Privacy Policy, Cookie Policy, and Terms of Service for Veris, a product of Fluxa Ventures. These documents govern your use of useveris.finance and all associated services.
Veris is an AI-native financial compliance platform developed and operated by Fluxa Ventures GmbH ("Fluxa Ventures", "we", "us", "our"), a company registered under the laws of Germany. Nexus Trust GmbH is the contracting entity for enterprise customers in certain jurisdictions. For the purposes of EU data protection law, Fluxa Ventures acts as the data controller for personal data collected through useveris.finance and all related services (the "Service").
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have in relation to it. It applies to all visitors, registered users, and customers of the Service globally, with jurisdiction-specific supplements where required by law.
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Providing and operating the Service | Account data, compliance content, usage data | Contract performance (Art. 6(1)(b)) |
| Processing compliance transactions (screening, triage, SAR) | Compliance content, blockchain data | Contract performance; Legal obligation (Art. 6(1)(b)(c)) |
| Account authentication and security | Account data, device data, log data | Legitimate interest (Art. 6(1)(f)) |
| Sending product updates, security alerts, and service notices | Email address, account data | Contract performance; Legitimate interest |
| Marketing and promotional communications | Email address, account data | Consent (Art. 6(1)(a)) or Legitimate interest (B2B, where permitted) |
| Product analytics and improvement | Usage data, device data | Legitimate interest (Art. 6(1)(f)) |
| Fraud prevention and abuse detection | Usage data, log data, device data | Legitimate interest; Legal obligation |
| Compliance with legal obligations | All categories as required | Legal obligation (Art. 6(1)(c)) |
For individuals in the European Economic Area (EEA) and the United Kingdom, we rely on the following legal bases under the General Data Protection Regulation (GDPR) and UK GDPR:
We do not sell your personal data. We share data only in the following circumstances:
We engage third-party providers who process personal data strictly on our behalf under written Data Processing Agreements (DPAs) that comply with GDPR Article 28. Categories include: cloud infrastructure (hosting, storage), analytics tools, payment processors, customer support platforms, and AI model APIs. All processors are contractually prohibited from using your data for any purpose other than providing services to us.
We may disclose personal data when required by law, court order, regulatory authority, or law enforcement request. Where legally permissible, we will notify affected users of such requests before disclosure.
In the event of a merger, acquisition, restructuring, or sale of all or part of our assets, personal data may be transferred to the successor entity, subject to the same protections described in this Policy. We will notify users in advance of any material change in data controller identity.
We may share your data with third parties in other circumstances where you have given us specific, explicit consent.
Fluxa Ventures operates infrastructure in the European Economic Area (EEA). Certain service providers may process data outside the EEA, including in the United States. Where such transfers occur, we ensure appropriate safeguards are in place, including:
For transfers to the United Kingdom, we use the UK International Data Transfer Addendum where applicable. You may request a copy of the relevant transfer mechanism by contacting us at privacy@fluxaventures.com.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account data | Duration of contract + 3 years | Contract; Legitimate interest |
| Compliance content (transaction records, SARs, case files) | 5 years from filing date | BSA/FinCEN 31 C.F.R. ยง 1020.320; FATF Recommendation 11; MiCA Article 72 |
| AI audit logs | 5 years | Regulatory requirement; SR 11-7 model governance |
| Marketing contact data | Until opt-out or 3 years of inactivity | Consent; Legitimate interest |
| Server and access logs | 12 months | Security; Legitimate interest |
| Cookie and analytics data | As specified in Cookie Policy | Consent; Legitimate interest |
Financial crime compliance records (SAR filings, screening records, transaction monitoring alerts) are subject to mandatory minimum retention periods under applicable AML/CFT regulation. These records may not be deleted upon request where retention is legally required.
If you are located in the EEA or UK, you have the following rights:
We will respond to requests within 30 days, extendable by a further 60 days for complex requests with notice. If you are unsatisfied with our response, you have the right to lodge a complaint with your national supervisory authority. For Germany: Bundesbeauftragte fur den Datenschutz und die Informationsfreiheit (BfDI).
