Version 2.0 · Effective 1/1/2025 · Last updated 5/18/2026
Verisq Inc. ("Verisq," "we," "us," or "our") respects your privacy. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you interact with us through our website at livethreat.ai and related Verisq AI domains (the "Site"), our enterprise software products including the LiveThreat™ Security Scorecard platform (the "Services"), and our business operations.
This Policy applies to two distinct relationships:
If you are an end user of a website or service that uses Verisq products (such as a website displaying a CookiePLUS consent banner), please refer to that website's own privacy notice. We process your information only as instructed by that operator.
Verisq Inc. is a Delaware corporation with principal offices in Alpharetta, Georgia, United States. We provide governance, risk, compliance, third-party risk management, privacy operations, and threat intelligence software products including the Verisq platform, LiveThreat, CookiePLUS, and DNBL.
Contact information:
We collect personal information in three principal ways: information you provide to us, information collected automatically, and information from third parties.
When you visit the Site or use the Services, we collect information automatically through cookies and similar technologies. See our Cookie Policy for the complete list of cookies and tracking technologies used. The categories include:
We do not knowingly collect special categories of personal data (such as health information, biometric data, or information about religious or political beliefs) about visitors to our Site or contacts in our sales pipeline. Our Services may process such data on behalf of our customers when configured by them; that processing is governed by our Data Processing Agreement.
We use personal information for the following purposes, each tied to a specific legal basis where required by law (see § 4).
| Purpose | Examples |
|---|---|
| Providing the Services | Authenticating users, delivering features, processing transactions, maintaining records |
| Customer support | Responding to inquiries, troubleshooting, providing training |
| Sales and marketing | Responding to demo requests, sending product updates and newsletters (with consent where required), running events and webinars, measuring marketing effectiveness |
| Improving our products | Analyzing usage patterns, prioritizing features, fixing defects, improving documentation |
| Security and fraud prevention | Detecting and preventing unauthorized access, abuse, malware, and other security incidents |
| Legal and compliance | Complying with our legal obligations, responding to lawful requests, enforcing our agreements, defending against claims |
| Business operations | Billing, accounting, auditing, financial reporting, corporate transactions |
We do not sell personal information for monetary consideration. We do not engage in cross-context behavioral advertising. We may share aggregated, de-identified, or anonymized data publicly without restriction.
Where the General Data Protection Regulation (GDPR), UK GDPR, or Swiss FADP applies, we rely on the following legal bases:
You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. For processing based on legitimate interests, you have the right to object (see § 6).
We do not sell personal information. We share personal information only as described below.
We engage trusted third parties to operate our business. Each is contractually bound to confidentiality and security obligations consistent with this Policy. Categories include:
Our complete and current sub-processor list is published at verisq.ai/sub-processors and updated when changes occur.
If Verisq is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. We will notify affected individuals where required by law.
We may disclose personal information to comply with legal obligations, respond to lawful requests by public authorities, protect our rights and safety, prevent fraud or abuse, or enforce our terms. We push back on overbroad government demands and publish transparency information when permitted.
Where you direct us to share information — for example, when you connect a Verisq product to a third-party integration — we share according to your direction.
Depending on where you live, you may have rights regarding your personal information. Verisq honors these rights for all individuals regardless of jurisdiction, except where local law specifies otherwise.
Submit a request through our Privacy Portal at verisq.ai/privacy-portal. The portal supports four primary request types: Access, Correction, Erasure, and Consent Management.
You may also email privacy@verisq.ai. We will verify your identity before fulfilling any request and respond within the timeframes required by applicable law (typically 30 days under GDPR, 45 days under CCPA, with extensions where permitted).
You may designate an authorized agent to submit requests on your behalf. We will require evidence of the agent's authority.
We honor Global Privacy Control (GPC) signals received via your browser. When we detect a GPC signal from a resident of California, Colorado, Connecticut, Texas, Oregon, Delaware, New Jersey, New Hampshire, or other states recognizing universal opt-out signals, we treat it as a valid opt-out request for sale and sharing under those laws.
If you believe we have not addressed your concerns, you have the right to lodge a complaint with a supervisory authority. In the EEA, this is typically your local Data Protection Authority. In the United Kingdom, the Information Commissioner's Office (ico.org.uk). In Switzerland, the Federal Data Protection and Information Commissioner (edoeb.admin.ch). For California residents, the California Privacy Protection Agency (cppa.ca.gov).
We encourage you to contact us first so we can address your concerns directly.
