Legal

Privacy Policy

Last updated: January 27, 2026

Introduction

CarlyOS Inc. ("Verit," "we," "us," or "our") is committed to protecting the privacy of our customers, their end users, and visitors to our website. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our fraud prevention platform and related services.

Verit provides identity verification, income validation, and vehicle history services to auto lenders, dealerships, and financial institutions. We act as a service provider to these organizations in processing verification requests.

Information We Collect

Information from Business Customers

When organizations use our platform, we collect:

  • Business contact information (name, email, phone)
  • Account credentials and authentication data
  • Billing and payment information
  • API usage and access logs

Information from Verification Subjects

When processing verification requests on behalf of our customers, we may collect:

  • Identity Information: Name, date of birth, government-issued ID images, facial photographs
  • Contact Information: Email address, phone number, mailing address
  • Financial Information: Bank account connections (via Plaid/Flinks), income data, employment verification
  • Vehicle Information: VIN, vehicle history records
  • Device Information: IP address, device fingerprint, browser type

Sensitive Personal Information

We process certain sensitive data including Social Security Numbers (SSN) for verification purposes. SSNs are:

  • Encrypted using AES-256 at rest
  • Stored as cryptographic hashes for matching purposes
  • Never displayed in full to platform users
  • Retained only as long as necessary for verification

How We Use Your Information

We use collected information to:

  • Process identity, income, and vehicle verification requests
  • Detect and prevent fraud in vehicle financing transactions
  • Generate risk scores and fraud signals for our customers
  • Maintain audit trails for compliance purposes
  • Improve our fraud detection models and services
  • Communicate with customers about their accounts
  • Comply with legal obligations and law enforcement requests

Information Sharing

We share information with:

Service Providers

  • Veriff: Identity document verification
  • Plaid/Flinks: Bank connection and income verification
  • NMVTIS/CARFAX: Vehicle history checks
  • Cloud Infrastructure: Supabase, Vercel, AWS

Our Customers

We provide verification results, fraud scores, and related data to the lenders and dealerships who initiated the verification request.

Legal Requirements

We may disclose information when required by law, subpoena, court order, or to protect our rights and safety.

Data Security

We implement industry-standard security measures including:

  • AES-256 encryption for all data at rest
  • TLS 1.3 encryption for all data in transit
  • Role-based access controls (RBAC)
  • Multi-factor authentication for all users
  • Regular security audits and penetration testing
  • SOC 2 Type II certification (in progress)

For more details about our security practices, please visit our Security page.

Data Retention

We retain verification data for 7 years to comply with regulatory requirements and support fraud investigations. After this period, data is securely deleted or anonymized.

Audit logs are retained indefinitely and are immutable to ensure compliance with Red Flags Rule requirements.

Your Rights

California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (we do not sell data)
  • Non-discrimination for exercising your rights

All Users

You may:

  • Access your personal information
  • Request correction of inaccurate data
  • Request deletion (subject to legal retention requirements)
  • Withdraw consent where applicable

Contact Us

For privacy-related inquiries or to exercise your rights, please contact us at:

CarlyOS Inc.

Privacy Team

Email: privacy@verit.io

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.