide when registering, contacting us, or participating in activities on our Sites. |
| Credentials | Passwords, password hints, and similar security information used for authentication and account access. |
| Payment Data | Data needed to process your payments, such as your payment instrument number (e.g., credit card number) and security code. Payment data (other than those with invoice-based payment) are processed by the third party vendor-Stripe, and therefore their privacy policy applies. We only get billing information and not your payment data. |
| Customer Support Interactions | Records of chats, messages, emails or communications with us when you reach out for support or assistance. For customer support chat we use a third party vendor-Crisp and therefore their privacy notice also applies. For email exchange we use Google Workspace and their privacy policy also applies. |
Information automatically collected
We automatically collect some technical information when you visit our Sites or use our Services. This data helps us ensure the security, stability, and reliable performance of our platform and Services.
| Category | Description |
|---|---|
| Device and Usage Information | IP address, browser and device characteristics, operating system, language preferences, device type, country, time zone, and information about how and when you use our Sites or Services. |
| Log and Performance Data | System logs, error reports, and usage metrics that help us maintain the reliability, security, and performance of our infrastructure. |
| Cookies and Similar Technologies | Like most services, we use cookies and similar tools to collect information about activity on our Sites. This helps us understand usage patterns, remember preferences, and improve your experience. You can manage your cookie preferences via cookie banner. Find more details in our Cookie Policy. |
Data you upload and process on our platform
When you use Verda services you may upload, connect, or generate data to run your workloads. You can control your data and what's included. We only act as a processor to ensure the service functions as intended.
| Category | Description |
|---|---|
| Customer-Uploaded and Processed Data | This covers any data that you choose to upload, store, or process via our service. Depending on what you do, this may also include legally acquired personal or sensitive information of third parties. We do not use this data for our own purposes. We only process it under your instructions so you can run your workloads across our services. The way this data is handled and measures we take to safeguard them is described in the Data Processing Terms, which are part of our Terms and Conditions. |
Marketing and Events Information We Collect and Process
When you participate in our marketing or events programs, we may collect and process the information that you choose to provide.
| Category | Description |
|---|---|
| Identity and Contact Information | First and last name, contact information, company, job title, LinkedIn information, and other similar details you provide when registering for events, contacting us, or participating in marketing activities. |
| Event Participation and Interaction Data | Information provided when signing up for or participating in events, including attendance details, session preferences, accessibility or logistical needs, dietary preferences, and records of your communications with us such as chats, messages, emails, or support requests. |
| Marketing Emails, Newsletters, and Materials | Content and materials you choose to receive or interact with when subscribing to marketing emails, newsletters, updates, or promotional materials. To manage these communications, we use HubSpot, and their privacy policy also applies. You may update your communication preferences at any time. |
| Feedback and Voluntary Contributions | Information you provide in surveys, reviews, testimonials, interviews, feature requests, case studies, or other feedback channels to help us understand your experience and improve our events, marketing, and services. |
| Photos, Videos, and Media Content | Photos, videos, or recordings captured during online or in person events, based on consent or legitimate interest. |
Information we might receive from other sources
In some cases, we receive information about you from trusted third parties, and only where we have a lawful basis to do so.
| Category | Description |
|---|---|
| Public and Partner Sources | We may obtain information from publicly available databases or from partners with whom we have a business relationship. This information is used to keep our records accurate, verify details, and support our business operations. |
| Social Media and Marketing Data | If you interact with us on social media platforms or participate in marketing campaigns, we may receive limited information (such as your public profile or stated interests). |
| Third-Party Integrations | If you choose to connect Verda services to a third-party application, service, or device, we may receive limited information from that provider. This information is collected only to make the integration possible and is processed based on your consent or to fulfill the service you requested. |
| Search and Referral Data | We may collect referral information (such as search results, referral URLs, or sponsored listings) to understand how users discover our Sites and Services. This helps us analyze reach and improve accessibility, in line with our legitimate business interests. |
WHY DO WE COLLECT AND USE YOUR INFORMATION?
We only collect and use your information where we have a valid legal basis. This may be to perform a contract with you, to pursue our legitimate interests, to comply with the law, or when you have given your consent. Each purpose for processing your data is linked to one of the following legal bases:
- Consent - processing you've explicitly agreed to, such as marketing or third-party integrations. You can withdraw your consent at any time.
- Contract - processing needed to deliver the services you signed up for, like setting up your account, giving you access to our service, or handling billing.
- Compliance with Legal Duties - when laws or regulations require us to process data, for example for tax, security, or to respond to lawful requests.
- Legitimate Interests - when it's necessary for us to run, secure, and improve Verda, as long as this doesn't override your rights.
