Last updated: 1 June 2026
Verdix AS ("Verdix", "we", "us") is the data controller for personal data processed through our Revenue Intelligence platform. Verdix AS is incorporated in Norway, and our primary data infrastructure is hosted in Frankfurt, Germany (EU).
We collect: (a) Account data — name, email address, company name, role. (b) Contract documents you upload for analysis — these may contain personal data of your counterparties. (c) Billing records and invoices you upload. (d) Usage data and interaction logs for product improvement. We do not collect payment card data; payments are handled by our payment processor.
We process your data on the basis of contract performance (to deliver the service you signed up for), legitimate interest (fraud prevention, product analytics), and consent (marketing communications, where you opt in). Contract documents and billing records are processed on the basis of your explicit instruction as our customer.
Contract and billing data is sent to our AI processing pipeline (Claude, operated by Anthropic) solely for the purpose of extracting commercial terms and detecting billing discrepancies. Raw document text is not retained by Anthropic beyond the API call. We do not train AI models on your data.
Account data is retained for the duration of your subscription plus 30 days after termination. Uploaded documents are retained for 90 days after job completion, after which they are deleted from storage. Extracted structured data (contract terms, findings) is retained for the duration of your subscription.
AI processing is carried out via the Anthropic API (servers in the United States). This transfer is governed by EU Standard Contractual Clauses (SCCs) as required under Article 46 GDPR.
Under GDPR you have the right to: access your data, correct inaccuracies, request erasure, restrict processing, data portability, and to object to processing. To exercise any of these rights, email privacy@verdix.io. You also have the right to lodge a complaint with your local supervisory authority.
All data is encrypted at rest (AES-256) and in transit (TLS 1.3). We perform annual penetration testing and maintain SOC 2 Type II certification. Access to production data is restricted to named employees on a need-to-know basis.
Data Protection contact: privacy@verdix.io. Verdix AS, Pb 1234, 0103 Oslo, Norway.