Privacy Policy

Our Commitment to Privacy

At VeriBits, operated by After Dark Systems, LLC, we are committed to protecting your privacy and providing transparency about how we collect, use, and safeguard your information. This Privacy Policy explains our data practices for all VeriBits services including veribits.com, www.veribits.com, and api.veribits.com.

Important: VeriBits is a public verification platform that provides file validation, cryptographic analysis, and security tools. While we process files and data you submit, our services are designed to analyze public information and provide verification results based on publicly available data and algorithms.

1. Information We Collect

1.1 Account Information

When you create a VeriBits account, we collect:

• Email address (required)
• Username (optional)
• Password (encrypted and hashed)
• Account creation date and last login time
• Subscription tier and payment information (via third-party processors)

1.2 Files & Analysis Data

When you use our verification services, we temporarily process:

• Files uploaded for analysis (stored temporarily for up to 24 hours)
• File metadata (name, size, type, hash values)
• Analysis results and verification reports
• Public keys, certificates, and signatures submitted for validation
• Text and data inputs to our analysis tools

Retention: Uploaded files are automatically deleted within 24 hours. Paid subscribers may have access to historical scan results (metadata only, not original files) for up to 90 days.

1.3 Usage & Analytics Data

• IP addresses and geolocation data
• Browser type, operating system, and device information
• Pages visited, features used, and time spent on our platform
• API usage statistics and rate limiting data
• Error logs and diagnostic information

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Service Delivery

• Processing file verification and cryptographic analysis requests
• Generating verification reports and security analysis results
• Providing access to historical scan data for paid subscribers
• Delivering API access and CLI functionality

2.2 Account Management

• Managing user accounts and authentication
• Processing subscriptions and billing
• Enforcing usage limits and rate limiting
• Sending account-related notifications and service updates

2.3 Platform Improvement

• Analyzing usage patterns to improve our tools and services
• Debugging technical issues and optimizing performance
• Developing new features based on user needs
• Conducting security research and threat detection

2.4 Security & Compliance

• Detecting and preventing fraud, abuse, and security threats
• Enforcing our Terms of Service
• Complying with legal obligations and responding to lawful requests
• Protecting the rights and safety of our users and the public

3. Public Nature of Verification Services

Important Notice: VeriBits is designed as a public verification platform. By using our services, you acknowledge that:

• Public Data Processing: Our analysis tools work with publicly available information, including public keys, certificates, DNS records, and file signatures that are often publicly accessible
• Verification Results: Hash values, file signatures, and validation results generated by our platform may be used to build public databases of known files and signatures
• Aggregate Statistics: We may publish aggregate, anonymized statistics about file types analyzed, threats detected, and verification patterns
• Security Research: Anonymized analysis data may be used for security research and improving detection algorithms

Your Responsibility: Do not upload sensitive, confidential, or personally identifiable information unless you understand it will be processed and analyzed. We are not responsible for information you choose to make public or submit to our platform.

4. Information Sharing & Disclosure

We do not sell your personal information. We may share information in the following circumstances:

4.1 Service Providers

We use trusted third-party service providers for:

• Cloud hosting and infrastructure (AWS)
• Payment processing (Stripe, PayPal)
• Email delivery services
• Analytics and monitoring tools

4.2 Legal Requirements

We may disclose information when required by law or in response to:

• Valid legal processes (subpoenas, court orders, warrants)
• Government or regulatory investigations
• Enforcement of our Terms of Service
• Protection of our rights, property, or safety, or that of our users or the public

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website of any such change.

4.4 Security Research Community

We may share anonymized threat intelligence, file signatures, and malware indicators with the security research community to improve collective cybersecurity defenses.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmission uses TLS/SSL encryption
• Password Security: Passwords are hashed using bcrypt with salt
• Infrastructure Security: AWS security best practices, isolated processing environments
• Access Controls: Role-based access control and principle of least privilege
• Monitoring: 24/7 security monitoring and incident response procedures
• Automatic Deletion: Uploaded files automatically deleted within 24 hours

No Guarantee: While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

6.1 Access & Portability

You have the right to request a copy of your personal information in a structured, machine-readable format.

6.2 Correction

You can update your account information at any time through your account settings.

6.3 Deletion

You may request deletion of your account and personal information. Note that we may retain certain information as required by law or for legitimate business purposes.

6.4 Opt-Out

You can opt out of marketing communications at any time via the unsubscribe link in emails or through your account settings.

6.5 Complaints

If you have concerns about our privacy practices, you may contact us at privacy@veribits.com or file a complaint with your local data protection authority.

7. Cookies & Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: Help us understand how users interact with our platform
• Preference Cookies: Remember your settings and preferences
• Security Cookies: Detect and prevent security threats

You can control cookies through your browser settings. Note that disabling cookies may limit functionality.

Do Not Track: We do not respond to Do Not Track (DNT) signals at this time.

8. Children's Privacy

VeriBits is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us at privacy@veribits.com, and we will take steps to delete such information.

9. International Data Transfers

VeriBits is operated in the United States. If you access our services from outside the United States, your information will be transferred to, stored, and processed in the United States.

The United States may have data protection laws that differ from those in your country. By using our services, you consent to the transfer of your information to the United States.

We implement appropriate safeguards to protect your information in accordance with this Privacy Policy and applicable laws.

10. Data Retention

We retain different types of information for varying periods:

• Uploaded Files: Automatically deleted within 24 hours
• Scan Results: Retained for 90 days for paid subscribers, 30 days for free users
• Account Information: Retained while your account is active plus 30 days after deletion
• Transaction Records: Retained for 7 years for tax and accounting purposes
• Logs & Analytics: Retained for 90 days, then aggregated or deleted

We may retain certain information longer when required by law or for legitimate business purposes such as fraud prevention or security investigations.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by us
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising CCPA rights

To exercise these rights, contact us at privacy@veribits.com with "CCPA Request" in the subject line.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

Legal Basis: We process your information based on:

• Contract performance (providing services you requested)
• Legitimate interests (improving our services, fraud prevention, security)
• Legal obligations (compliance with laws and regulations)
• Consent (where explicitly provided)

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of material changes by:

• Posting the updated policy with a new "Last Updated" date
• Sending email notification to registered users
• Displaying a prominent notice on our website

Your continued use of VeriBits after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy Email: privacy@veribits.com
• General Support: support.veribits.com
• Legal Inquiries: legal@veribits.com
• Mailing Address:
• After Dark Systems, LLC
• Attn: Privacy Officer

Data Protection Officer: For GDPR-related inquiries, you may contact our Data Protection Officer at dpo@veribits.com