Privacy and GDPR Notice

Verified Property Passport operates verified.cy and can be contacted at ask@verifiedcy.com.

For account, billing, product, compliance and public share report activity, the platform acts as the data controller unless a signed customer DPA states that it acts as a processor for a customer workflow.

A named DPO or privacy lead should be added before real production onboarding if the launch review confirms that one is required.

We process account details, company membership, roles, uploaded verification files, verification statuses, property records, transaction records, subscription and payment records, support messages, API keys, integration logs and access logs.

Public share reports show only summary fields, verification status, scores, expiry and report metadata. Raw ID, proof of address, bank, source of funds and legal documents are not exposed through public reports.

Core account, subscription and verification workflows are processed to provide the service and manage contracts.

Audit logs, duplicate prevention, fraud signals, dispute evidence and platform security are processed for legitimate interests and legal/compliance duties.

Share links, third-party report access and optional marketing contact rely on user control and consent where consent is the correct legal basis.

Users can request access, export, correction, restriction, deletion review and revocation of shared report access from the dashboard.

Deletion may be limited where billing, tax, legal claim, dispute, fraud prevention or verified transaction retention obligations apply.

Users may complain to the Cyprus Commissioner for Personal Data Protection or another competent EU supervisory authority.