Privacy Policy, Cookie Policy, and Terms of Service for the Veris compliance platform. Operated by Fluxa Ventures LLC.
How we collect, use, share, and protect personal data across the Veris platform.
Summary. Fluxa Ventures operates Veris, a compliance platform for stablecoin issuers. We collect information you provide directly, technical usage data, and transaction data you submit for compliance analysis. We do not sell your personal data. EU and UK users have full GDPR rights including access, deletion, and portability. California users have CCPA rights. Contact us at legal@fluxa.ventures.
Veris is an AI-native financial compliance platform developed and operated by Fluxa Ventures LLC ("Fluxa Ventures", "we", "us", "our"), a limited liability company registered in the United States. Fluxa Ventures LLC acts as the data controller for personal data collected through useveris.finance and all related services (the "Service").
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have in relation to it. It applies to all visitors, registered users, and customers of the Service globally, with jurisdiction-specific supplements where required by law.
2.1 Data you provide directly
2.2 Data we collect automatically
2.3 Data from third parties
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Providing and operating the Service | Account data, compliance content, usage data | Contract performance (Art. 6(1)(b)) |
| Processing compliance transactions (screening, triage, SAR) | Compliance content, blockchain data | Contract performance; Legal obligation (Art. 6(1)(b)(c)) |
| Account authentication and security | Account data, device data, log data | Legitimate interest (Art. 6(1)(f)) |
| Sending product updates, security alerts, and service notices | Email address, account data | Contract performance; Legitimate interest |
| Marketing and promotional communications | Email address, account data | Consent (Art. 6(1)(a)) or Legitimate interest (B2B, where permitted) |
| Product analytics and improvement | Usage data, device data | Legitimate interest (Art. 6(1)(f)) |
| Fraud prevention and abuse detection | Usage data, log data, device data | Legitimate interest; Legal obligation |
| Compliance with legal obligations | All categories as required | Legal obligation (Art. 6(1)(c)) |
For individuals in the European Economic Area (EEA) and the United Kingdom, we rely on the following legal bases under the General Data Protection Regulation (GDPR) and UK GDPR:
We do not sell your personal data. We share data only in the following circumstances:
5.1 Service providers (processors)
We engage third-party providers who process personal data strictly on our behalf under written Data Processing Agreements (DPAs) that comply with GDPR Article 28. Categories include: cloud infrastructure (hosting, storage), analytics tools, payment processors, customer support platforms, and AI model APIs. All processors are contractually prohibited from using your data for any purpose other than providing services to us.
5.2 Legal and regulatory requirements
We may disclose personal data when required by law, court order, regulatory authority, or law enforcement request. Where legally permissible, we will notify affected users of such requests before disclosure.
5.3 Business transfers
In the event of a merger, acquisition, restructuring, or sale of all or part of our assets, personal data may be transferred to the successor entity, subject to the same protections described in this Policy. We will notify users in advance of any material change in data controller identity.
5.4 With your consent
We may share your data with third parties in other circumstances where you have given us specific, explicit consent.
Fluxa Ventures operates infrastructure in the United States. Certain service providers may process data in other jurisdictions, including the European Economic Area (EEA) and the United Kingdom. Where such transfers occur, we ensure appropriate safeguards are in place, including:
For transfers to the United Kingdom, we use the UK International Data Transfer Addendum where applicable. You may request a copy of the relevant transfer mechanism by contacting us at legal@fluxa.ventures.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account data | Duration of contract + 3 years | Contract; Legitimate interest |
| Compliance content (transaction records, SARs, case files) | 5 years from filing date | BSA/FinCEN 31 C.F.R. § 1020.320; FATF Recommendation 11; MiCA Article 72 |
| AI audit logs | 5 years | Regulatory requirement; SR 11-7 model governance |
| Marketing contact data | Until opt-out or 3 years of inactivity | Consent; Legitimate interest |
| Server and access logs | 12 months | Security; Legitimate interest |
| Cookie and analytics data | As specified in Cookie Policy | Consent; Legitimate interest |
Financial crime compliance records (SAR filings, screening records, transaction monitoring alerts) are subject to mandatory minimum retention periods under applicable AML/CFT regulation. These records may not be deleted upon request where retention is legally required.
