GDPR & Compliance
Last updated July 15, 2026
Veriastra processes data that can be personal (emails, phone numbers, IP addresses). This page summarises how we support GDPR/UK-GDPR and similar regimes. It complements our Privacy Policy.
Controller / processor roles
For data you submit through the API about third parties (e.g. your customers), you are the controller and Veriastra is a processor acting on your instructions. You must ensure you have a lawful basis (e.g. legitimate interest, consent) before submitting such data. For our own website and account data, Veriastra is the controller.
Lawful basis
We process lookup inputs to perform the service you request (contract / your instructions) and maintain aggregate reputation and abuse-prevention signals (legitimate interest, balanced against individual rights via minimisation and retention limits).
Data subject rights
Individuals may request access, rectification, erasure, restriction, portability, or object to processing. Send requests to [email protected]. If we processed the data on a customer's behalf, we will refer the request to that customer (controller) and assist as processor.
Data minimisation & retention
We retain the minimum needed: result cache is short-lived, bulk job data ~30 days, IP reputation ~180 days, and we run automated purges on this schedule. We do not sell personal data or use lookup inputs for advertising.
Sub-processors
We use Cloudflare (DNS, TLS, CDN) and a dedicated hosting provider. Lookups query public infrastructure (DNS, DNSBLs, SMTP, public numbering data) only as needed to answer a request.
International transfers & security
Data is encrypted in transit (TLS). Where data crosses borders, we rely on appropriate safeguards. API keys are stored hashed and the Service runs isolated with least-privilege access.
Data Processing Agreement (DPA)
A DPA is available for business customers who need one. Request it at [email protected].