Privacy Policy

Last updated: February 8, 2026

Overview

Verimu respects your privacy. We do not collect personally identifiable information about you unless you voluntarily provide it, such as when you submit a contact form, register for a Verimu account, or install the Verimu GitHub App.

If you voluntarily provide your email address or other contact information, we may use it to inform you of changes to Verimu, to communicate about your account, or to provide product updates. At your request, we will remove your contact information from our files.

Information We Collect

Account information: When you create an account, we collect your name, email address, and organization name. If you connect via GitHub, we receive your GitHub username and the list of repositories you authorize.

Repository data: When you install the Verimu GitHub App, we access your project's dependency manifests (e.g., package-lock.json) to generate SBOMs and scan for vulnerabilities. We do not access, read, or store your source code.

Usage data: We collect anonymous, non-personally identifiable information to improve our product and evaluate usage patterns. This includes page views, feature usage, and session duration.

Cookies: We may use cookies to improve your experience and collect anonymous session information. Cookies are not required to use the Verimu website. If your browser is configured not to accept cookies, you will still be able to access Verimu and its content.

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Verimu service
  • Generate SBOMs and vulnerability reports for your projects
  • Send you alerts when new CVEs affect your dependencies
  • Communicate with you about your account and product updates
  • Improve and develop new features
  • Comply with legal obligations

Data Sharing

We do not make your contact information or any other personally identifiable information available to anyone outside Verimu or its service providers (who use the information only for authorized Verimu purposes) unless we are legally required to do so.

When we report information about Verimu usage, we report aggregate, non-personally identifiable data. We do not attribute feedback or usage data to specific individuals unless we obtain explicit permission.

Data Storage and Security

Verimu is hosted on EU-based infrastructure. Your data is processed and stored within the European Union. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate personal data
  • Request deletion of your personal data
  • Object to the processing of your personal data
  • Request a portable copy of your personal data
  • Withdraw consent at any time

To exercise any of these rights, contact us at hi@fullstackcraft.com.

Third-Party Services

Verimu may integrate with third-party services (such as GitHub) to provide its functionality. These services have their own privacy policies, and we encourage you to review them. Verimu is not responsible for the privacy practices of third-party services.

Changes to This Policy

Verimu may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of Verimu after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy, contact us at hi@fullstackcraft.com.