Verisq is headquartered in the United States and our Services are hosted in Microsoft Azure data centers, principally in the United States. When we transfer personal information from the European Economic Area, United Kingdom, or Switzerland to the United States or other countries, we rely on:
A copy of the relevant Standard Contractual Clauses is available on request to privacy@verisq.ai. EU customers operating through our Services should consult the Data Processing Agreement for transfer mechanisms applicable to processor-side processing.
We retain personal information only as long as necessary for the purposes for which it was collected, plus any period required by law or our legitimate business needs.
| Category | Typical retention |
|---|---|
| Customer account records | Term of the customer relationship plus 7 years |
| Sales inquiry records | 24 months from last interaction |
| Marketing contact records | Until you unsubscribe or request deletion |
| Website analytics | 26 months (Google Analytics default) |
| Support tickets | 5 years from closure |
| Financial and tax records | 7 years (US tax law) |
| Security logs | 13 months |
| Backups | 90 days |
After retention periods expire, we delete or de-identify personal information using methods designed to prevent recovery.
We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, and destruction. These include:
No method of transmission or storage is 100% secure. We work hard to protect your information but cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you and applicable regulators as required by law.
Our Site and Services are intended for business use and not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact privacy@verisq.ai so we can delete it.
If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) provides specific rights and requires specific disclosures. The categories of personal information we collect, the purposes for which we use them, and the categories of third parties to whom we disclose information are described throughout this Policy. The following table summarizes for California purposes:
| CCPA Category | Collected? | Sources | Purposes | Disclosed to |
|---|---|---|---|---|
| Identifiers | Yes | Direct, automatic, third parties | Service delivery, marketing, security | Sub-processors |
| Customer records | Yes | Direct | Service delivery, billing | Sub-processors |
| Commercial information | Yes | Direct, automatic | Service delivery, billing, analytics | Sub-processors |
| Internet/network activity | Yes | Automatic | Analytics, security | Sub-processors |
| Geolocation (approximate) | Yes | Automatic (IP-derived) | Localization, security | Sub-processors |
| Professional/employment information | Yes | Direct, third parties | Sales and marketing | Sub-processors |
| Inferences | Limited | Derived | Marketing, segmentation | Sub-processors |
| Sensitive personal information | No | — | — | — |
| Biometric, genetic, health | No | — | — | — |
We do not sell personal information and do not share personal information for cross-context behavioral advertising. We retain personal information for the periods described in § 8.
To exercise your rights, submit a request through verisq.ai/privacy-portal. To exercise the right to opt out of sale and sharing (which we already do not engage in), submit a request labeled "Do Not Sell or Share My Personal Information" via the same portal or email privacy@verisq.ai. We also honor Global Privacy Control signals automatically.
Right to appeal: If we decline your request, you may appeal by emailing privacy-appeals@verisq.ai. We will respond within 60 days.
Authorized agent: A person you designate may submit requests on your behalf. We will verify the agent's authority and your identity before fulfillment.
We provide equivalent rights to residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Florida, Delaware, New Hampshire, New Jersey, Maryland, Minnesota, Rhode Island, Nebraska, Kentucky, and other states with applicable privacy laws. Requests are processed through verisq.ai/privacy-portal under the framework most protective of your rights.
For our customers, Verisq processes personal information about their end users only on the customer's instructions. The Verisq Data Processing Agreement governs that processing and includes:
End users of customer services should direct privacy inquiries to the customer (the controller). Verisq will redirect end-user requests received directly to the appropriate customer where we can identify them, or respond with general guidance otherwise.
For details on the cookies and similar technologies used on our Site, see our Cookie Policy. You can manage your cookie preferences at any time through our cookie banner. We honor Global Privacy Control signals as described in § 6.3.
Our Site may contain links to third-party websites or services not controlled by Verisq. We are not responsible for the privacy practices of those third parties. Please review their privacy notices before providing information to them.
We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent revision. We will post material changes on our Site and, where required by law, notify you directly. Continued use of the Site or Services after the effective date of changes constitutes acceptance, except where applicable law requires renewed consent.
For any questions about this Privacy Policy or our privacy practices:
Email: privacy@verisq.ai
Privacy Portal: verisq.ai/privacy-portal
DPO inquiries: dpo@verisq.ai
Mail: Verisq Inc., 8000 Avalon Blvd. Suite 264, Alpharetta, GA 30009, Attn: Privacy Officer
We aim to respond to all inquiries within 5 business days.