Privacy Policy.

We collect information in three ways:

• Information you provide — name, email, company, role, project details, and anything you send through our contact form, strategy call booking, or in-project communications.
• Payment information — billing name and address; credit card data is processed by Stripe and never touches our servers.
• Usage information — anonymized analytics on page views, referrers, and device type, collected through privacy-respecting analytics.

We use the information we collect to:

• Deliver the services described in your Statement of Work.
• Communicate with you about your project, invoices, and scheduled syncs.
• Send occasional updates about new services or relevant insights — you can unsubscribe at any time.
• Improve our website, offers, and internal operations.
• Comply with legal obligations (tax reporting, dispute resolution).

We never sell your personal data. We never share it with advertisers.

Where GDPR applies, we process personal data under one of the following lawful bases: performance of our contract with you, our legitimate business interests (running and improving the service), compliance with legal obligations, or your consent — which you can withdraw at any time.

Project files live in encrypted cloud storage with role-based access. Payment data is tokenized and held by Stripe under PCI-DSS. Contracts and client records live in a vetted SaaS CRM. All internal accounts are protected by MFA.

No system is perfectly secure. If we ever become aware of a breach affecting your data, we will notify you and any relevant regulator within 72 hours as required by law.

We use the following sub-processors to deliver the service. Each operates under its own privacy policy and a data-processing agreement with us:

• Stripe — payment processing.
• Cal.com — scheduling strategy calls.
• Cloudflare — hosting, CDN, and DDoS protection.
• Sanity — content management for our website.
• Slack — client communication.
• Google Workspace — email and internal documents.

We use a minimal set of first-party cookies required for site function. We do not use third-party advertising pixels, cross-site tracking cookies, or session recording tools.

Analytics are aggregated and stripped of personal identifiers before they reach us. You can disable cookies in your browser without losing any meaningful functionality.

Depending on your jurisdiction you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data, subject to legal retention obligations.
• Object to or restrict certain processing.
• Receive your data in a portable format.
• Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@vervhq.com. We respond within 30 days.

VERV HQ is based in Wyoming, USA. Your data may be transferred to and processed in the United States and other jurisdictions where our sub-processors operate. Where required, we rely on Standard Contractual Clauses and other approved transfer mechanisms to ensure your data remains protected.

We retain personal data for as long as you are an active client plus the period required to fulfill our legal and accounting obligations — typically 7 years for financial records. Project files are archived for 2 years after the engagement ends and deleted on request.

We may update this Privacy Policy as our practices evolve. Material changes will be communicated to active clients by email at least 30 days before they take effect. The current version is always published on this page with the "Last updated" date above.

Privacy questions or requests: privacy@vervhq.com.