Privacy Policy

Account information. When you create an account, we collect your name, email address, and company name (if applicable).

Employee information you submit. To process a verification, we collect the name, address, and contact information of the employee you are verifying. This information may include data considered "sensitive" under certain state privacy laws, including government-issued identification details and precise geolocation data. We collect this sensitive information solely because it is necessary to perform the verification service you have requested. Where required by applicable law, we rely on the employer to obtain explicit consent for the processing of sensitive personal data. We process such data only on documented instructions from the employer.

Payment information. Payments are processed by Stripe. We do not store your full card number. Stripe provides us with a payment confirmation and a customer ID. See Stripe's privacy policy at stripe.com/privacy.

Verification documents. We collect and store the notarized document returned from the verification appointment, along with associated metadata (date, location, notary information).

Location data. As a core part of the verification service, we collect geo-confirmed location information associated with the verification appointment. This includes the designated notary location address and confirmation that the appointment occurred at that location. This location data is necessary to fulfill the verification service.

Usage data. We collect standard server logs including IP addresses, browser type, and pages visited, for security and service improvement purposes.

Sources of personal information. We collect personal information from the following sources: (a) directly from you when you create an account or use the Service; (b) from employers who submit employee information for verification; and (c) automatically through server logs, cookies, and similar technologies when you interact with our website.

Cookies and tracking technologies. We use two categories of cookies: (1) essential cookies, which are necessary to maintain your authenticated session and operate the Service; and (2) analytics cookies, which measure website traffic and usage patterns through a web traffic measurement service. We do not use cookies for advertising or targeted marketing purposes. You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the Service. Disabling analytics cookies will not affect your ability to use the Service.

We process your information for the following purposes. Where applicable, we note the justification for processing:

• Account information, to create and manage your account (necessary to perform our contract with you)
• Employee information, to coordinate and complete the verification you ordered (necessary to perform our contract with you; processed on employer's instructions)
• Payment information, to process payments via Stripe (necessary to perform our contract with you)
• Verification documents and location data, to deliver the completed verification and confirm location (necessary to perform our contract with you)
• Usage data and cookies, to maintain security, improve our service, and measure website traffic (legitimate business interest)
• Communications, to send status updates and respond to support requests (necessary to perform our contract with you)

Categories of personal information and business purposes. For purposes of the California Consumer Privacy Act (CCPA/CPRA): (a) identifiers (name, email, address), used to create accounts and coordinate verifications, shared with notaries and service providers; (b) commercial information (purchase history), used to process payments, shared with Stripe; (c) internet or network activity (usage data, cookies), used for security and service improvement, shared with analytics provider; (d) geolocation data (verification location), used to confirm verification location, shared with notaries; (e) professional or employment-related information (submitted by employers), used to complete verifications, shared with notaries.

We do not sell your personal information as defined under applicable law, including the California Consumer Privacy Act, the Virginia Consumer Data Protection Act, and other state privacy laws. We do not share or make available your personal information to third parties for advertising, marketing, targeted advertising, or profiling purposes. We do not use employee information submitted through our service for any purpose other than completing the verification you requested.

When an employer submits employee information through our Service, the employer acts as the controller (or "business") of that data and determines the purpose and means of processing. PinpointVerify acts as a service provider and processor, processing employee data solely on the employer's instructions and for the purpose of completing the requested verification.

We do not independently determine how employee data is used. We do not retain employee data beyond what is necessary to fulfill the verification and comply with our retention policy. Employers are responsible for ensuring they have appropriate legal basis and consent to submit employee information through our Service.

With notaries. We share the employee's name, the appointment location, and the verification document template with the state-licensed notary coordinating the appointment. Notaries act as independent third parties and are not service providers or processors acting on our behalf. They are independently licensed and regulated by their state.

With Stripe. We share payment information with Stripe to process your transaction. Stripe is a PCI-compliant payment processor.