8.1 Rights under GDPR (EEA and UK)
If you are located in the EEA or UK, you have the following rights:
We will respond to requests within 30 days, extendable by a further 60 days for complex requests with notice. If you are unsatisfied with our response, you have the right to lodge a complaint with your national supervisory authority in the EEA or UK.
8.2 Rights under CCPA / CPRA (California)
If you are a California resident, you have the following rights:
We acknowledge California consumer rights requests within 10 business days and respond substantively within 45 calendar days. Requests may be submitted to legal@fluxa.ventures.
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We will notify the competent supervisory authority within 72 hours of becoming aware of the breach, where required under GDPR Article 33.
The Service is directed exclusively at business users and is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. Contact us at legal@fluxa.ventures if you believe we have collected data from a minor.
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. Material changes will be communicated by email to registered users and by a prominent notice on this page at least 14 days before the change takes effect. The "Effective date" at the top of this page indicates when the current version was last revised. Continued use of the Service after the effective date constitutes acceptance of the revised policy.
Privacy Inquiries and Data Subject Requests
Fluxa Ventures LLC
Attn: Data Protection
Email: legal@fluxa.ventures
For data subject requests (access, deletion, portability): please include your full name, email address associated with your account, and a description of your request. We may request additional information to verify your identity before processing the request.
This Privacy Policy does not constitute legal advice. The compliance content you submit to Veris for AML screening and SAR filing is processed by us as a data processor under your instructions and subject to the Data Processing Addendum in your service agreement.
Cookies, similar technologies, and your consent choices on useveris.finance.
Summary. We use strictly necessary cookies to operate the Service and, with your consent, optional analytics and preference cookies to improve your experience. We never use advertising cookies and do not share cookie data with advertising networks. You can manage your cookie preferences at any time.
Cookies are small text files placed on your device by a website when you visit it. They allow the website to recognize your browser and remember information about your visit, such as your login state or language preference. Similar technologies include local storage, session storage, pixel tags, and fingerprinting; this policy covers all such technologies unless stated otherwise.
This Cookie Policy forms part of our Privacy Policy and should be read together with it. By using useveris.finance, you consent to cookies as described in this policy, except for strictly necessary cookies which do not require consent.
Strictly Necessary Cookies. Required for the website and Service to function. These cookies enable core functionality such as session management, authentication, security tokens, and load balancing. The Service cannot be provided without them. These cookies do not store any personally identifiable information beyond what is required for the session. Examples: session token, CSRF protection token, authentication state.
Preference Cookies. Remember your choices to personalize your experience, such as your preferred language, cookie consent decision, interface theme, and display settings. Without these cookies, you may need to re-enter preferences on each visit. Examples: language preference, cookie consent record, UI state.
Analytics Cookies. Help us understand how visitors use the website and Service. Data collected is aggregated and anonymized: we analyze page views, feature usage, session flows, and performance metrics to improve the product. We do not use analytics data to build individual user profiles for advertising. Examples: page view events, feature interaction events, session duration. Processed by our analytics provider under a data processing agreement with IP anonymization enabled.
Advertising Cookies. We do not use advertising or targeting cookies. We do not share your data with advertising networks, ad exchanges, or retargeting platforms.
Some cookies are set by third-party service providers we use to operate the Service. These providers are contractually restricted from using cookie data for any purpose other than providing services to us. We require all third-party providers to implement appropriate technical measures including IP anonymization where applicable.
| Provider | Purpose | Category | Data Location |
|---|---|---|---|
| First-party (Fluxa Ventures) | Session management, authentication, security | Strictly Necessary | EEA |
| Analytics provider | Aggregated usage analytics (IP anonymized) | Analytics | EEA / adequacy mechanism |
| Error monitoring provider | Application error tracking and performance | Strictly Necessary | EEA / SCC |
We review our third-party cookie providers at least annually and update this policy when providers change. We do not use Google Analytics, Meta Pixel, or LinkedIn Insight Tag on useveris.finance.