Purposes and Legal Basis for Your Data Processing
| Purpose | What this means | Legal Basis |
|---|---|---|
| Account setup and management | Create and manage your account, including login, authentication, and linked third-party accounts (e.g., GitHub). | Performance of a Contract / Consent (for linked accounts) |
| Service delivery and operations | Provide cloud, dedicated servers, managed clusters, and other services you request. This includes processing workloads, managing deployments, and ensuring reliable performance. | Performance of a Contract |
| Payments and order management | Process subscriptions, payments, billing, and related administration. | Performance of a Contract / Compliance with Legal Obligations |
| Customer support | Respond to support requests, technical issues, and questions about your use of our services. | Performance of a Contract / Legitimate Interest/Consent |
| Service communications | Send administrative messages such as service updates, security notices, or changes to terms and policies. | Legitimate Interest / Compliance with Legal Obligations/Contractual |
| Marketing and promotions | Send newsletters, updates, or promotional content (only according to your preferences). You can opt out at any time. | Consent |
| Testimonials | Publish testimonials on our Sites, only after asking your permission. | Consent |
| Feedback and surveys | Ask for your input to improve our services. | Legitimate Interest |
| Security and fraud prevention | Monitor, detect, and prevent fraudulent or malicious activity. | Legitimate Interest / Compliance with Legal Obligations |
| Legal compliance | Respond to legal requests (e.g., subpoenas), enforce our Terms and Conditions, and comply with regulatory obligations. | Compliance with Legal Obligations/ Legitimate Interest |
| User-to-user communication | Enable interactions between users where applicable. (e.g, via Discord and forum) | Consent |
| Analytics and improvements | Analyze usage trends, measure performance, and improve infrastructure, services, and marketing effectiveness. | Legitimate Interest/Consent |
WHERE DO WE STORE YOUR DATA?
Our main cloud infrastructure activities, including data you upload and process into our cloud services, remain within the EEA.
We use third party vendors/sub-processors for some support services, such as support chat via Crisp, Payments via Stripe, and so forth. These sub-processors may process data outside of the EEA but under appropriate Data Processing Agreements and GDPR-based mechanisms.
To maintain full transparency, all of our sub-processors, where they store data, and the specific purposes for which data may be transferred to them are listed on our Trust Center page.
KEEPING YOUR DATA SAFE
In short: We take privacy and security seriously. We try our best to protect your data through certified safeguards, GDPR compliance, and we also encourage you as a user, to take measures to protect your data on your end.
We strive to protect your personal data with a combination of organizational, technical, and administrative measures designed to prevent unauthorized access, misuse, or loss. Our infrastructure and practices are certified under ISO 27001, and we are fully committed to GDPR compliance. This includes measures such as:
- Encryption of data in transit (TLS/SSH);
- Access controls: Only authorized staff with a specific and justified as needed reason can access user uploaded data, and only when the user allows it, such as when the data is not encrypted or when the user allows us to perform support tasks.
- Monitoring: systems are monitored for suspicious activity and intrusions.
- Training: Our staff receive annual GDPR and security training.
- Testing & audits: we carry out regular reviews, risk assessments, and third party audits.
- Incident response: if something goes wrong, we act fast, notify where required, and mitigate risks.
More information on technical and security measures we apply when you use our services are detailed in our Terms and Conditions, as well as our Trust Center, where we share live information about our security and privacy controls, our security/privacy certifications and third party audits.
Keeping data safe requires effort on both sides. While we maintain infrastructure protections, you are required as the user to maintain your own data protections within our services. We ask that you follow the responsibilities/guidelines in our Terms and Conditions and Shared Responsibility Model, such as using strong passwords, not sharing your credentials, and taking reasonable precautions to keep your account and data secure. Although we will do our best to protect your personal information (e.g., TLS-encryption on website traffic), transmission of personal information to and from our Sites is at your own risk.
YOUR PRIVACY RIGHTS
In short: If you are in the European Economic Area (EEA) or other regions with similar data protection laws (e.g. UK GDPR, CCPA in California) you have specific rights regarding your personal data. As a European company we comply with the General Data Protection Regulation (GDPR), which provides comprehensive privacy responsibilities and rights. These rights give you more control over how your information is used. You can exercise these rights by adjusting your settings in your account or contacting us at Privacy [at] verda.com.
| GDPR Right | What this means for you |
|---|---|
| Right to be informed | Receive clear information about how your data is collected, used, and shared. |
| Right of access | You can request details of the information linked to your account and service use. Manage your data from your account or contact us. |
| Right to rectification | Correct inaccurate or incomplete data. Update your account details directly or contact us for changes. |
| Right to erasure ("right to be forgotten") | You can ask us to delete your account and related personal data. Upon your request to terminate your account, we will deactivate or delete your account and information from our databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with legal requirements. |
| Right to restriction of processing | Limit how we use your data in specific cases. |
| Right to data portability | Any data you upload stays fully under your control. You put it in, and you can take it out. |
| Right to object | Object to processing based on legitimate interests or for marketing purposes. |
| Withdrawing your consent | If we are collecting your data based on your consent, you can withdraw it at any time, through controlling your consent via a relevant platform or directly contacting us. For instance, you can directly unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us. You can manage cookies through our cookie banner and your browser settings. Some features may not function properly without them. See our Cookie Policy for details. |
| Rights regarding automated decision-making and profiling | This right protects you from decisions made solely by machines that could have legal or significant effects. We do not use automated decision-making or profiling of this kind. |
| Right to file a complaint | File a complaint with your local data protection authority if you believe your rights are violated. You can find their contact details here. |
Processing on your behalf: When we process data that you upload or run on our platform, your rights in relation to that data are also governed by our Data Processing Terms, which form part of our Terms and Conditions.
