Last updated: April 17, 2026
Verleon AI ("Verleon," "we," "us," or "our") operates the verleon.ai website and related services (collectively, the "Platform"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use the Platform.
We collect the following categories of information: • Account Information — name, email address, and a securely hashed password when you register. • Payment Information — processed and stored exclusively by Stripe, our PCI-compliant payment processor. We never store credit card numbers, CVVs, or full card details on our servers. • Usage Data — searches performed, properties saved or favorited, dashboard interactions, login timestamps, and feature usage patterns. • Device & Log Data — IP address, browser type, operating system, referring URL, and access timestamps collected automatically through server logs. • Communications — messages you send through our contact form or customer support channels. • Third-Party Enrichment — when you use skip-trace or property enrichment features, data is retrieved from licensed third-party providers on your behalf.
We use collected information to: • Provide, operate, and maintain the Platform and its features. • Process transactions, manage subscriptions, and enforce plan limits. • Personalize your experience, including saved searches, favorites, and deal alerts. • Communicate important account updates, security notices, and billing changes. • Analyze aggregate, anonymized usage patterns to improve performance and features. • Detect, prevent, and respond to fraud, abuse, or security incidents. • Comply with legal obligations and enforce our Terms of Service. We do not use your data to build advertising profiles or serve targeted ads.
We do not sell, rent, or trade your personal information. We share data only with: • Stripe — payment processing (PCI DSS Level 1 compliant). • Infrastructure Providers — cloud hosting and database services necessary to operate the Platform. • Property Data Providers — when you request skip-trace, comps, or enrichment data, minimal address data is sent to licensed vendors to fulfill your request. • Email Services — transactional emails (account verification, password reset, billing receipts) are sent through Resend. • Law Enforcement — only when required by valid legal process (subpoena, court order, or applicable law). All third-party providers are bound by data processing agreements and are prohibited from using your data for their own purposes.
We implement industry-standard security measures, including: • Encryption in transit (TLS/HTTPS on all connections). • Password hashing with bcrypt (12 rounds). • JWT-based authentication with short-lived tokens and refresh token rotation. • Row-level security (RLS) policies on all database tables to enforce data isolation. • Security headers (HSTS, CSP, X-Frame-Options, nosniff). • Rate limiting on authentication endpoints and sensitive API routes. No system is 100% secure. We strongly recommend using a unique, strong password and enabling any available multi-factor authentication.
We use only essential cookies and local storage: • Authentication Cookie — a secure, SameSite=Strict cookie containing your session token. Required to access your dashboard. • Refresh Token Cookie — an httpOnly cookie used to issue new session tokens without re-entering your password. • Theme Preference — stored in localStorage for dark/light mode persistence. We do not use third-party advertising or tracking cookies. No data is shared with ad networks.
• Account Data — retained for as long as your account is active and for 30 days after deletion to allow recovery. • Search & Activity Logs — retained for 12 months, then automatically purged. • Payment Records — retained as required by tax and financial regulations (typically 7 years). • Server Logs — retained for 90 days for security and debugging purposes. You may request earlier deletion by contacting us at the email below.
Depending on your jurisdiction, you may have the right to: • Access — request a copy of the personal data we hold about you. • Correction — request correction of inaccurate or incomplete data. • Deletion — request deletion of your account and associated data. • Portability — receive your data in a structured, machine-readable format (CSV export). • Restriction — request that we limit processing of your data. • Objection — object to processing based on legitimate interests. • Opt-Out — unsubscribe from non-essential email communications at any time. To exercise any of these rights, email info@verleon.ai. We will respond within 30 days.
The Platform is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from a minor, we will delete it promptly.
Our servers are located in the United States. If you access the Platform from outside the U.S., your data will be transferred to and processed in the U.S. By using the Platform, you consent to this transfer. We take appropriate safeguards to protect data in accordance with this Privacy Policy.
We may update this Privacy Policy from time to time. Material changes will be communicated via email to your registered address or through an in-app notification at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
For privacy-related questions, data requests, or concerns, contact us at: Verleon AI Email: info@verleon.ai