Privacy Policy

Last updated: November 25, 2025

1. Introduction and Scope

This Privacy Policy governs the collection, processing, storage, and disclosure of personal information by Verriflo in connection with our live-class streaming platform. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Definitions: For purposes of this Privacy Policy:

"Organization" or "Host" refers to any educational institution, company, or individual educator who registers for and uses Verriflo's services to conduct live classes or streaming sessions.
"Participant," "Student," or "End-User" refers to any individual who joins or attends a live class or session hosted through Verriflo, whether or not they have a direct account with us.
"Data Controller" means the entity that determines the purposes and means of processing personal data. In most cases, the Organization is the Data Controller for class content and participant data.
"Data Processor" means the entity that processes personal data on behalf of the Data Controller. Verriflo acts as a Data Processor for data controlled by Organizations.
"Personal Information" or "Personal Data" means any information relating to an identified or identifiable natural person.

Data Processing Roles

Verriflo operates under a dual-role model depending on the nature of the data:

As Data Controller: For our direct customers (Organizations and Hosts), Verriflo acts as the Data Controller for account information, billing data, and platform usage analytics.
As Data Processor: For class content, recordings, and participant data, Verriflo acts solely as a Data Processor on behalf of the Organization, which remains the Data Controller.

This distinction determines where you should direct requests regarding your data rights. For participant data and class content, you must contact the Organization that controls such data. For account-related data, you may contact Verriflo directly.

2. Information We Collect

The categories of personal information we collect vary depending on your relationship with Verriflo and how you interact with our services. We collect information through three primary channels:

A. Information You Provide

Account Data: Name, email address, phone number, password
Profile Data: Profile pictures, bio, display preferences
Organization Data: Business information, billing details, business address, RTMP stream keys for third-party integrations (YouTube, Facebook)
Waitlist and Survey Data: Information you provide when joining our waitlist, participating in surveys, or providing feedback about our services
Communication Data: Messages sent to our support team, feedback, and inquiries

B. Live Class and Multimedia Data

Critical Notice: This data may include biometric-like information and proprietary content.

Audio and Video: Real-time audio and video data from your camera and microphone when you enable them during live sessions
Screen Sharing: Content displayed during screen sharing, which may include proprietary materials, presentations, and documents
Interaction Data: Chat messages, whiteboard drawings, polls, Q&A responses, hand-raising events, and other interactive features
Recordings: If the Host enables recording, we store the complete audio/visual file of the session, including all participants and content

Note: By turning on your camera and microphone, you consent to the collection and processing of this data for the purposes of providing the live streaming service.

C. Information Collected Automatically

Technical Logs: IP address, browser type and version, operating system, device identifiers
Quality of Service (QoS) Metrics: Bandwidth usage, packet loss, latency, connection stability, and other network performance data (essential for troubleshooting video quality issues)
Device Information: Camera and microphone model details to manage hardware compatibility and optimize performance
Usage Data: Features used, session duration, pages visited, and interaction patterns

3. How We Use Your Information

We process personal information only for specific, explicit, and legitimate purposes. The legal bases for our processing activities include contract performance, legitimate interests, legal compliance, and consent where applicable. We process your personal information for the following purposes:

Service Delivery: To establish WebRTC connections, transcode video, and deliver live streams to all participants in real-time
RTMP Relaying: To push your live stream to third-party platforms (YouTube, Facebook) at your specific instruction and configuration
Recording and Storage: To record sessions when enabled by the Host and store them for the agreed retention period
Product Improvement: Using aggregated and anonymized QoS data to improve video stability, optimize streaming quality, and enhance platform performance
Safety & Compliance: To detect abusive behavior during streams, prevent fraud, and comply with legal obligations
Customer Support: To respond to your inquiries, troubleshoot technical issues, and provide assistance
Billing and Payments: To process payments, generate invoices, and manage subscriptions
Communication: To send service announcements, updates about your account, and respond to your requests

4. Third-Party Streaming (RTMP) and Integrations

If a Host chooses to stream a Verriflo session to third-party platforms (e.g., Facebook Live, YouTube Live) via Real-Time Messaging Protocol (RTMP), Verriflo acts solely as a conduit for transmitting the data. Once the data is transmitted to the third-party platform, it is governed exclusively by that platform's Privacy Policy. Verriflo has no control over how Facebook, YouTube, or any other third-party platform stores, processes, displays, or shares your content after transmission.

