Privacy Policy

Veratad Technologies LLC (“Veratad”, “we”, “our” or “us”) is committed to protecting the privacy of those who entrust us with their personal information. Our clients and employees trust and expect that we will protect their personal information in accordance with the promises we make. “Personal information” means any information pertaining to an identified or identifiable individual and may include, for example, email addresses, contact details and any similar information provided to us in the course of our business operations. Personal information that is de-identified or anonymized is not considered personal information. This Privacy Policy details our commitment to your privacy.

Veratad provides various technology solutions to our clients focused on age verification, identity verification, fraud prevention and compliance. This Privacy Policy describes our privacy practices concerning information collected on our website, (the “Site”) and when you otherwise interact with us in connection with the services and products we provide to our clients (the “Client Services”).

We do not provide services directly to individual end users. Individual end users should contact the Veratad client using our Client Services and/or review their privacy policies for information on how that Veratad client uses their personal data. In this regard, we are a “data processor” or a “service provider” under applicable data protection laws. If you are an individual end user with questions about Veratad’s collection and use of biometric information or biometric identifiers through the Client Services, please see below the section titled “Biometric Information Retention Policy (Illinois Residents and Others)”.

By using our Client Services, visiting the Site, or otherwise interacting with us, you are accepting the practices described in this Privacy Policy. We recommend that our clients review this Privacy Policy periodically, as it may be updated from time-to-time.

What information does Veratad collect, and how is it used and shared?

For the 12-month period prior to the date of this Privacy Policy, we explain here what categories of personal information we may have collected, where we got it from, and with whom we may have shared it:

Category of Personal Information Collected


Purpose for Collection

Categories of Recipients

Contact information: such as name, address, email and phone number.

Site visitors, client contacts, including employees and representatives we work with provide this information when they visit the Site, call us, or otherwise interact with us.

To communicate with and respond to our clients about the work we do for them and deliver the Client Services to them and their customers, including validation of identity or to meet legal obligations.

We may share this information with select marketing or other service providers and partners.

Browsing information: such as your IP address, MAC address or other device identifier, the kind of browser or computer you use, pages and content that you visit on the Site, what you click on, the state and country from which you access the Site, date and time of your visit, and web pages you linked to our Site from.

Our Site and your interactions with the Site, including through the use of cookies and other tracking technologies explained further below.

To evaluate usage of the Site and improve performance and Client Services; to protect the security and integrity of the Site and our business, such as preventing fraud, hacking, and other criminal activity or to meet legal obligations.    

Our service providers who help us with fraud protection and Site analytics.

Recruitment and Job Application information: such as name, address, and phone number, or information on a resume or a curriculum vitae.

Site visitors or job applicants.

To consider you for an employment position or to respond to an employment inquiry. 

Our service providers who help us with employee matters or job fulfillment.

Payment information: name, card issuer and card type, credit or debit card number, expiration date, CVV code, and billing address. 

From our clients and their payment card issuers.

Authorizing of credit card and other financial transactions for our clients.

Our service providers who process payments for us—they are prohibited from using personal information for any other purposes and are contractually required to comply with all applicable laws and requirements, which includes the Payment Card Industry Data Security standards

Data through our technology platform: Pursuant to the contractual requirements with our clients and through the Client Services, we may collect information about individual end users including public and non-public records, images of government-issued IDs, selfies, and other personal information. Some of this information may be considered to be biometric identifiers or biometric information under applicable law. For more information, please see our Biometric information Retention Policy, below.

Through our client’s sharing of their end users’ data, devices and computers, pursuant to and as directed by our clients.  

Compliance with the contracts and related obligations of our clients, typically used to verify your identity and provide other services as directed by our clients as part of the Client Services. We and our third-party service providers and data partners may retain and use this data for legitimate interests (including retention of images for the improvement of our/ their technology or as part of our Client Services), public interest and/or substantial public interest especially for crime/fraud prevention.

