Version: 3.0

Effective Date: 20th September 2023

Last Updated: 13th May 2025

Document Owner: Data Protection Officer

Review Frequency: Annual

1. Introduction

Welcome to Veriom's integrated infrastructure monitoring and security platform ("the Platform" or "Services"). At Veriom, we are committed to protecting your privacy and handling your personal data responsibly and transparently.

This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you use our Services, including our infrastructure monitoring platform, security compliance tools, and managed services. This applies to all users and individuals whose data may be processed through our customer system integrations.

Who We Are:

Veriom provides comprehensive infrastructure monitoring, security assessment, and compliance management services to organisations through read-only API integrations with customer code repositories, cloud environments, SaaS applications, and security tools.

Data Controller and Processor Roles:

• Data Controller: When processing data for our own business purposes (customer accounts, billing, platform usage)
• Data Processor: When processing personal data within customer systems on behalf of our customers according to their instructions

Regulatory Compliance:

We comply with applicable data protection laws including GDPR, UK GDPR, CCPA, and sector-specific regulations where applicable (HIPAA, DORA, SOX).

2. Information We Collect

2.1 Information You Provide

We may collect information you provide directly to us, including but not limited to:

• Contact information: Name, email address, phone number, job title