4.1 Cookie banner
When you first visit useveris.finance, a cookie consent banner allows you to accept all optional cookies, reject optional cookies (keeping only strictly necessary cookies), or customize your preferences by category. Your consent decision is stored as a first-party preference cookie valid for 12 months. You may change your preferences at any time using the cookie settings link in the footer.
4.2 Browser controls
You can instruct your browser to refuse all cookies or to alert you when cookies are being sent. Note that disabling strictly necessary cookies will prevent the Service from functioning correctly. Instructions for managing cookies in common browsers:
4.3 Do Not Track
Some browsers transmit a "Do Not Track" (DNT) signal. We honor DNT signals by disabling all optional analytics and preference cookies for sessions where DNT is enabled.
4.4 EU and UK residents
Under the EU ePrivacy Directive (Directive 2002/58/EC, as implemented in member state law) and the UK Privacy and Electronic Communications Regulations (PECR), we obtain your consent before setting non-essential cookies. Your consent is freely given, specific, informed, and unambiguous. You may withdraw consent at any time by updating your cookie preferences via the cookie settings link in the page footer.
| Cookie Name / Category | Type | Lifetime | Purpose |
|---|---|---|---|
| Session token | Session | Until browser close | Authentication |
| CSRF token | Session | Until browser close | Security |
| Cookie consent record | Persistent | 12 months | Stores your consent decision |
| UI preference | Persistent | 12 months | Remembers interface settings |
| Analytics session | Persistent | Up to 13 months | Aggregated usage analysis |
| Error tracking | Session | Until browser close | Application stability monitoring |
We may update this Cookie Policy to reflect changes in the cookies we use, our service providers, or applicable law. Material changes, including introduction of new optional cookie categories, will be communicated via the cookie consent banner and by email to registered users. The "Effective date" at the top of this page reflects the date of the most recent revision.
Cookie and Privacy Inquiries
Fluxa Ventures LLC
Email: legal@fluxa.ventures
Please use the subject line "Cookie Policy Inquiry" for cookie-related questions.
Binding agreement governing access to and use of the Veris compliance platform.
Summary. These Terms govern your use of the Veris compliance platform. Veris is a software tool only: it does not file SARs on your behalf, does not constitute legal advice, and does not substitute for your own compliance program obligations. You are responsible for your regulatory filings. We provide the infrastructure; you remain the regulated entity.
These Terms of Service ("Terms") constitute a legally binding agreement between Fluxa Ventures LLC (or the applicable Fluxa Ventures entity set out in your Order Form; "Fluxa Ventures", "we", "us") and the entity or individual accessing or using the Veris platform ("Customer", "you").
By accessing useveris.finance or executing an Order Form that references these Terms, you represent that (a) you have authority to bind the Customer entity to these Terms, and (b) you have read, understood, and agree to be bound by them.
These Terms apply to all plans including free trials, beta access, and paid subscriptions. Where a separately executed Master Services Agreement or Enterprise Agreement exists between the parties, that agreement governs and these Terms apply only to the extent not inconsistent with it.
2.1 Account registration. To use the Service, you must register for an account and provide accurate, current, and complete information. You are responsible for maintaining the confidentiality of your credentials and for all activity occurring under your account. You must notify us immediately at legal@fluxa.ventures if you suspect unauthorized access to your account.
2.2 Authorized users. You may grant access to the Service to individual users within your organization ("Authorized Users") up to the number permitted by your subscription plan. Each Authorized User must accept these Terms before accessing the Service. You are responsible for ensuring your Authorized Users comply with these Terms and for any actions they take within the Service.
2.3 Eligibility. The Service is available only to businesses and individuals operating in compliance with applicable law. By accessing the Service, you represent that you are not located in a jurisdiction subject to comprehensive OFAC sanctions, that you are not on any government sanctions list, and that your use of the Service complies with all applicable laws and regulations.
3.1 Permitted use. You may use the Service solely for your internal business compliance purposes in accordance with the documentation, these Terms, and applicable law. The Service is designed to support AML/CFT compliance programs for stablecoin issuers and virtual asset service providers (VASPs).