With our clients, data partners and service providers subject to strict confidentiality obligations and other precautions intended to limit the volume and retention period for any personal information. This information will be subject to the privacy policies and practices of our clients, and you should consult with them before sharing your information with them through our technology products.

Veratad will only use personal information to the extent it is necessary to deliver the Site and as directed by our clients to deliver the Client Services or as stated in this Privacy Policy. In some jurisdictions, individuals may have the right to withdraw consent from certain uses where consent is relied-upon. If you reside in such jurisdictions, you may have additional rights that are detailed herein. In all cases, any service providers will be contractually limited in the way they may use personal information maintained by Veratad, including requirements that such information be maintained in a confidential and secure manner. In any case where Veratad could be considered as a data controller, it has direct obligations to use personal information in a lawful and transparent manner.

In Connection with Business Transfers: In the event that a division, a product or all of Veratad is bought, sold or otherwise transferred, or is in the process of a potential transaction, personal information will likely be shared for evaluation purposes and included among the transferred business assets, subject to client contractual requirements and applicable law.

To Comply with Laws: Veratad may also disclose specific personal information when such disclosure appears necessary to comply with applicable law, a subpoena in the course of managing a dispute, governmental inquiry or other litigation process. We may also disclose information to our accountants, auditors, agents, lawyers and other advisors in connection with the enforcement or protection of our legal rights or to protect the interests or safety of our clients, our clients’ customers or employees or others, in accordance with or as authorized by law.

For legitimate interests: Veratad may also use and share personal information for its legitimate interests or those of a third-party, such as our clients, where we reasonably consider that the processing is proportionate to the legitimate interest and privacy rights will not be adversely affected by those legitimate interests. This will include the use of personal information for marketing purposes, internal analysis, investigations, improvements of our products and services (including retention of images), protection of our network and systems, crime/fraud prevention (including retention and use of fraudulent information), administration, identifying public security threats or potential criminal acts or other misconduct and similar legitimate interests. Where required under applicable laws, we conduct a legitimate interests assessment. 

Veratad Personal or Confidential Information

If you choose to provide Veratad with personally-identifiable information–by sending us an e-mail message or by filling out an online form and submitting it to us through our Site, please be aware that we may use the information to improve our service to you, respond to your request, or send you relevant marketing information. Your message could be saved in an electronic database or forwarded, in print or as e-mail, to others within Veratad or its affiliated and subsidiary operations who may be better able to help you. Except as required by law, we do not share our e-mail with outside organizations.

Please note that e-mail is not secure from interception, so senders cannot expect privacy. This also applies to sending online forms, unless the form is secure. If you would rather not submit information via email, you may wish to send it by traditional mail or courier instead to the following address:

Veratad Technologies, LLC
500 Frank W. Burr Blvd
Teaneck, New Jersey 07666 

You may also call Veratad at 201-510-6000 and ask to be referred to someone who may be able to answer your questions and provide you with instructions on how to submit your information.

Parts of the Veratad Site may use cookies to improve your experience and to track transactions while you are online. A cookie contains information that is either stored in your computer’s memory, or in a file on your computer’s hard disk. Veratad Cookies stored in your computer’s memory are automatically removed when you quit your browser. Veratad Cookies stored in a file on your computer’s hard disk will have an expiration date after which time they will no longer be valid.

Children’s Privacy

Our Client Services and our Site are not directed toward children and we do not knowingly solicit or collect personal information online from children under the age of 13 (or such applicable higher age of consent) without prior verifiable parental consent. If Veratad learns that a child under the age of 13 (or such higher applicable age) has submitted personal information online without parental consent, we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law). If you become aware of any personal information we have collected from children under age 13 (or such higher applicable age), please contact us at:


Cross-border Transfer of Personal Information

In some cases, personal information that we process, including information from our clients and their employees and/or customers located in various countries, including in Canada, the European Economic Area, the UK and Switzerland or relative to queries or visitors to the Site may be transferred to the United States or other countries that may not have data privacy laws that provide equivalent protection as the countries where you reside. Veratad is certified under the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) and our full DPF Privacy Policy is available below.