DO WE SHARE YOUR INFORMATION WITH ANYONE?
In short: We might share your data with our sub-processors when strictly necessary to deliver our services (e.g. for payment processing), and they must follow the same privacy and security standards that we do. We may also disclose data when strictly required by law. We never sell your personal data to third parties.
Government requests
We believe your data belongs to you. If we ever receive a lawful request for your information, for example, from a court or government authority, we will only comply where strictly legally required. And if that request concerns your data, we'll let you know right away, unless the law prevents us from doing so. At this time, we have not received any requests of such types.
We commit to publishing an annual disclosure statistic of any government or law-enforcement requests we receive.
Disclosure Statistics (as of December 1, 2025)
| Type of Request | Number Received | Notes |
|---|---|---|
| Subpoenas | 0 | No requests received |
| Court Orders | 0 | No requests received |
| National Security / Classified Requests | 0 | No requests received |
| Other Governmental Requests | 0 | No requests received |
Sub-Processors
Sub-processors are our carefully chosen partners (for example, hosting, monitoring, or analytics, payment processing providers) who help us run our services. We check their security and privacy measures before trusting them with your data and they have contractual obligations to protect it.
We maintain a live, up-to-date list of all sub-processors, their locations, and the purposes they serve in our Trust Center. We from time to time might change our sub-processors. Our Data Processing Terms detail how we inform you about these updates and your rights when you do not agree with these changes.
HOW LONG DO WE KEEP YOUR INFORMATION?
In short: We keep your data only for as long as it's genuinely needed, no longer. Once it has served its purpose, it's deleted or anonymized. You're always in control and can request deletion or a copy of your data at any time.
We apply the principle of data minimization under, this shortly means:
- Your data is kept only for the purposes it was collected for.
- Retention periods are transparent and regularly reviewed.
- When data is no longer needed, we make sure it's safely removed.
| Category | How long we keep it | Why we keep it |
|---|---|---|
| Account Information (name, contact details, login info) | Until you delete your account + up to 30 days (for backup) | To ensure your continuously can enjoy our services. Inactive accounts are automatically flagged after 2 years and we may send reminders over 3 months, for you to manage your account or download your data or delete it. |
| Billing & Payment Data | Minimum 6 years (as required by Finnish/EU law) | To meet tax, accounting, and legal obligations. |
| Customer Support Records | as long as it is needed to provide service | To resolve issues and improve the quality of our support. |
| Usage Data (infrastructure logs, job activity) | Typically up to 12 months | To keep our platform fast, reliable, and secure. Certain logs may be stored longer if needed for security. |
| Customer-Uploaded and Processed Data (datasets, models, logs) | Until you delete it or close your account | You're in full control. Data is removed from our systems within 96 hours once it is deleted. |
| Legal & Compliance Data | As long as required by law | For example, in case of investigations, audits, or court requirements. |
| Marketing Preferences | Until you opt out or delete your account; Or until we no longer have lawful basis to use your data. | You can change your preferences or unsubscribe at any time. |
| Cookies & Similar Technologies | cookies can last from session-only up to between 1 day and 2 years. (depending on the cookie type) | You can manage or delete cookies at any time via our cookie banner or your browser settings. See our Cookie Policy. |
DO WE COLLECT INFORMATION FROM CHILDREN?
In short: No, our services are designed for adults. We don't knowingly collect or market to anyone under 18.
Our services are intended for users 18 and older. By signing up to our services, you confirm that you meet this requirement.
If we discover that we've collected personal data from someone under 18, we will take necessary steps to delete their data, including deactivating the account.
If you believe we have collected minor's data, please contact us at at privacy [at] verda.com. so we can take action.
DO WE MAKE UPDATES TO THIS POLICY?
In short: We update this policy to stay compliant, protect your trust, and strive for the best standards in our industry.
We regularly review and update our Privacy Policy to make sure it not only meets legal requirements but also reflects our commitment to your privacy and industry best practices.
If we make important changes, we will always let you know in a clear and timely way. Depending on the circumstances and legal requirements this may include a prominent notice in our platform, an email, or another direct notification.
The latest version of the policy will always be available on our website with the updated "Revised" date. By checking in occasionally, you can see how we continue to keep your data safe and respect your privacy.
We also want to be transparent about the updates we make, so you can access the previous versions of our Privacy Policy in our Archive.
CONTACT US AND HELP US IMPROVE
We invest in strong technical and organizational safeguards and keep improving our practices. Because no control is perfect, we cannot guarantee absolute protection or cover every question in one document. If anything is unclear, or you have some recommendations for us to improve we want to hear from you.
Questions, requests, or suggestions at privacy [at] Verda.com
DATA PROTECTION OFFICER
We have appointed an independent Data Protection Officer (DPO). You can contact our DPO directly with any request, recommendation, or concern about this Privacy Policy, our data collection, or our data use.
Data Protection Officer (DPO): GDPR local Adam Brogden Privacy [at] verda.com