3.2 Prohibited conduct. You must not, and must not permit Authorized Users or third parties to:
4.1 Our intellectual property. Fluxa Ventures retains all right, title, and interest in and to the Service, including all software, AI models, algorithms, documentation, and derivative works thereof. These Terms grant you a limited, non-exclusive, non-transferable, revocable license to access and use the Service during the subscription term for your permitted internal purposes only. No other rights are granted.
4.2 Customer intellectual property. You retain all right, title, and interest in and to your Customer Data (defined in Section 5). You grant us a limited, non-exclusive license to process Customer Data solely to provide and improve the Service, as described in our Privacy Policy and any applicable Data Processing Addendum.
4.3 Feedback. If you provide feedback, suggestions, or ideas about the Service, you grant us a perpetual, irrevocable, royalty-free license to use and incorporate that feedback without restriction or compensation.
5.1 Your responsibility. "Customer Data" means all data, content, and information you or your Authorized Users submit to or generate within the Service, including transaction records, wallet addresses, alerts, case files, and SAR draft narratives. You are solely responsible for the accuracy, legality, and completeness of Customer Data and for ensuring you have all rights necessary to submit it.
5.2 Our obligations as data processor. To the extent Customer Data includes personal data subject to GDPR or other data protection law, we process it as a data processor acting on your instructions. A Data Processing Addendum (DPA) is incorporated by reference into these Terms for all customers subject to GDPR. The DPA is available at legal@fluxa.ventures upon request.
5.3 Compliance responsibility. Veris is a software tool. It does not file Suspicious Activity Reports (SARs), Currency Transaction Reports (CTRs), or any regulatory submissions on your behalf. All compliance obligations, regulatory filings, and responsibilities under applicable AML/CFT law remain with you as the regulated entity. AI-generated analysis and recommendations are provided for informational purposes and must be reviewed by a qualified compliance professional before any regulatory action.
Each party may disclose to the other confidential business, technical, or financial information ("Confidential Information"). Each party agrees to: (a) keep Confidential Information strictly confidential using at least the same care as it uses to protect its own confidential information (but no less than reasonable care); (b) use Confidential Information only for the purpose of performing obligations or exercising rights under these Terms; and (c) not disclose Confidential Information to any person other than employees or contractors who need to know it and are bound by obligations at least as protective as these Terms.
Confidentiality obligations do not apply to information that: (a) becomes publicly known through no breach by the receiving party; (b) was known to the receiving party before disclosure; (c) is independently developed without use of Confidential Information; or (d) is required to be disclosed by law, regulation, or court order (with prior notice to the disclosing party where legally permissible).
7.1 Subscription fees. You agree to pay the fees set out in your Order Form or subscription plan. Fees are quoted in US Dollars unless otherwise specified and are non-refundable except as required by applicable law or as expressly stated in these Terms. All fees are exclusive of applicable taxes.
7.2 Billing. Subscriptions are billed in advance on a monthly or annual basis as selected at checkout. We use a third-party payment processor to handle billing; by providing payment information you authorize recurring charges for the subscription period.
7.3 Late payment. Overdue fees accrue interest at the rate of 1.5% per month (or the maximum permitted by law, whichever is lower). We may suspend access to the Service upon 14 days' written notice if fees remain unpaid, without waiving our right to recover amounts owed.
8.1 Our warranties. We warrant that (a) the Service will perform materially in accordance with the applicable documentation; and (b) we will implement and maintain appropriate technical and organizational security measures as described in our Privacy Policy.
8.2 Disclaimers. THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" EXCEPT AS EXPRESSLY STATED IN SECTION 8.1. TO THE FULLEST EXTENT PERMITTED BY LAW, FLUXA VENTURES DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF HARMFUL COMPONENTS.
THE SERVICE DOES NOT CONSTITUTE LEGAL, REGULATORY, COMPLIANCE, OR FINANCIAL ADVICE. AI-GENERATED OUTPUTS ARE NOT LEGAL DETERMINATIONS AND MUST NOT BE TREATED AS SUCH.
