Privacy Policy

VeriCore, its affiliates, assigns, and subsidiaries (“We“, “Us“, or “Our“) is engaged in the business of providing real-time vehicle and identity verification APIs (Vehicle RC Verification, Chassis-to-RC Verification, Aadhaar Verification, Aadhaar-to-PAN Verification, and Driving License Verification) to businesses (“Clients“) for use in their own onboarding, KYC, and compliance workflows, and owns and operates the website vericoreapi.com (the “Website“). By submitting an inquiry, registering for API access, or otherwise using the Website (collectively, “You” or “Your“), You agree to the practices described in this Privacy Policy (“Policy“).

If You register for API access or submit an inquiry on behalf of a company, organization, or other juristic person (“Entity“), then (a) “You” shall include the natural person accessing the Service on behalf of that Entity, and (b) You represent and warrant that You are duly authorized to bind that Entity to this Policy.

VeriCore cares about Your privacy and wants You to be familiar with how VeriCore collects, uses, and discloses data. This Policy, effective as of 05/02/2025, describes the treatment of information provided or collected on the Website, through our API products and developer documentation, and through any other interaction with VeriCore.

This document is an electronic record in terms of the Information Technology Act, 2000 (“IT Act“) and the rules and regulations made thereunder, as applicable and amended from time to time. This electronic record is generated by a computer system and does not require any physical or digital signature.

This Policy may be amended by Us from time to time and any subsequent changes will be posted on the Website. You are advised to check this Policy regularly to stay familiar with its current terms.

1.0 A Note on the Two Categories of Data This Policy Covers

VeriCore’s Services are used in two distinct ways, and different parts of this Policy apply to each:

• (a) Website and inquiry data — information You provide directly to VeriCore when browsing the Website, requesting a demo, contacting sales, or registering for API access. For this category, VeriCore is the data controller.
• (b) Verification data processed through the API — Aadhaar, PAN, vehicle RC, chassis, or driving license data submitted to VeriCore’s API by Our Clients in order to verify their own end users. For this category, VeriCore generally acts as a data processor on behalf of the Client, who is responsible for obtaining lawful consent from their end user before submitting any such data to Us. Section 1.7A below addresses this category specifically.

---

1.1 Type of Personal Information Collected by Purpose

In general, You can browse the Website without revealing any information about Yourself. However, if You wish to request a demo, contact sales, or register for API access, You will be required to, and consent to, providing Us with the following information:

1.1.1. name; 1.1.2. company name; 1.1.3. official email address; 1.1.4. phone number; 1.1.5. intended use case and estimated monthly verification volume; 1.1.6. billing information and bank account details (for active API customers); 1.1.7. username and password, or API key credentials, established in connection with Your developer account; 1.1.8. such other information as may reasonably be required by Us to evaluate or provision Your account.

1.2 Information We Collect Automatically

We collect information about Your use of the Website and Your interactions with Us, including:

1.2.1. activities on the Website; 1.2.2. Your interactions with Our sales, support, and email communications; 1.2.3. geo-location information through Your Internet Protocol (“IP”) address; 1.2.4. device information such as device ID, browser type, and operating system; 1.2.5. information collected via cookies and similar technologies (see Section 1.11).

1.3 User Experience and Support

We use Your IP address to help diagnose issues with the Website and to administer Our systems. We may also use it to gather broad, non-identifying demographic information to improve the Website experience. We monitor traffic patterns and Website usage to improve the Services We provide.

1.4 Publicly Available Information

Any information You voluntarily post in public areas of the Website (if any) becomes published content and is not treated as personally identifiable information under this Policy.

1.5 Opting Out of Further Contact

If You tell Us that You do not want further contact beyond fulfilling Your specific request, We will respect that. Wherever possible, We will indicate whether providing information is mandatory or optional. If You decline to provide information We need, We may not be able to evaluate Your inquiry or provision API access, and We will not be liable for any resulting inability to provide Services.

