Legal

Privacy Policy

Effective date: 15 April 2026

This Privacy Policy explains how Verizap Technologies Pvt. Limited (“Verizap”, “we”, “us”), the company behind the Filto product, collects, uses, and protects personal data when you use our website and platform. Verizap is incorporated in India. We are committed to handling your data transparently and in accordance with applicable data protection law, including the UK GDPR, EU GDPR, and India's Digital Personal Data Protection Act 2023 (DPDP Act).

1. Who We Are

Verizap Technologies Pvt. Limited, incorporated in India, is the data controller for personal data collected through our website and for the management of customer accounts and relationships. Verizap operates the Filto product.

When we process personal data on your behalf as part of our verification services, we act as a data processor and you act as the data controller. This is governed by our Data Processing Agreement, available to enterprise customers on request.

For any privacy-related queries, .

2. Data We Collect

When you fill in a form on our website

  • Name and email address
  • Company name and phone number (demo requests)
  • Resume URL, LinkedIn, GitHub, and website (career applications)
  • Cover letter and any other information you choose to provide

When you create an account

  • Name and email address
  • Company name and job title
  • Billing address and payment details (processed by our payment provider - we do not store card data)
  • IP address and country

When you use the platform

  • Login activity and session data
  • Verification runs - records submitted, results returned, credits used
  • Support conversations and correspondence
  • Feature usage and interaction data

Automatically collected

  • Browser type, device, and operating system
  • Pages visited and time on site
  • Referral source
  • Cookies (see Section 9)

We do not ask you to submit sensitive personal data (such as government ID numbers, health information, or payment card details directly to Filto). Do not include such data in records submitted for verification.

3. How We Use Your Data

Contract performance

  • Providing and operating the Service
  • Processing verification runs and returning results
  • Managing your account and credit balance
  • Billing and payment processing

Legitimate interest

  • Improving the platform and verification quality
  • Analysing usage patterns to inform product decisions
  • Preventing fraud and misuse
  • Sending product updates and relevant communications (you can opt out at any time)

Legal obligation

  • Responding to lawful requests from regulatory authorities
  • Maintaining records required by applicable law
  • Handling data subject rights requests

Consent

  • Marketing emails and newsletters (you can withdraw consent at any time)
  • Non-essential cookies (managed via cookie preferences)

4. Client Data (Data You Submit for Verification)

When you submit contact or company records to Filto for verification, we process that data solely to provide the verification service you have requested. You remain the data controller for that data. We act as your data processor.

We do not sell, share, or use Client Data submitted for verification for any purpose outside of performing your requested verification runs. Client Data is not used to build databases, train models, or serve other customers.

Your Client Data is retained for the duration of your account plus 30 days after account closure, after which it is deleted unless we are legally required to retain it for longer.

5. Sharing Your Data

We do not sell or rent your personal data to third parties.

We may share data with trusted sub-processors who help us operate the Service, including:

Hetzner Cloud - Cloud infrastructure and hosting (EEA-based)
Resend - Transactional email delivery for form submissions and notifications
Google Analytics - Website analytics - only loaded with your consent
Google reCAPTCHA - Bot and fraud prevention on website forms (treated as essential)
Payment provider - Billing and payment processing - card data is not stored by Filto

All sub-processors are bound by data processing agreements and are required to maintain appropriate security measures.

We may also disclose data where required by law, court order, or regulatory authority, or to protect the rights and safety of Filto, our users, or others.

6. International Data Transfers

Our infrastructure is primarily hosted within the European Economic Area. Where data is transferred outside the EEA or UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the relevant authority or transfers to countries with an adequacy decision.

7. Data Retention

Data typeRetention period
Account and profile dataDuration of account + 3 years after closure
Billing and transaction records7 years (legal requirement)
Client Data submitted for verificationDuration of account + 30 days
Support correspondence3 years from last interaction
Marketing consent records3 years from consent or last interaction
Security and access logs12 months

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

AccessRequest a copy of the personal data we hold about you.
RectificationAsk us to correct inaccurate or incomplete data.
ErasureRequest deletion of your personal data, subject to legal retention obligations.
RestrictionAsk us to restrict processing of your data in certain circumstances.
PortabilityReceive your data in a structured, machine-readable format.
ObjectObject to processing based on legitimate interest, including direct marketing.
Withdraw consentWhere processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, . We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority (in the UK, the ICO; in the EU, your national DPA).

9. Cookies

We use cookies and similar technologies on our website. These fall into two categories:

Essential - no consent required

  • Session and preference cookies - store your cookie consent choices and keep you logged in.
  • Google reCAPTCHA - used on website forms to detect bot and fraudulent submissions. Set by Google. See Google Privacy Policy.

Analytics - consent required

  • Google Analytics - helps us understand how visitors use the site. IP anonymisation is enabled. Only loaded with your consent. See Google Privacy Policy.

Marketing - consent required

Marketing cookies may be used to measure the effectiveness of our advertising. We do not sell this data. Only placed with your consent.

You can manage your preferences at any time via the cookie preferences link in the footer. You can also control cookies through your browser settings, though this may affect site functionality.

10. Security

We implement industry-standard security measures including encryption in transit (TLS), access controls, and regular security reviews. Payment data is processed by our payment provider and is not stored on Filto infrastructure.

No system is completely immune to breach. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay and no later than 72 hours after becoming aware.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated at least 30 days before they take effect, via email or a notice on the platform. The date at the top of this page reflects the most recent update.