Veriflex Ltd (“Veriflex”, “we”, “us”, “our”) is the data controller for personal data processed through this platform. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains clearly what we collect, why we collect it, and your rights.
Veriflex Ltd is a company registered in England and Wales. Our platform connects independent specialist consultants with UK businesses seeking expertise in Finance, Legal, Technology, Healthcare, Strategy, and Marketing.
For all data protection enquiries, contact us at: privacy@veriflex.co.uk
We collect the following categories of personal data:
We process personal data under the following legal bases:
Performance of a contract
Providing account access, enabling profile creation, facilitating reference requests, supporting engagement term discussions, and delivering platform functionality.
Legitimate interests
Platform security, fraud prevention, abuse detection, service improvement, and resolving disputes between users.
Compliance with a legal obligation
Retaining records required by law, responding to lawful requests from authorities, and maintaining audit trails for financial engagements.
Consent
Where you have explicitly opted in, for example to receive marketing communications. You may withdraw consent at any time.
Veriflex uses the Anthropic Claude API for two distinct purposes involving personal data. In both cases, email addresses are never transmitted to Anthropic.
Reference Authenticity Vetting
When a referee submits a reference, Veriflex passes the following data to the Anthropic API for an automated authenticity assessment: the referee’s name, job title, company domain, and the text of the reference, together with the consultant’s name for context. The AI assesses whether the submission appears genuine. The result is used by our team to inform the manual review decision and is never shown to the consultant or referee directly.
Professional Synthesis Generation
Where a consultant has approved verified references, Veriflex may use the Anthropic API to generate an AI Professional Synthesis: a concise summary for display on the consultant’s profile. The approved reference data (referee names, job titles, company domains, and testimonial text) is processed for this purpose. The generated summary is reviewed before publication. Consultants may request removal at any time by contacting privacy@veriflex.co.uk.
Both uses are carried out under our legitimate interests in operating a verified professional network and maintaining the integrity of the vetting process. Anthropic processes this data as a data processor under Anthropic’s data processing terms. Data is transmitted over encrypted HTTPS connections.
When a consultant requests a reference, the referee’s corporate email address is stored securely and used solely to dispatch the verification email. The full email address is never displayed to any other platform user, including the consultant who made the request.
Only the domain portion (e.g. goldmansachs.com) is displayed publicly on the consultant’s profile. Verification links expire after 7 days.
When a referee submits a reference, we collect their IP address and browser user agent solely for fraud detection and security purposes. This data is stored as part of the reference record and is visible to Veriflex administrators only.
We do not sell, rent, or trade your personal data to third parties. We share data only where strictly necessary to operate the platform:
Where personal data is transferred outside the UK (for example, to Anthropic’s infrastructure in the United States), we ensure appropriate safeguards are in place in accordance with UK GDPR Chapter V, including reliance on standard contractual clauses and adequacy decisions where applicable.
We retain personal data for the following periods:
You have the following rights, which you may exercise free of charge:
Right of Access
Request a copy of the personal data we hold about you (Subject Access Request).
Right to Rectification
Request correction of inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data where we have no legitimate reason to retain it.
Right to Restriction
Request that we restrict processing of your data in certain circumstances.
Right to Data Portability
Receive your personal data in a structured, machine-readable format (JSON or CSV).
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
To exercise any of these rights, email privacy@veriflex.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
Veriflex uses only strictly essential cookies required for platform authentication (session management) and security (CSRF protection). We do not use advertising cookies, third-party tracking cookies, or any analytics cookies that identify individual users.
Essential cookies are set on login and deleted on sign-out or session expiry. You may disable cookies in your browser settings, but this will prevent you from signing in to the platform.
We implement appropriate technical and organisational measures including: encrypted database storage, bcrypt password hashing, HTTPS-only data transmission, environment variable-protected API keys, and session-based authentication with short-lived tokens.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay.
We may update this Privacy Policy from time to time. We will notify you of material changes via email to your registered address. Continued use of the platform after notification constitutes acceptance of the revised policy. The “Last updated” date at the top of this page reflects the most recent revision.
Veriflex Ltd · Registered in England & Wales · privacy@veriflex.co.uk
Terms & Conditions →