If you are a California resident, you have the following rights:
We acknowledge California consumer rights requests within 10 business days and respond substantively within 45 calendar days. Requests may be submitted to privacy@fluxaventures.com.
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We will notify the competent supervisory authority within 72 hours of becoming aware of the breach, where required under GDPR Article 33.
The Service is directed exclusively at business users and is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. Contact us at privacy@fluxaventures.com if you believe we have collected data from a minor.
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. Material changes will be communicated by email to registered users and by a prominent notice on this page at least 14 days before the change takes effect. The "Effective date" at the top of this page indicates when the current version was last revised. Continued use of the Service after the effective date constitutes acceptance of the revised policy.
Fluxa Ventures GmbH
Attn: Data Protection
Email: privacy@fluxaventures.com
For data subject requests (access, deletion, portability): please include your full name, email address associated with your account, and a description of your request. We may request additional information to verify your identity before processing the request.
Cookies are small text files placed on your device by a website when you visit it. They allow the website to recognize your browser and remember information about your visit, such as your login state or language preference. Similar technologies include local storage, session storage, pixel tags, and fingerprinting; this policy covers all such technologies unless stated otherwise.
This Cookie Policy forms part of our Privacy Policy and should be read together with it. By using useveris.finance, you consent to cookies as described in this policy, except for strictly necessary cookies which do not require consent.
Some cookies are set by third-party service providers we use to operate the Service. These providers are contractually restricted from using cookie data for any purpose other than providing services to us. We require all third-party providers to implement appropriate technical measures including IP anonymization where applicable.
| Provider | Purpose | Category | Data Location |
|---|---|---|---|
| First-party (Fluxa Ventures) | Session management, authentication, security | Strictly Necessary | EEA |
| Analytics provider | Aggregated usage analytics (IP anonymized) | Analytics | EEA / adequacy mechanism |
| Error monitoring provider | Application error tracking and performance | Strictly Necessary | EEA / SCC |
We review our third-party cookie providers at least annually and update this policy when providers change. We do not use Google Analytics, Meta Pixel, or LinkedIn Insight Tag on useveris.finance.
When you first visit useveris.finance, a cookie consent banner allows you to accept all optional cookies, reject optional cookies (keeping only strictly necessary cookies), or customize your preferences by category. Your consent decision is stored as a first-party preference cookie valid for 12 months. You may change your preferences at any time using the cookie settings link in the footer.
You can instruct your browser to refuse all cookies or to alert you when cookies are being sent. Note that disabling strictly necessary cookies will prevent the Service from functioning correctly. Instructions for managing cookies in common browsers:
Some browsers transmit a "Do Not Track" (DNT) signal. We honor DNT signals by disabling all optional analytics and preference cookies for sessions where DNT is enabled.
Under the EU ePrivacy Directive (Directive 2002/58/EC, as implemented in member state law) and the UK Privacy and Electronic Communications Regulations (PECR), we obtain your consent before setting non-essential cookies. Your consent is freely given, specific, informed, and unambiguous. You may withdraw consent at any time by updating your cookie preferences via the cookie settings link in the page footer.
| Cookie Name / Category | Type | Lifetime | Purpose |
|---|---|---|---|
| Session token | Session | Until browser close | Authentication |
| CSRF token | Session | Until browser close | Security |
| Cookie consent record | Persistent | 12 months | Stores your consent decision |
| UI preference | Persistent | 12 months | Remembers interface settings |
| Analytics session | Persistent | Up to 13 months | Aggregated usage analysis |
| Error tracking | Session | Until browser close | Application stability monitoring |
We may update this Cookie Policy to reflect changes in the cookies we use, our service providers, or applicable law. Material changes, including introduction of new optional cookie categories, will be communicated via the cookie consent banner and by email to registered users. The "Effective date" at the top of this page reflects the date of the most recent revision.
