1. Introduction
Nexus Trust, Inc. ("Nexus Trust," "we," "us," or "our"), operating under the Veris product brand, provides AI-native compliance infrastructure for stablecoin finance. This Privacy Policy describes how we collect, use, disclose, and protect your personal data when you visit our website at useveris.finance (the "Site"), use our platform and services (the "Services"), or interact with us in other ways.
We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable privacy regulations.
Veris processes blockchain transaction data as part of its compliance services. Blockchain transaction data that is publicly available on distributed ledgers is not treated as personal data under this policy unless it is linked or linkable to an identified individual through our Services.
2. Data We Collect
2.1 Information You Provide
- Account registration data: name, email address, company name, job title
- Contact form submissions: name, email, company, role, compliance priorities
- Communications: content of emails, support tickets, and other correspondence
- Payment information: billing address and payment method details (processed by our payment processor)
2.2 Information Collected Automatically
- Device and browser information: IP address, browser type, operating system, device identifiers
- Usage data: pages visited, features used, time spent, navigation patterns
- Log data: server logs, error reports, access timestamps
2.3 Information from Third Parties
- Identity verification data from KYC/KYB providers when required for compliance purposes
- Blockchain analytics data from public distributed ledgers
- Sanctions screening data from regulatory databases (OFAC, EU, UN consolidated lists)
2.4 Compliance Data Processed on Behalf of Clients
When providing compliance services, Veris processes data on behalf of its clients as a data processor. This data may include blockchain transaction records, entity profiles, risk assessments, and regulatory filings. The processing of this data is governed by our Data Processing Agreements with each client.
3. How We Use Your Data
We use your personal data for the following purposes:
- Providing and maintaining our Services, including AI agent operations for compliance monitoring, investigation, and reporting
- Processing your requests and responding to inquiries
- Sending service-related communications, including security alerts and updates
- Improving our Services through usage analytics and AI model performance evaluation
- Complying with legal obligations, including anti-money laundering (AML) and sanctions compliance requirements
- Protecting the security and integrity of our platform
- Marketing communications (with your consent, where required)
4. Legal Basis for Processing
Under the GDPR and similar regulations, we process your personal data on the following legal bases:
- Contract performance: Processing necessary to provide our Services and fulfill our contractual obligations to you
- Legitimate interests: Processing necessary for our legitimate business interests, such as improving our Services, preventing fraud, and ensuring network security, where these interests are not overridden by your rights
- Legal obligation: Processing necessary to comply with applicable laws and regulations, including AML/CFT requirements
- Consent: Processing based on your freely given consent, such as for marketing communications. You may withdraw consent at any time
5. Data Sharing and Third Parties
We do not sell your personal data. We share personal data only in the following circumstances:
- Service providers: Cloud infrastructure providers, analytics services, and payment processors that assist in delivering our Services, bound by data processing agreements
- Regulatory authorities: When required by law, regulation, or legal process, including suspicious activity reports filed with FinCEN or equivalent authorities
- Professional advisors: Legal counsel, auditors, and consultants under obligations of confidentiality
- Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice and protections
- Client instructions: When processing compliance data on behalf of clients, as directed by the client in accordance with our Data Processing Agreement
6. International Data Transfers
Veris operates globally. Your personal data may be transferred to and processed in countries outside your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction.
For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries without adequate data protection, we implement appropriate safeguards including:
- Standard Contractual Clauses (SCCs) approved by the European Commission (June 2021 version)
- Transfer impact assessments to evaluate the legal framework of the destination country
- Supplementary technical and organizational measures where necessary
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements.
- Account data: retained for the duration of the account relationship and for 3 years after termination
- Transaction monitoring data: retained for 5 years after the completion of the transaction or the business relationship, as required by AML regulations
- Suspicious activity reports and related records: retained for 5 years from the date of filing, as required by applicable law
- Marketing contact data: retained until consent is withdrawn or the data is no longer needed
- Website usage data: retained for 26 months
8. Your Rights
8.1 Rights Under GDPR (EEA and UK Residents)
If you are located in the EEA or UK, you have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate or incomplete personal data
- Erasure: Request deletion of your personal data, subject to legal retention requirements
- Restriction: Request restriction of processing in certain circumstances
- Portability: Receive your personal data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests or for direct marketing
- Automated decision-making: Not be subject to decisions based solely on automated processing that produce legal effects, with the right to human review
We respond to data subject requests within 30 days of receipt. Complex requests may be extended by up to 60 additional days with notice.
8.2 Rights Under CCPA/CPRA (California Residents)
If you are a California resident, you have the following rights:
- Right to know: Request disclosure of categories and specific pieces of personal information collected
- Right to delete: Request deletion of personal information we have collected
- Right to correct: Request correction of inaccurate personal information
- Right to opt-out: Opt out of the sale or sharing of personal information (Veris does not sell personal information)
- Right to limit use of sensitive personal information: Limit the use of sensitive personal information to purposes necessary for providing the Services
- Non-discrimination: We will not discriminate against you for exercising your rights
We acknowledge receipt of verifiable consumer requests within 10 business days and respond substantively within 45 calendar days.
9. Security
We implement technical and organizational security measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS 1.3) and at rest (AES-256)
- Secret management through HashiCorp Vault with AppRole authentication and least-privilege access policies
- Network segmentation with isolated environments for database, application, and indexer services
- Audit logging of all access to personal data and compliance records
- Regular security assessments and vulnerability testing
- Role-based access controls with separation of duties
No method of transmission or storage is completely secure. If you become aware of any security incident involving your data, contact us immediately at security@useveris.finance.
10. Cookies and Tracking
Our Site uses essential cookies necessary for the functioning of the website. We use analytics cookies to understand how visitors interact with our Site. You can manage your cookie preferences through your browser settings.
- Essential cookies: Required for basic site functionality. Cannot be disabled.
- Analytics cookies: Help us understand usage patterns. Can be declined without affecting core functionality.
We do not use advertising cookies or third-party tracking pixels. We do not engage in cross-site tracking.
11. Children's Privacy
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete that information promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our Site and updating the "Last updated" date. For significant changes that affect how we process your personal data, we will provide additional notice through email or an in-platform notification.
If you have questions about this Privacy Policy, wish to exercise your data subject rights, or have concerns about our data practices, contact us at:
Nexus Trust, Inc.
Privacy Team
Email: privacy@useveris.finance
For EEA residents, you have the right to lodge a complaint with your local supervisory authority if you believe your personal data has been processed in violation of applicable data protection laws.