🔒 Enterprise-Grade Privacy: All file processing happens in your browser. We never see, store, or access your data.

GDPR Compliance

1. Our Commitment to GDPR

VeriDiff is fully committed to compliance with the General Data Protection Regulation (GDPR). This page explains your rights and how we protect your personal data through our privacy-by-design architecture.

2. Lawful Basis for Processing

Under GDPR Article 6, we process personal data based on these lawful bases:

• Legitimate Interest (6.1.f): File comparison service delivery and security
• Contract (6.1.b): Account management and Premium subscription billing
• Consent (6.1.a): Optional marketing communications and analytics
• Legal Obligation (6.1.c): Tax records, financial reporting, and compliance

3. Your Rights Under GDPR

3.1 Right of Access (Article 15)

You have the right to obtain confirmation that we are processing your personal data and access to that data, including information about purposes, categories, recipients, and retention periods.

3.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected or completed if incomplete. This includes updating your account information and preferences.

3.3 Right to Erasure (Article 17) - "Right to be Forgotten"

You have the right to have your personal data deleted in certain circumstances:

• Personal data is no longer necessary for the original purpose
• You withdraw consent and there's no other legal basis
• Personal data has been unlawfully processed
• Deletion is required for compliance with legal obligations

3.4 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

3.5 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

4. Data Retention Periods

We retain personal data only as long as necessary for the purposes collected:

• File data: Never stored (processed client-side only)
• Account data: Retained until account deletion (or 2 years after last login)
• Payment records: 7 years (UK tax and legal requirements)
• Support communications: 3 years for service improvement
• Usage analytics: 24 months for performance optimization
• Marketing data: Until consent withdrawal or account deletion

5. Privacy by Design Principles

VeriDiff implements all seven Privacy by Design principles:

• Proactive not Reactive: Privacy protection built into the architecture
• Privacy as the Default: Maximum privacy protection without requiring action
• Privacy Embedded into Design: Local processing eliminates server-side data exposure
• Full Functionality: Privacy without compromising service quality
• End-to-End Security: HTTPS encryption and secure payment processing
• Visibility and Transparency: Clear policies and data handling practices
• Respect for User Privacy: User-centric approach to data protection

6. Exercising Your Rights

7. Data Transfers and International Processing

VeriDiff's unique architecture minimizes international data transfers:

• No File Transfers: All file processing happens locally in your browser
• EU/UK Hosting: Core services hosted within EU/UK jurisdiction
• Stripe Processing: Payment processing with adequate safeguards
• Standard Contractual Clauses: Used for any third-country transfers

8. Complaints and Supervisory Authority

If you believe we have not complied with GDPR, you have the right to lodge a complaint:

Recommendation: We encourage contacting us directly first at dpo@veridiff.com to resolve any concerns quickly and amicably.

9. Contact Information