EU-US Data Privacy Framework Policy:

Veratad Technologies, LLC (“Veratad”), complies with the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom (UK, including Gibraltar) and Switzerland to the United States. Veratad has certified to the Department of Commerce that it adheres to the Data Privacy Framework (DPF). If there is any conflict between the terms in this privacy policy and the DPF, the DPF Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit

With respect to personal data received or transferred pursuant to the EU-US and Swiss-US Frameworks, Veratad is subject to the regulatory enforcement powers of the US Federal Trade Commission. In certain situations, Veratad may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We acknowledge the right of EU, UK and Swiss individuals to access their personal data. Upon request, Veratad will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at

You may access, correct, or request deletion of your personal information processed or stored by Veratad by contacting us at We will respond to these requests within a reasonable time-frame.

We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal and audit obligations, resolve disputes and enforce our agreements.

We will also provide EU, UK or Swiss individuals with opt-out or opt-in choice before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.

To limit the use and disclosure of your personal information, please submit a written request to

In compliance with the EU-US and Swiss-US DPF Principles, Veratad commits to resolve complaints about your privacy and our collection or use of your personal information. European Union, United Kingdom or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Veratad at:


Veratad Technologies, LLC has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to an independent dispute resolution mechanism, DATA PRIVACY FRAMEWORK SERVICES, operated in the U.S by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint. This service is provided free of charge to you.


Veratad Processing of Personal Data

Veratad is responsible for the processing of personal data it receives and subsequently transfers to a third party acting as an agent on its behalf, under the Data Privacy Framework. These third parties include trusted and verified data providers, such as credit bureaus, government entities, mobile carrier’s as well as providers of identity document and biometric evaluation services, all for the purpose of verifying the age and identity of our client’s end users as provided in our Client Services. Veratad complies with the DPF Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions. In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-US and Swiss-US Data Privacy Framework, and the UK Extension to the EU-US DPF, Veratad is potentially liable unless we can prove we were not a party giving rise to the damages. In the course of providing our verification services, Veratad may receive the personal information of our client’s customers which is solely used by Veratad for the purposes of verifying age and/or identity. This personal information we receive may include name, address, date of birth, government issued ID, email address and phone number.

Veratad IS NOT an aggregator of sensitive personal data but rather accesses, on a transactional basis, billions public and non-public records provided to Veratad by trusted and verified third party data providers in order to deliver its verification services. Upon completion of a data verification transaction, other than for re-processing and reporting purposes, we do not store sensitive personal information which may be entered during our verification process.

Sharing Your Personal Data with Third Parties

Veratad may share your personal data with partners or third-party agents involved in delivering the Veratad services. These third-parties include trusted and verified data providers, such as credit bureaus, government entities, mobile carrier’s as well as providers of identity document and biometric evaluation services, all for the purpose of verifying the age and identity of our Client’s end users. We may also send your personal information to credit card processors in order to process a payment.

Biometric Information Retention Policy (Illinois Residents and Others)

This Biometric Information Retention Policy is provided pursuant to the Illinois Biometric Information Privacy Act (“BIPA”) and other applicable laws that govern the collection of biometric data. It also describes the purpose for which your biometric data may be collected, an applicable retention schedule, and guidelines for permanently destroying your biometric data.

Purpose of Collection. Veratad’s access to or collection of your Personal Information in connection with the Client Services, if any, may include biometric identifiers and/or biometric information (collectively, “biometric data”). Veratad does not interact directly with you with respect to collection of your biometric data. Through our clients and at their specific direction, Veratad may access, process, and store your biometric data for the purpose of verification services, fraud prevention, and/or long-term proof of inspection of your provided form of identification, on behalf of and as instructed by our clients. Where required by law, Veratad’s clients must obtain consent to collect or possess your biometric data. Veratad will not sell, lease, trade, or otherwise profit from your biometric data. 