We strongly recommend reviewing the privacy policies of any third-party platforms before enabling RTMP streaming, such as Facebook Privacy Policy (facebook.com/privacy) and YouTube Privacy Policy (policies.google.com/privacy).

By configuring RTMP streaming to third-party platforms, you acknowledge that you are responsible for ensuring compliance with those platforms' terms of service and privacy policies, and for obtaining any necessary consents from participants.

5. Recordings and Storage

Intellectual Property and Ownership: Verriflo makes no claim of ownership over any recordings, class content, or materials created or uploaded by Organizations or Hosts. All intellectual property rights in such content remain vested in the Organization or Host. Verriflo provides only the technical infrastructure for storage and retrieval of such content and acts solely as a custodian of the data on behalf of the Organization.

Recording Details

Access: Recordings are stored on Verriflo's cloud providers but are accessed exclusively via the Organization's dashboard. Other participants cannot access recordings unless the Organization shares them.
Retention Period: Recordings are stored according to the retention period agreed upon during organization creation or as specified in your service agreement.
Automatic Deletion: After the retention period expires, all recordings are permanently deleted from our servers without prior notice. Please refer to our Terms of Service for detailed information about data retention obligations.

Consent to Recording: By activating your camera or microphone during any live session, you expressly acknowledge and consent to the recording of your likeness, voice, and any content you share. If you do not consent to being recorded, you must keep your camera and microphone disabled and notify the Host of your objection. Verriflo is not responsible for recordings made by Organizations and has no control over how Organizations use, store, or distribute such recordings.

6. School & Educational Use (Children's Privacy)

Responsibility for Consent: Where Verriflo is used by or on behalf of children under the age of 13, or under the applicable age of digital consent in the relevant jurisdiction (e.g., 16 in certain European Union member states), the Organization is solely responsible for obtaining all necessary parental or guardian consents prior to such children's use of the platform. Verriflo relies on Organizations to comply with all applicable child privacy laws, including but not limited to the Children's Online Privacy Protection Act (COPPA) in the United States and Article 8 of the GDPR in the European Union.

Limited Processing of Student Data: Verriflo processes student personal information solely to the extent necessary to provide the educational services requested by the Organization. We do not and will not: (a) build marketing or behavioral profiles of students; (b) use student data for targeted advertising; (c) sell, rent, or disclose student data to third parties for marketing purposes; or (d) retain student data beyond the period necessary for educational purposes or as required by applicable law.

Compliance Obligation: Organizations using Verriflo for educational purposes warrant that they have obtained all necessary consents and authorizations to collect and process student data and that their use of Verriflo complies with all applicable privacy laws and regulations.

7. Data Sharing and Sub-Processors

Verriflo does not sell, rent, or trade personal information to third parties. We may disclose personal information only in the following circumstances:

Service Providers and Sub-Processors: We engage third-party service providers to perform functions on our behalf, including cloud hosting providers (e.g., Amazon Web Services, Microsoft Azure, DigitalOcean), Content Delivery Networks to optimize streaming performance, payment processors for financial transactions, and analytics providers to monitor and improve platform performance. These service providers have access to personal information only to the extent necessary to perform their designated functions and are contractually obligated to maintain the confidentiality and security of such information.

Legal and Regulatory Compliance

We may disclose personal information where required or permitted by law, including:

In response to valid legal process, including court orders, subpoenas, warrants, or regulatory inquiries;
To comply with applicable laws and regulations of Bangladesh or other jurisdictions;
To protect and defend the rights, property, or safety of Verriflo, our users, or the public, including in emergency situations;
To detect, investigate, prevent, or take action regarding fraud, security breaches, illegal activities, or violations of our Terms of Service;
In connection with a merger, acquisition, bankruptcy, or sale of assets, subject to confidentiality obligations.

8. International Data Transfers

Cross-Border Data Processing: In order to provide our services, personal information may be transferred to, stored in, and processed in Bangladesh or other jurisdictions where our service providers maintain facilities. These jurisdictions may have data protection laws that differ from those of your country of residence.