Fluxa Ventures GmbH
Email: privacy@fluxaventures.com
Please use the subject line "Cookie Policy Inquiry" for cookie-related questions.
These Terms of Service ("Terms") constitute a legally binding agreement between Fluxa Ventures GmbH (or the applicable Fluxa Ventures entity set out in your Order Form; "Fluxa Ventures", "we", "us") and the entity or individual accessing or using the Veris platform ("Customer", "you").
By accessing useveris.finance or executing an Order Form that references these Terms, you represent that (a) you have authority to bind the Customer entity to these Terms, and (b) you have read, understood, and agree to be bound by them.
These Terms apply to all plans including free trials, beta access, and paid subscriptions. Where a separately executed Master Services Agreement or Enterprise Agreement exists between the parties, that agreement governs and these Terms apply only to the extent not inconsistent with it.
To use the Service, you must register for an account and provide accurate, current, and complete information. You are responsible for maintaining the confidentiality of your credentials and for all activity occurring under your account. You must notify us immediately at security@fluxaventures.com if you suspect unauthorized access to your account.
You may grant access to the Service to individual users within your organization ("Authorized Users") up to the number permitted by your subscription plan. Each Authorized User must accept these Terms before accessing the Service. You are responsible for ensuring your Authorized Users comply with these Terms and for any actions they take within the Service.
The Service is available only to businesses and individuals operating in compliance with applicable law. By accessing the Service, you represent that you are not located in a jurisdiction subject to comprehensive OFAC sanctions, that you are not on any government sanctions list, and that your use of the Service complies with all applicable laws and regulations.
You may use the Service solely for your internal business compliance purposes in accordance with the documentation, these Terms, and applicable law. The Service is designed to support AML/CFT compliance programs for stablecoin issuers and virtual asset service providers (VASPs).
You must not, and must not permit Authorized Users or third parties to:
Fluxa Ventures retains all right, title, and interest in and to the Service, including all software, AI models, algorithms, documentation, and derivative works thereof. These Terms grant you a limited, non-exclusive, non-transferable, revocable license to access and use the Service during the subscription term for your permitted internal purposes only. No other rights are granted.
You retain all right, title, and interest in and to your Customer Data (defined in Section 5). You grant us a limited, non-exclusive license to process Customer Data solely to provide and improve the Service, as described in our Privacy Policy and any applicable Data Processing Addendum.
If you provide feedback, suggestions, or ideas about the Service, you grant us a perpetual, irrevocable, royalty-free license to use and incorporate that feedback without restriction or compensation.
"Customer Data" means all data, content, and information you or your Authorized Users submit to or generate within the Service, including transaction records, wallet addresses, alerts, case files, and SAR draft narratives. You are solely responsible for the accuracy, legality, and completeness of Customer Data and for ensuring you have all rights necessary to submit it.
To the extent Customer Data includes personal data subject to GDPR or other data protection law, we process it as a data processor acting on your instructions. A Data Processing Addendum (DPA) is incorporated by reference into these Terms for all customers subject to GDPR. The DPA is available at legal@fluxaventures.com upon request.
Veris is a software tool. It does not file Suspicious Activity Reports (SARs), Currency Transaction Reports (CTRs), or any regulatory submissions on your behalf. All compliance obligations, regulatory filings, and responsibilities under applicable AML/CFT law remain with you as the regulated entity. AI-generated analysis and recommendations are provided for informational purposes and must be reviewed by a qualified compliance professional before any regulatory action.
Each party may disclose to the other confidential business, technical, or financial information ("Confidential Information"). Each party agrees to: (a) keep Confidential Information strictly confidential using at least the same care as it uses to protect its own confidential information (but no less than reasonable care); (b) use Confidential Information only for the purpose of performing obligations or exercising rights under these Terms; and (c) not disclose Confidential Information to any person other than employees or contractors who need to know it and are bound by obligations at least as protective as these Terms.