(1) The Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq., the Business and Commerce Code of Texas,  on the Capture or Use of Biometric Identifiers, Tex.Bus.& Comm.Code § 503.001, the Washington Biometric Statute, Wash. Rev. Code § 19.375.010,  Quebec’s Bill 64 and Law 25, and other proposed and enacted legislation across domestic and foreign jurisdictions, regulate the collection, storage, use, and retention of “biometric identifiers” and “biometric information”. “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.

(2) Veratad, individually or through its service providers, may collect certain biometric identifiers and biometric information, namely face scan information (face geometry information ), during the identity verification process. Veratad collects and uses this information to verify your identity, prevent fraud, and provide authentication Services to our Clients on an ongoing basis.

(3) For Illinois residents, we will permanently destroy their biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individual’s last interaction with Veratad’s Clients, whichever occurs first.

(4) For Texas residents, we will permanently destroy their biometric identifiers the later of (1) one year after the purpose for collecting the identifier expires, or (2) one year after any recordkeeping obligations imposed by law in connection with the collection of the biometric identifier expires.

(5) For Washington residents, we will retain their biometric identifiers as long as reasonably necessary to provide the service for which the biometric identifier was enrolled, and will permanently destroy their biometric identifiers thereafter.

(6) For Quebec residents, we will permanently destroy their biometric identifiers once the purposes for which personal information was collected or used are achieved.

(7) For all other residents, we will permanently destroy their biometric identifiers once the purposes for which collecting or maintaining such information has been satisfied.

8) Except where prohibited by law, your biometric data is accessible only to us and our service providers, which process your data only on our behalf to provide the Services. We do not share biometric data with any other third parties. The Client on whose behalf Veratad processes your data may receive from us information about you, such as copies of the identification document and photo you provided us, and data indicating whether we were able to identify and authenticate your identity, but we do not disclose to Clients your biometric data.

9) By giving your consent prior to the verification or authentication process, and choosing to continue, you acknowledge and agree that you have read the relevant disclosures, and that you voluntarily consent to Veratad’s, or its service providers’, collection, storage, retention, use, and disclosure of your biometric data.

(10) Veratad does not sell, lease, trade or otherwise profit from the biometric data.


This Privacy Policy is subject to Veratad’s Terms of Service, including a binding individual arbitration provision and class action waiver. By giving your consent prior to the verification or authentication process, and choosing to continue, you thereby by agree to Veratad’s Terms of Service and the arbitration provision and class action waiver therein.

Changes to this Privacy Policy

We may update this Privacy Policy, and our Terms of Use, from time to time to reflect changes in our services or in applicable laws.

General Data Protection Regulation (GDPR)

When Veratad is processing your personal data, we do this for our Commercial Benefit and for the benefit of our customers.

When you visit our website as an individual, you may have certain rights under the GDPR regarding the use of your personal data, these are:

  • The right to object – you can object to Veratad processing your personal data at any time. Email to object.
  • The right to be forgotten – you can request that Veratad remove your personal data from our systems. Email to request removal.
  • The right to access your personal data – You have a right to know what personal data Veratad holds on you and for what purpose we are processing your personal data this is known as a Data Subject Access Request (DSAR). These requests must be made in writing by either email or letter with photographic identification to confirm your identity. You can send these requests to info@veratad.comor by mail to the address noted below. If Veratad is unable to comply with your request, Veratad will provide you with an explanation:

Thomas Canfarotta
Director of Client Quality Services
Veratad Technologies, LLC
500 Frank W. Burr Blvd Teaneck, NJ 07666
5th Floor Suite 14
Teaneck, New Jersey 07666

  • You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:, and for UK citizens here: If you need further assistance regarding your rights, please contact us using the contact information provided above and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

Veratad’s GDPR Role: Data Processor

Veratad does not believe ourselves to be the Data Controller for the products we offer because we do not determine the purposes for which, or the manner in which, personal data is processed. This is done by 2 parties: Veratad’s Data Partners and Veratad’s Customers.