To the fullest extent permitted by applicable law, neither party shall be liable to the other for any indirect, incidental, special, consequential, exemplary, or punitive damages, including loss of profits, data, business, goodwill, or opportunity, even if advised of the possibility of such damages.
Each party's total aggregate liability arising out of or relating to these Terms shall not exceed the total fees paid or payable by Customer to Fluxa Ventures in the twelve (12) months preceding the event giving rise to the claim.
These limitations apply regardless of the theory of liability (contract, tort, statute, or otherwise) and even if the limited remedy fails of its essential purpose. Nothing in these Terms excludes liability for (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; or (c) any other liability that cannot be excluded by applicable law.
You agree to indemnify, defend, and hold harmless Fluxa Ventures and its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from: (a) your Customer Data; (b) your breach of these Terms; (c) your violation of applicable law; or (d) your compliance decisions made using the Service.
Fluxa Ventures will indemnify you against third-party claims that the Service, as provided, infringes any third-party intellectual property right, subject to standard IP indemnity conditions.
11.1 Term. These Terms commence on the date you first access the Service and continue until the subscription period expires or is terminated.
11.2 Termination for convenience. Either party may terminate these Terms on 30 days' written notice. Annual subscriptions are not subject to early cancellation refunds.
11.3 Termination for cause. Either party may terminate immediately if the other party: (a) materially breaches these Terms and fails to cure within 15 days of written notice; (b) becomes insolvent, enters bankruptcy, or makes an assignment for the benefit of creditors; or (c) ceases business operations.
11.4 Effect of termination. Upon termination, your right to access the Service ceases. We will make your Customer Data available for export for 30 days after termination, after which we will delete it in accordance with our data retention schedule, subject to mandatory legal retention requirements. Sections 4.1, 6, 8.2, 9, 10, and 13 survive termination.
Important. Veris is designed to support compliance programs under the GENIUS Act (US), BSA/FinCEN regulations, OFAC sanctions requirements, MiCA (EU), and FATF Recommendation 16. However, Fluxa Ventures is a software provider, not a regulated financial institution, compliance firm, or law firm. Using Veris does not ensure that you meet your regulatory obligations. You remain solely responsible for: your AML/CFT program; all SAR, CTR, and other regulatory filings; sanctions screening decisions; maintaining required records; and satisfying applicable examination requirements. We strongly recommend that your compliance program be supervised by a qualified Chief Compliance Officer and reviewed by legal counsel specializing in financial regulation.
13.1 Governing law and jurisdiction. These Terms are governed by the laws of the State of Washington, United States, without regard to its conflict of law principles. Any dispute arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the state and federal courts located in King County, Washington, except that either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent irreparable harm.
13.2 Entire agreement. These Terms, together with any Order Form, Data Processing Addendum, and documents incorporated by reference, constitute the entire agreement between the parties with respect to the Service and supersede all prior agreements, representations, and understandings.
13.3 Modifications. We may modify these Terms by providing 30 days' written notice. Your continued use of the Service after the effective date of the modified Terms constitutes acceptance. If you object to a modification, you may terminate these Terms before the effective date without penalty.
13.4 Severability. If any provision of these Terms is held invalid or unenforceable, the remaining provisions remain in full force and effect.
13.5 Waiver. Failure to enforce any provision of these Terms does not constitute a waiver of the right to enforce it in the future.
13.6 Assignment. You may not assign these Terms or any rights under them without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all of our assets, with notice to you.
13.7 Notices. Legal notices to Fluxa Ventures must be sent by email to legal@fluxa.ventures and by registered post to the address specified in your Order Form. We will send notices to the email address associated with your account.
Legal and Contractual Inquiries
Fluxa Ventures LLC
Email: legal@fluxa.ventures
For enterprise agreements, DPA execution, or regulatory inquiries, please use the email above with the subject line matching your inquiry type.
We sign Enterprise Master Services Agreements, Data Processing Addenda, and customer-specific terms. Contact our legal team for DPA execution, regulatory inquiries, and enterprise contracts.