Confidentiality obligations do not apply to information that: (a) becomes publicly known through no breach by the receiving party; (b) was known to the receiving party before disclosure; (c) is independently developed without use of Confidential Information; or (d) is required to be disclosed by law, regulation, or court order (with prior notice to the disclosing party where legally permissible).
You agree to pay the fees set out in your Order Form or subscription plan. Fees are quoted in US Dollars unless otherwise specified and are non-refundable except as required by applicable law or as expressly stated in these Terms. All fees are exclusive of applicable taxes.
Subscriptions are billed in advance on a monthly or annual basis as selected at checkout. We use a third-party payment processor to handle billing; by providing payment information you authorize recurring charges for the subscription period.
Overdue fees accrue interest at the rate of 1.5% per month (or the maximum permitted by law, whichever is lower). We may suspend access to the Service upon 14 days' written notice if fees remain unpaid, without waiving our right to recover amounts owed.
We warrant that (a) the Service will perform materially in accordance with the applicable documentation; and (b) we will implement and maintain appropriate technical and organizational security measures as described in our Privacy Policy.
To the fullest extent permitted by applicable law, neither party shall be liable to the other for any indirect, incidental, special, consequential, exemplary, or punitive damages, including loss of profits, data, business, goodwill, or opportunity, even if advised of the possibility of such damages.
Each party's total aggregate liability arising out of or relating to these Terms shall not exceed the total fees paid or payable by Customer to Fluxa Ventures in the twelve (12) months preceding the event giving rise to the claim.
These limitations apply regardless of the theory of liability (contract, tort, statute, or otherwise) and even if the limited remedy fails of its essential purpose. Nothing in these Terms excludes liability for (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; or (c) any other liability that cannot be excluded by applicable law.
You agree to indemnify, defend, and hold harmless Fluxa Ventures and its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from: (a) your Customer Data; (b) your breach of these Terms; (c) your violation of applicable law; or (d) your compliance decisions made using the Service.
Fluxa Ventures will indemnify you against third-party claims that the Service, as provided, infringes any third-party intellectual property right, subject to standard IP indemnity conditions.
These Terms commence on the date you first access the Service and continue until the subscription period expires or is terminated.
Either party may terminate these Terms on 30 days' written notice. Annual subscriptions are not subject to early cancellation refunds.
Either party may terminate immediately if the other party: (a) materially breaches these Terms and fails to cure within 15 days of written notice; (b) becomes insolvent, enters bankruptcy, or makes an assignment for the benefit of creditors; or (c) ceases business operations.
Upon termination, your right to access the Service ceases. We will make your Customer Data available for export for 30 days after termination, after which we will delete it in accordance with our data retention schedule, subject to mandatory legal retention requirements. Sections 4.1, 6, 8.2, 9, 10, and 13 survive termination.
These Terms are governed by the laws of Germany, without regard to its conflict of law principles. Any dispute arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of Berlin, Germany, except that either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent irreparable harm.
These Terms, together with any Order Form, Data Processing Addendum, and documents incorporated by reference, constitute the entire agreement between the parties with respect to the Service and supersede all prior agreements, representations, and understandings.
We may modify these Terms by providing 30 days' written notice. Your continued use of the Service after the effective date of the modified Terms constitutes acceptance. If you object to a modification, you may terminate these Terms before the effective date without penalty.
If any provision of these Terms is held invalid or unenforceable, the remaining provisions remain in full force and effect.
Failure to enforce any provision of these Terms does not constitute a waiver of the right to enforce it in the future.
You may not assign these Terms or any rights under them without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all of our assets, with notice to you.
Legal notices to Fluxa Ventures must be sent by email to legal@fluxaventures.com and by registered post to the address specified in your Order Form. We will send notices to the email address associated with your account.
Fluxa Ventures GmbH
Email: legal@fluxaventures.com
For enterprise agreements, DPA execution, or regulatory inquiries, please use the email above with the subject line matching your inquiry type.