Privacy Policy - The Vermeulen Group

---

Effective Date: January 1, 2025
Last Updated: January 1, 2025

The Vermeulen Group ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products and services, including but not limited to our "Is It Real" AI verification service and other digital solutions.

Our Mission: We develop accessible technology solutions that empower users, particularly seniors and less tech-savvy individuals, to navigate the digital world safely and confidently.

When you use our services, we may collect:

• Contact Information: Phone numbers (for WhatsApp-based services), email addresses
• Account Information: User preferences, language settings, subscription status
• Payment Information: Billing details, transaction history (processed securely through third-party providers)
• Communication Data: Messages, images, text, voice recordings, and URLs you submit for analysis

We automatically collect:

• Service Usage: Number of verifications performed, feature usage patterns, session duration
• Technical Data: Device information, IP addresses, browser type, operating system
• Performance Data: Response times, error rates, service availability metrics

For our "Is It Real" service and similar AI-powered tools:

• Text Content: Messages, articles, social media posts, or other text you submit for verification
• Images: Photos, screenshots, memes, or visual content for authenticity analysis
• Voice Recordings: Audio messages or voice notes for deepfake detection
• URLs: Web links and associated metadata for content verification
• Context Information: Follow-up questions, clarifications, or additional details you provide

• Analysis and Verification: Process submitted content using AI models to detect deepfakes, misinformation, and manipulated media
• Personalized Responses: Provide tailored explanations and safety advice based on your submissions
• Multi-Turn Conversations: Maintain context for follow-up questions and clarifications
• Credit Management: Track usage credits and process payments for premium features

• AI Model Enhancement: Improve detection accuracy through aggregated, anonymized data analysis
• User Experience Optimization: Enhance interface design and response quality
• Feature Development: Develop new verification capabilities and accessibility features
• Error Prevention: Identify and resolve technical issues or service interruptions

• Fraud Prevention: Detect and prevent abuse, spam, or malicious usage
• Content Moderation: Ensure appropriate use of our services
• Legal Compliance: Meet regulatory requirements and respond to legal requests

We share information with trusted partners who assist in providing our services:

AI and Analysis Services:

• OpenAI: Text analysis using GPT models for AI-generated content detection
• Google (Gemini): Image and multimodal content analysis
• Reality Defender: Specialized deepfake detection (when applicable)

Infrastructure and Operations:

• Meta/WhatsApp Business API: Message delivery and communication
• Supabase: Secure database hosting and management
• n8n: Workflow automation and service orchestration
• DigitalOcean/Hosting Providers: Server infrastructure and data storage

Payment Processing:

• Stripe: Payment processing for US and international customers
• Paystack: Payment processing for South African customers

We may disclose information when required by law, legal process, or to:

• Comply with valid legal requests from government authorities
• Protect our rights, property, or safety, or that of our users
• Prevent fraud, abuse, or violations of our terms of service
• Respond to emergency situations involving potential harm

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the business transaction, subject to equivalent privacy protections.

• Submitted Content: Text, images, and audio content submitted for analysis are automatically deleted within 24 hours after processing
• Analysis Results: Verification results and explanations are retained only for the duration needed to deliver them to you
• Temporary Storage: Content may be temporarily stored in encrypted form during analysis processing

• Active Accounts: Account data is retained while you continue to use our services
• Inactive Accounts: Accounts inactive for 90 days are automatically deleted
• Payment Records: Transaction records are retained for 7 years for tax and regulatory compliance

• Aggregated Data: Anonymous usage statistics may be retained indefinitely for service improvement
• Personal Analytics: Individual usage patterns are deleted after 12 months

• Encryption: All data is encrypted in transit using industry-standard TLS protocols
• Access Controls: Strict access limitations to personal information on a need-to-know basis
• Monitoring: Continuous monitoring for unauthorized access or security breaches
• Regular Audits: Periodic security assessments and vulnerability testing

• Staff Training: Regular privacy and security training for all team members
• Data Minimization: Collection and retention limited to what's necessary for service provision
• Vendor Management: Due diligence and contractual privacy requirements for all third-party providers

Regardless of location, you have the right to:

• Access: Request information about what personal data we hold about you
• Correction: Update or correct inaccurate personal information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Opt-Out: Discontinue use of our services at any time

For European Union Users (GDPR):

• Right to data portability
• Right to restrict processing
• Right to object to processing
• Right to withdraw consent
• Right to lodge complaints with supervisory authorities

For California Users (CCPA):

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (Note: We do not sell personal information)
• Right to non-discrimination for exercising privacy rights

For South African Users (POPIA):

• Right to access and correction
• Right to object to processing
• Right to delete personal information
• Right to data portability

To exercise any of these rights, contact us at:

• Email: privacy@vermeulengrouptech.com
• WhatsApp: Send "DELETE MY DATA" to our service number
• Mail: The Vermeulen Group, Privacy Team, [Address to be provided]

We will respond to your request within 30 days (or as required by applicable law).

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we discover that we have collected information from a child under 16, we will delete it immediately. If you believe we have collected information from a child under 16, please contact us immediately.

Your information may be processed and stored in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by relevant authorities
• Adequacy Decisions where available
• Certification Schemes and codes of conduct
• Data Processing Agreements with all third-party providers

Our services primarily operate through WhatsApp messaging and do not use traditional web cookies. However, our support websites and payment pages may use:

• Essential Cookies: Necessary for service functionality
• Analytics Cookies: To understand usage patterns (anonymized)
• Payment Cookies: For secure transaction processing

You can control cookie settings through your browser preferences.

• Communication Channel: All interactions occur through WhatsApp Business API
• Content Analysis: Submitted content is processed by AI models and deleted within 24 hours
• Multi-Turn Conversations: Context is maintained temporarily to enable follow-up questions
• Credit System: Usage credits are tracked by phone number (hashed for privacy)
• No Content Storage: We do not retain analyzed images, text, or voice messages

As we develop additional products and services, we will update this policy or provide service-specific privacy notices as needed.

We may update this Privacy Policy periodically to reflect:

• Changes in our services or business practices
• Legal or regulatory requirements
• User feedback and industry best practices

Notification of Changes:

• Material Changes: We will notify you at least 30 days in advance via WhatsApp message, email, or service notification
• Minor Updates: Posted on our website with updated "Last Updated" date
• Your Options: If you disagree with changes, you may discontinue using our services

Privacy Officer: Benjamin Vermeulen

Contact Methods:

• Email: support@thevermeulengroup.com

Response Time: We aim to respond to all privacy inquiries within 5 business days.

Complaints Process:

1. Contact us directly using the information above
2. We will investigate and respond within 30 days
3. If unsatisfied, you may contact relevant supervisory authorities: 
   • EU: Your local Data Protection Authority
   • UK: Information Commissioner's Office (ICO)
   • South Africa: Information Regulator
   • California: California Attorney General

The Vermeulen Group is the data controller for personal information collected through our services.

We process personal information based on:

• Consent: For marketing communications and optional features
• Contract Performance: To provide requested services
• Legitimate Interests: For service improvement and security
• Legal Obligations: To comply with applicable laws

Our services use automated AI analysis to detect deepfakes and misinformation. 

You have the right to:

• Request human review of automated decisions
• Understand the logic behind automated processing
• Challenge automated decisions that significantly affect you

We conduct regular privacy impact assessments for our services, particularly when introducing new AI capabilities or data processing activities.

Acknowledgment: By using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Language Accessibility: This policy is available in multiple languages. If you need this policy in a different language or format for accessibility purposes, please contact us.

© 2025 The Vermeulen Group. All rights reserved.