1.6 Accuracy of Information

You are requested to provide correct, accurate, and complete information. We are not responsible for the authenticity of information You supply, or for any inconvenience caused as a result of inaccurate information.

1.7 Personal Information and Its Use

1.7.1. You are responsible for informing Us if any of Your personal information needs to be updated in Our records. If We suspect unauthorized use of Your account, We may contact You.

1.7.2. We may use Your information for purposes including:

   i. evaluating Your inquiry and provisioning API access;    ii. providing support, troubleshooting, and notifying You of product updates;    iii. billing and account management;    iv. detecting and preventing fraud, abuse, or misuse of the API;    v. developing new verification products and improving existing ones;    vi. sending administrative communications regarding Our Services;    vii. with Your consent, sending product updates or marketing communications;    viii. defending Ourselves in litigation or regulatory investigations;    ix. complying with Our legal and regulatory obligations.

1.7.3. You may opt out of marketing communications at any time by following the unsubscribe instructions in any email, or by contacting Us at [privacy@vericoreapi.com].

1.7A Verification Data Processed Through the API (Aadhaar, PAN, RC, Driving License)

This section applies specifically to the data described in Section 1.0(b) above.

1.7A.1. Source of data. VeriCore does not collect Aadhaar, PAN, vehicle RC, chassis, or driving license data directly from individual end users. This data is submitted to VeriCore’s API by Our Clients, who are solely responsible for obtaining valid, informed consent from the relevant individual before transmitting their data to Us.

1.7A.2. Authorized channels. Aadhaar verification is performed only through UIDAI-authorized channels (e.g., OTP-based or QR/offline eKYC, as applicable). [Confirm and state actual licensing/partner arrangement — e.g., whether VeriCore operates as a registered sub-AUA/KUA or accesses Aadhaar verification through a licensed partner.]

1.7A.3. Purpose limitation. Verification data received through the API is used solely to perform the specific verification requested and to return the result to the Client. It is not used for marketing, profiling, analytics unrelated to the verification request, or any secondary purpose.

1.7A.4. Storage and retention. [Confirm actual practice: e.g., “Aadhaar numbers are stored only in masked/encrypted form and are not retained beyond the verification transaction, except where required for audit trails under applicable law” / state actual retention period for RC, PAN, and DL verification records.]

1.7A.5. No independent use by VeriCore. VeriCore does not use Aadhaar, PAN, RC, or driving license data obtained through the API to build independent profiles of end users, and does not share this data with any party other than as necessary to complete the verification or as required by law.

1.8 Securing Information

1.8.1. We employ reasonable security practices and procedures, including a documented information security program with managerial, technical, operational, and physical controls commensurate with the sensitivity of the information We process.

1.8.2. We use encryption to protect information in transit between Your systems and Ours, and restrict access to authorized personnel performing permitted business functions.

1.8.3. We retain Your account/registration information for as long as Your account is active or as needed to provide Services. To request that We stop using Your registration information, write to Us at [privacy@vericoreapi.com].

1.8.4. Transmission of information over the internet is never completely secure. You are responsible for protecting Your own credentials, including using a strong password and keeping Your API keys confidential. We are not responsible for activity resulting from unauthorized use of Your credentials.

1.9 Your Controls and Choices

1.9.1. Rectification. You may ask Us to correct inaccurate or incomplete information concerning You by emailing [privacy@vericoreapi.com].

1.9.2. Data Retention and Erasure. We retain personal information as long as necessary for Our legitimate business interests and to comply with Our legal obligations. You may request erasure of Your personal information and closure of Your account, subject to:

   i. retention necessary for fraud detection, prevention, and safety (e.g., to prevent a suspended account from being recreated);    ii. retention necessary to comply with legal, tax, or audit obligations.

1.9.3. Withdrawing Consent. You may withdraw consent at any time by emailing Us. We may verify Your identity before processing such a request, after which We will cease further processing for the relevant purpose.

1.9.4. Objection to Processing. If You do not provide information We require, We may be unable to deliver certain Services to You. Where collection is mandatory, We will indicate this clearly at the point of collection.

