Privacy Policy

Last updated: February 5, 2026

1. Who we are

Veritact ("we", "us", "our") provides EU AI Act compliance assessment services. Our website is veritact.eu. For any privacy-related questions, contact us at hello@veritact.eu.

2. What data we collect

We collect personal data only when you voluntarily provide it through our intake form. This includes:

• Your name and email address
• Company name and industry
• Company size (employee count range)
• Information about your AI systems (if provided)
• Any additional information you choose to share

3. How we collect data

Intake form: Our contact form is hosted by Tally.so. When you submit the form, your data is processed by Tally.so and forwarded to us via email. Tally.so's privacy policy is available at tally.so/help/privacy-policy.

Email: If you email us directly at hello@veritact.eu, we process your email address and the content of your message.

Website analytics: We use Cloudflare Web Analytics, which collects anonymous, aggregated data about website visits. It does not use cookies, does not track individual users, and does not collect personal data.

4. Why we process your data (legal basis)

We process your personal data based on:

• Legitimate interest (Art. 6(1)(f) GDPR) — to respond to your inquiry and provide information about our services
• Contract performance (Art. 6(1)(b) GDPR) — if you become a client, to deliver the agreed services
• Consent (Art. 6(1)(a) GDPR) — where applicable, for any processing beyond the above purposes

5. How we use your data

We use the data you provide to:

• Respond to your inquiry
• Prepare and deliver AI Act compliance assessments
• Communicate with you about our services

We do not use your data for automated decision-making or profiling. We do not sell your data to third parties.

6. Who has access to your data

Your data may be processed by:

• Tally.so — form processing (EU-based, GDPR compliant)
• Cloudflare — website hosting and email routing
• Google — if we use Gmail for email communication

We do not share your personal data with any other third parties unless required by law.

7. Data retention

We retain your personal data for as long as necessary to fulfill the purpose for which it was collected. If you submit an inquiry but do not become a client, we delete your data within 12 months. Client data is retained for the duration of our engagement plus any period required by applicable laws (e.g., accounting obligations).

8. Cookies

Our website does not use cookies for tracking or analytics. Cloudflare may set strictly necessary cookies for security purposes (e.g., bot detection). These cookies are exempt from consent requirements under the ePrivacy Directive as they are essential for the functioning of the website.

9. Your rights

Under GDPR, you have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Restriction — restrict how we process your data
• Portability — receive your data in a machine-readable format
• Object — object to processing based on legitimate interest
• Withdraw consent — where processing is based on consent

To exercise any of these rights, email us at hello@veritact.eu. We will respond within 30 days.

10. Right to lodge a complaint

If you believe we have not handled your data correctly, you have the right to lodge a complaint with a supervisory authority. In Poland, this is the President of the Personal Data Protection Office (UODO): uodo.gov.pl.

11. Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated "Last updated" date.