Veratad does not have any overall control over the ‘why’ and the ‘how’ of a data processing activity. Veratad operates under the instructions of our Data Partner/Customer. Veratad’s Data Partners determine the purpose of processing in relation to the data they collect. The collection of the personal data at the point of capture and the legal basis for doing so is done by our Data Partner/Customer. Veratad’s Data Partner and Customer decide which items of personal data to collect, i.e. the content of the data. They both define the purpose or purposes for which the data will be used. Veratad has no power to influence the collection of personal data or the purpose of any immediate subsequent processing.

Veratad’s Data Partner/Customer decide which individuals to collect data about and whether to disclose the data, and if so, to whom. They decide on the information contained within the Fair Processing Notice that is provided to the individual.

If Veratad receives a subject access request (SAR) related to the services we provide, this is passed to the Data Controller (Data Partner or Customer) as we do not have full visibility at an individual level of the evidence in relation to data collection.

California Residents (Effective January 1, 2020)

If you are a California resident, you have rights under the California Consumer Privacy Act of 2018 (CCPA). While the Veratad Privacy Policy addresses the required disclosures about your Personal Information, this supplement to the Veratad Privacy Policy is an overview of the information required by the CCPA and provides instructions on how to exercise the rights granted by the CCPA.

Disclosures About Your Personal Information

As described in the Veratad Privacy Policy, to support your relationship with Veratad or your use of our products and services, we may have collected and disclosed, for a business purpose, information from the following categories in the last twelve months:

  • Information necessary to provide you with access to and use of our websites, products and services
  • Information necessary to respond to your request for information, order or support
  • Information about your use of Veratad Services
  • Business contact information of clients, prospects, partners and suppliers
  • Information about visitors to our sites and locations
  • Information collected for marketing and business intelligence

This includes Personal Information defined by the CCPA as:

  • Identifiers such as IP address and cookies
  • Personal information under the Customer Records provision of the California Civil Code such as your name, postal address, email address or payment information you provide to purchase an Veratad product or service
  • Commercial information related to purchases of Veratad products or services
  • Internet activity information relating to your interactions with Veratad websites
  • Audio, electronic and visual information such as visitors’ presence on security systems at Veratad offices
  • Professional information such as your employer name and job title
  • Inferences about your consumer preferences

Sources and Sharing of Personal Information

The Veratad Privacy Policy describes the types of sources from which we collect Personal Information and how we share your information with third parties. As explained, we may collect Personal Information directly from you, automatically from your device, from selected partners and/or from your employer. We may share information about you with our subsidiaries, suppliers and, where appropriate, with selected partners to help us provide you, or the company you work for, products or services, or to fulfill your requests, or with your consent.

Sale of Personal Information

When you use Veratad websites, Veratad’s authorized partners may collect cookies and similar technologies and use this data for their own purposes. This activity may qualify as a “sale” under the CCPA. You can make choices to allow or prevent such uses. Depending on your choices, during the past twelve months, we may have “sold” information within the following categories defined by the CCPA:

  • Identifiers like IP address and cookies
  • Internet activity information relating to your interactions with Veratad websites
  • Inferences about your consumer preferences

Know your Personal Information

You can request specific pieces of Personal Information, or information about the categories of Personal Information that Veratad holds about you by submitting a request through our webform here or by calling us (toll free) 888-510-7343.

You can request the deletion of the Personal Information that Veratad holds about you by submitting a request through our web form here or by calling us (toll free) 888-510-7343.

Opt-Out of the Sale of Personal Information

When you use Veratad websites, Veratad’s authorized partners may collect cookies and similar technologies and use this data for their own purposes. This activity may qualify as a “sale” under the CCPA. You can make choices to allow or prevent such uses. To opt-out of Veratad making information relating to cookies, and similar technologies, available to third parties for their own purposes, click here.

If you are accessing our websites while located outside of California, you can opt-out by going to “Cookie Settings” in the footer and setting your cookie preferences to “Required.”


If you choose to exercise any of these rights, we will not deny goods or services to you or provide different quality of services.

How to Contact Us

Questions about this Policy or about Veratad’s handling of your Personal Information may be submitted by email at

LAST UPDATE October 11, 2023

Start Verifying
Your Customers