Privacy Notice
Last updated: 10 June 2026
1. Who we are
Muver (trading as Veridax Forge) is the data controller for the personal data collected through this website and our services. We are responsible for deciding how and why your personal data is used.
2. What personal data we collect
We collect the following categories of personal data:
- Identity data: name, username or similar identifier.
- Contact data: email address.
- Account data: login credentials and account preferences.
- Support data: messages and communications you send us.
- Usage data: how you interact with our services, features used, and session duration.
- Device data: IP address, browser type, device identifiers, and operating system.
3. How we use your data and why
We use your personal data for the following purposes:
- To provide our service — account creation, validation reports, verification requests, and build engagements (legal basis: contract performance).
- Security and fraud prevention — detecting suspicious activity and protecting our systems (legal basis: legitimate interests).
- Product improvement — analysing usage patterns to improve features and performance (legal basis: legitimate interests).
- Customer support — responding to your enquiries and resolving issues (legal basis: contract performance and legitimate interests).
- Marketing — sending updates about new features or services, where you have consented (legal basis: consent).
- Legal compliance — meeting our obligations under applicable law (legal basis: legal obligation).
4. Who we share data with
We share personal data with the following categories of recipients:
- Service providers: hosting, analytics, and support tooling providers who process data on our behalf under strict contractual safeguards.
- Payment processors (Paystack, Yoco, Ozow): for card processing, EFT, and settlement of South African transactions. Each processor acts as an independent data controller for the cardholder and transaction data it handles.
- Professional advisers: legal and accounting professionals, where necessary.
- Authorities: where required by law or to protect our legal rights.
4a. Sub-processors
We rely on the following sub-processors to operate Veridax. Each is bound by data-processing terms and processes only the data needed for its stated purpose.
| Sub-processor | Purpose | Region |
|---|---|---|
| Supabase | Database, authentication, file storage | EU / US |
| Cloudflare | Edge compute, CDN, DDoS protection | Global edge |
| Lovable AI Gateway | AI verdicts, redaction, question generation | EU / US |
| Paystack | Card payments & subscriptions (ZA) | South Africa |
| Yoco | Card payments (ZA) | South Africa |
| Ozow | Instant EFT payments (ZA) | South Africa |
| Resend | Transactional email delivery | EU / US |
| Google (OAuth) | Optional sign-in via Google account | Global |
5. Data retention
We keep your personal data for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. When data is no longer needed, we delete or anonymise it securely.
6. Your rights
Under applicable data protection law, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erasure ("right to be forgotten") in certain circumstances.
- Restrict processing of your data.
- Data portability — receive your data in a structured, machine-readable format.
- Object to processing based on legitimate interests.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with a supervisory authority.
You can self-serve the most common requests from your account privacy page — including downloading a full export of your data and requesting account deletion (30-day cancellation window). For anything else, contact us at support@veridax.co.za. We respond to all requests within one month.
These rights are recognised under both the South African Protection of Personal Information Act (POPIA) and the EU/UK General Data Protection Regulation (GDPR).
7. Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit and at rest, access controls, and regular security assessments. No method of transmission over the internet is completely secure, but we follow industry best practices.
Breach notification. In the event of a personal data breach likely to result in risk to your rights and freedoms, we will notify affected users without undue delay and, where feasible, within 72 hours of becoming aware of it — consistent with POPIA and GDPR obligations.
8. Cookies and similar technologies
We use two categories of cookies and similar storage:
- Essential. Required for authentication, session continuity, and security. These cannot be disabled.
- Analytics (optional). Aggregate, privacy-respecting usage measurement to help us improve the product. Set only after you accept via the on-site consent banner.
You can change your choice at any time by clearing the veridax-cookie-consent entry in your browser's local storage, which will re-show the banner on your next visit.
9. International transfers
Your personal data may be transferred to and processed in countries outside of South Africa or the EEA. Where this occurs, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.
10. Contact us
If you have any questions about this privacy notice or our data practices, please contact us at support@veridax.co.za.