Transfer Safeguards: Where we transfer personal data from the European Economic Area (EEA), United Kingdom, or other jurisdictions with comprehensive data protection frameworks to countries that have not been subject to an adequacy decision by the relevant regulatory authority, we implement appropriate safeguards, including:

Standard Contractual Clauses approved by the European Commission or other relevant authorities;
Data Processing Agreements with our sub-processors imposing equivalent data protection obligations;
Encryption and pseudonymization during transmission and storage;
Security measures consistent with applicable industry standards and regulations.

Your Rights: Regardless of where your data is processed, you retain all rights granted under applicable data protection laws in your jurisdiction of residence.

9. Your Rights and Choices

Subject to applicable law, you may have certain rights with respect to your personal information. The exercise of these rights depends on your relationship with Verriflo and your jurisdiction:

Direct Users (Organizations and Hosts)

If you maintain a direct account with Verriflo, you may exercise the following rights, subject to applicable legal limitations:

Right of Access: Request confirmation of whether we process your personal information and obtain a copy thereof;
Right to Rectification: Correct inaccurate or incomplete personal information via your account settings or by contacting us;
Right to Erasure: Request deletion of your account and associated personal data, subject to legal retention obligations. Refer to our Data Deletion Policy for detailed procedures;
Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format;
Right to Object: Object to processing based on legitimate interests, including direct marketing;
Right to Restriction: Request restriction of processing under certain circumstances, such as during verification of accuracy or pending resolution of an objection.

Indirect Users (Participants and Students)

If you participate in classes or sessions through an Organization that uses Verriflo, the Organization acts as the Data Controller for your personal information. In such cases:

You must direct all data rights requests to the Organization (your school, employer, or the entity that invited you to the session). The Organization is responsible for responding to your requests and instructing Verriflo accordingly.

Verriflo will cooperate with Organizations to facilitate the exercise of your rights in accordance with our data processing obligations and applicable law, but we cannot process requests directly from participants or students without authorization from the controlling Organization.

Exercising Your Rights: To exercise your rights as a direct user, contact us at privacy@verriflo.com. We will respond within the timeframes required by applicable law (typically within 30 days for GDPR requests, which may be extended by an additional 60 days in complex cases). We may require verification of your identity before processing your request.

10. Security Measures

We implement technical and organizational measures designed to protect personal information against unauthorized access, accidental loss, destruction, or alteration. Our security practices include:

Encryption in Transit: All data transmitted between your device and our servers is encrypted using industry-standard TLS/SSL protocols;
Encryption at Rest: Video streams, recordings, and other stored data are encrypted when at rest on our servers;
Access Controls: Role-based access control (RBAC) restricts access to personal information to authorized personnel on a need-to-know basis;
Authentication: Strong password policies and support for multi-factor authentication (MFA) for account access;
Monitoring and Logging: Continuous monitoring for anomalous activities and potential security incidents;
Regular Assessments: Periodic security audits, vulnerability assessments, and penetration testing.

Limitation of Liability: Notwithstanding the security measures described above, no system can be completely secure. While we employ commercially reasonable measures to protect your personal information, we cannot guarantee absolute security of data transmitted over the Internet or stored on our systems. You acknowledge and accept this inherent risk when using our services.

11. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. Any modifications will be effective upon posting of the revised policy, unless otherwise specified.

Notice of Material Changes: For material changes that significantly affect your rights or our data practices, we will provide at least 30 days' advance notice via email to the address associated with your account or through a prominent notice on your dashboard;
Effective Date: The "Last Updated" date at the top of this policy indicates when it was last revised;
Review Responsibility: We encourage you to review this Privacy Policy periodically to remain informed about how we collect, use, and protect your information;
Continued Use: Your continued use of Verriflo's services following the posting of changes constitutes your acceptance of such changes. If you do not agree to the modified policy, you must discontinue use of our services.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our dedicated privacy team:

Privacy Inquiries: privacy@verriflo.com

General Legal Matters: legal@verriflo.com

Please allow up to 48 hours for initial response during business days (Saturday-Thursday, excluding public holidays in Bangladesh).

Related Policies

For more information about your rights and our practices, please review:

→ Terms of Service → Data Deletion Policy