Legal Documents

Privacy Policy

PRIVACY POLICY

Verial Services Ltd

Last Updated: January 2026

This Privacy Policy explains how Verial Services Ltd (Verial, we, us) collects, uses, stores, and discloses personal information when you use the Verial platform.

This policy is written for New Zealand and is intended to align with the Privacy Act 2020.

1. Personal information we collect

We collect personal information that you provide directly, that is generated through your use of the Platform, and that we receive from our service providers.

1.1 Account identifiers and contact details (Clerk)

  • Account identifiers from our authentication provider (for example, a user ID).
  • Contact details such as name and email address.
  • Any other profile details you choose to provide.

1.2 Booking and transaction information

  • Booking details (service, schedule, status, notes).
  • Transaction records relating to bookings, refunds, disputes, earnings, and payouts.

1.3 Payment references (Stripe)

  • Stripe identifiers such as payment IDs, refund IDs, and payout/transfer references.

We do not store full payment card details. Payment card information is handled by Stripe.

1.4 KYC / identity verification (Sumsub)

  • Identity verification status and related verification metadata.
  • Identity documents and related verification data you submit for verification.

1.5 Messages and attachments

  • Messages sent through the Platform.
  • Attachments you upload through the Platform (for example, images or documents).

1.6 Logs, analytics, and error data (including Sentry)

  • Device and browser information.
  • IP address and approximate location information derived from IP address.
  • Platform usage and diagnostic data.
  • Error and performance monitoring data.

2. How we use personal information

We use personal information to:

  • operate the Platform (accounts, listings, bookings, messaging);
  • process payments, refunds, and payouts through Stripe and Stripe Connect;
  • provide customer support and administer disputes;
  • verify Providers and manage platform risk and safety;
  • detect and prevent fraud, abuse, and security incidents; and
  • monitor performance and maintain the reliability of the Platform.

3. How we share personal information

3.1 Sharing between Customers and Providers

We share information between Customers and Providers only to the extent necessary to complete bookings and provide services (for example, booking details and communications).

3.2 Third-party processors

We use the following service providers to operate the Platform. These providers may process personal information on our behalf:

  • Clerk (authentication)
  • Stripe and Stripe Connect (payments, refunds, transfers, and payouts)
  • Sumsub (KYC / identity verification)
  • Cloudflare R2 (file storage)
  • Neon (database hosting)
  • Vercel (hosting and runtime infrastructure)
  • Resend (email delivery)
  • Sentry (monitoring, error tracking, performance)

3.3 Legal and safety disclosures

We may disclose personal information where required by law, or where reasonably necessary to protect users, the public, or the Platform.

4. Cross-border processing

Some of our third-party processors operate internationally. Personal information may be stored or processed outside New Zealand (for example, in the United States, the European Union, Australia, or other locations depending on the provider configuration).

5. How long we keep your information

We only keep personal information for as long as it's needed to run the platform, meet legal obligations, and resolve issues like payments or disputes.

Here's a simple breakdown:

Financial & booking records

We keep records of bookings, payments, refunds, earnings, and payouts for 7 years. This is required for legal, tax, and accounting purposes.

Identity verification (KYC)

Identity verification information is kept while your account is active, and for up to 12 months after your account is closed, unless we're required to keep it longer by law.

Messages and in-platform communications

Messages and related attachment references are kept for up to 2 years to support dispute resolution, safety, and platform integrity.

Logs, analytics, and error tracking

Technical logs and error data are kept for 30 to 90 days, depending on the system, and are used only for security, diagnostics, and performance monitoring.

We may retain information for longer periods where required or permitted by law, or where reasonably necessary to enforce our terms or resolve disputes.

6. Your rights (NZ Privacy Act 2020)

You can request:

  • Access to personal information we hold about you.
  • Correction of personal information if you believe it is inaccurate.
  • Deletion of personal information, subject to our retention obligations (for example, financial record retention).

6.1 How requests are handled (implementation honesty)

Some privacy requests are handled manually by platform administrators at this stage. We may need to verify your identity before processing a request.

To make a request, email: privacy@verialservices.nz

7. Security

We use reasonable safeguards designed to protect personal information, including access controls and encryption in transit. No method of transmission or storage is completely secure.

8. Cookies

We use cookies and similar technologies for authentication, security, and basic site functionality. Some providers may also set cookies (for example, for security and performance).

9. Children

The Platform is not intended for people under 18.

10. Changes

We may update this Privacy Policy from time to time. We will update the “Last Updated” date when changes are made.

11. Contact

Email: privacy@verialservices.nz

Location: Auckland, New Zealand