1.9.5. Opting Out of Outreach. You may opt out of periodic communications by following the unsubscribe instructions in any email or by contacting Us directly.

1.9.6. For end users verified via the API: if Your data was submitted to VeriCore by one of Our Clients (e.g., during a KYC or onboarding process with that Client), please direct data subject requests to that Client in the first instance, as they are the data controller for that interaction. VeriCore will support Clients in fulfilling such requests as required under applicable law.

1.10 Sharing Information with Third Parties

1.10.1. Your information may be shared with third parties in the following circumstances:

   i. Performance of services — with accountants, payment processors, cloud infrastructure providers, or other vendors performing services for Us, limited to what they need to perform that service;

   ii. Reorganization — if We reorganize, merge, or sell Our business, the successor will assume any rights We have in respect of Your information;

   iii. Investigation and safety — to investigate or prevent suspected fraud, unlawful activity, or threats to the safety, security, or rights of Our users, Clients, or the Website;

   iv. Legal compliance — where required by law, regulation, court order, or a valid request from a law enforcement or government authority, including cooperation under the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 and the Information Technology (Procedure and Safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009, where applicable;

   v. Authorized verification sources — with UIDAI-approved channels, vehicle registry systems, or PAN verification systems, strictly to complete the verification requested by a Client;

   vi. With the requesting Client — the verification result is returned to the Client who submitted the request. VeriCore does not sell or independently disclose Aadhaar, PAN, RC, or driving license data to any party other than as set out in this clause.

1.10.2. Third parties who process information on Our behalf are bound by confidentiality obligations restricting their use of the information to the specific outsourced function, unless You have given explicit permission for additional uses.

1.11 Cookies and Other Technologies

1.11.1. We use cookies and similar technologies on the Website to gather usage statistics, personalize Your experience, and tailor Our interactions with You.

1.11.2. A cookie is a small piece of data sent to Your browser and stored on Your device. Most cookies are used to measure usage and ease navigation; some are used to personalize a known visitor’s experience.

1.11.3. You can typically configure Your browser to notify You before accepting a cookie, or to reject cookies altogether. Disabling cookies may limit certain Website features.

1.11.4. The Website may contain cookies placed by third parties (e.g., analytics providers). We do not control the use of such third-party cookies. [Build a separate Cookie Policy with a cookie inventory table if a consent banner is implemented.]

1.12 Advertisements and Links to Other Sites

1.12.1. The Website may contain links to other websites. We are not responsible for the privacy practices or content of such third-party sites, and recommend You review their policies before providing any information to them.

1.13 Applicable Law and Jurisdiction

This Website is created and controlled by VeriCore and shall be governed by the laws of India. Any dispute regarding the terms, conditions, or disclaimers of this Policy shall be subject to the exclusive jurisdiction of the courts at Mumbai, India.

1.14 Amendments to the Policy

We reserve the right, at Our sole discretion, to update or modify this Policy from time to time to ensure compliance with applicable law. Updated terms will be posted on the Website along with the date of revision and take effect immediately upon posting. You are responsible for reviewing the Policy periodically.

1.15 Grievance Policy and Contact Information

VeriCore is committed to addressing concerns about the use of Your personal information in a transparent and timely manner. If You have any questions, clarifications, or grievances regarding this Policy or VeriCore’s handling of Your personal information, You may contact Our Grievance Officer, appointed in accordance with the Information Technology Act, 2000 and rules made thereunder:

Grievance Officer: Srikant Address: [Registered Office Address] Email: [grievance@vericoreapi.com]

We will acknowledge and address grievances within the timeframe prescribed under applicable law.

1.16 Express Consent

By accessing the Website, submitting an inquiry, or using the Services, You expressly consent to Our collection, use, and disclosure of Your personal information in accordance with this Policy and applicable Indian law.

This Privacy Policy is to be read together with, and is incorporated by reference into, VeriCore’s Terms of Service.