With service providers. To operate our Service, we use third-party providers for hosting, email automation, reimbursement services, parcel services, error logging, and web traffic measurement. All service providers are bound by contractual obligations including confidentiality, data protection, limitations on use, and data minimization requirements. These providers process data on our behalf and solely for the purposes of providing their services to us. They may not use your data for their own purposes.

Legal requirements. We may disclose information if required by law, court order, or to protect the rights and safety of PinpointVerify or others.

We do not share your information with any third parties for advertising, marketing, or targeted advertising purposes.

We determine retention periods based on legal obligations, contractual requirements, and operational necessity. Specific retention periods are as follows:

• Digital verification records, including scanned notarized documents, verification summaries, location data, and associated employee information, are retained for up to twelve (12) months. We may permanently delete these records after that period. Deletion is typically executed on an annual cadence on or around the anniversary of your account creation date. We will notify the account email at least thirty (30) days before a scheduled deletion so you have time to download a copy from your dashboard or request a physical mailing (see below).
• Physical notarized documents. After scanning the original and uploading the digital copy to your dashboard, we retain the physical paper original throughout the same retention period. You may request that we mail the original physical document to you by emailing support@pinpointverify.com. We will provide the current mailing fee (covering printing if needed, secure handling, and shipping) at the time of your request. Physical originals not requested for mailing within the retention period may be securely shredded at our discretion. Once an original is shredded or mailed to you, we no longer hold it.
• Payment records are retained as required by applicable financial and tax law.
• Account information is retained for as long as your account is active. Upon account deletion, we will remove your personal information within 30 days, except where retention is required by law. Physical originals associated with the account may be mailed (at the fee disclosed above) or shredded at our discretion.
• Server logs and usage data are retained for up to 12 months.

Depending on your state of residence, you may have some or all of the following rights regarding your personal information:

• Access the personal information we hold about you
• Correct inaccurate personal information
• Request deletion of your personal information, subject to legal retention requirements
• Receive a copy of your data in a portable format
• Opt out of the sale or sharing of your personal information (we do not sell or share your data, so this right is not applicable, but we honor it nonetheless)
• Opt out of targeted advertising (we do not engage in targeted advertising)
• Opt out of automated decision-making and profiling (we do not currently use automated decision-making or profiling)

To exercise these rights, contact us at legal@pinpointverify.com. We will respond within 45 days of receiving a verifiable request. If we need additional time, we will notify you of the reason and extension period (up to an additional 45 days).

Right to appeal. If we deny your request, you have the right to appeal our decision. To appeal, reply to our denial or email legal@pinpointverify.com with the subject line "Privacy Rights Appeal." We will respond to your appeal within 60 days. If you are not satisfied with our response, you may contact your state's attorney general.

Non-discrimination. We will not discriminate against you for exercising any of your privacy rights. We will not deny you services, charge you different prices, or provide a different quality of service because you exercised a privacy right.

If you are an employee whose information was submitted by an employer through our Service, you may also contact us directly to exercise your data rights. You do not need to be a PinpointVerify account holder to submit a request regarding your personal information.

California (CCPA/CPRA). If you are a California resident, you have the rights described in Section 6 above, including the right to know, delete, correct, and opt out. We do not sell your personal information as defined under the CCPA. We do not share your personal information for cross-context behavioral advertising. Categories of personal information we collect include: identifiers (name, email, address), commercial information (purchase history), internet activity (usage data, cookies), geolocation data (verification location), and professional or employment-related information (submitted by employers).

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Oregon (OCPA), Texas (TDPSA). Residents of these states have rights to access, correct, delete, obtain a copy of, and opt out of targeted advertising, sale, and profiling. We do not engage in any of these activities. You may exercise your rights and appeal denied requests as described in Section 6.

All U.S. states. We aim to apply consistent data protection standards to all users regardless of state of residence. If your state enacts additional privacy protections, we will comply with applicable requirements.

legal@pinpointverify.com

Contact legal@pinpointverify.com for mailing address.