Privacy Policy

VeriFran ("we," "us," or "our") is a franchise candidate intelligence platform operated in Ontario, Canada. We help franchise candidates assess their readiness through our AI-powered FitScore assessment and connect qualified candidates with franchise brands.

For privacy inquiries, contact us at: privacy@verifran.com

We collect the following categories of personal information:

Information you provide directly

• Contact information: email address, name (when provided)
• FitScore assessment responses: answers to questions about your financial position, management experience, risk tolerance, lifestyle preferences, and market readiness
• Financial information: general financial ranges disclosed during the Vera conversation (e.g., liquid capital ranges, net worth ranges, investment comfort levels)
• Franchise preferences: categories of interest, geographic preferences, timeline
• Contact form submissions: name, email, message, and inquiry type
• Franchisor registration data: business name, contact details, franchise system information

Information collected automatically

• IP address: used for market detection (country-level only)
• Browser and device information: browser type, operating system
• Usage data: pages visited, assessment completion status, referral source

• To generate your FitScore assessment and provide personalized franchise readiness insights
• To match you with franchise brands that align with your profile (only with your explicit consent)
• To provide aggregated, anonymized analytics and industry reports (no individual data is ever disclosed)
• To communicate with you about your assessment results, platform updates, and franchise opportunities (only with your CASL-compliant consent)
• To improve our platform, AI models, and assessment methodology
• To respond to your inquiries and provide customer support

We comply fully with Canada's Anti-Spam Legislation (CASL). This means:

• Express consent required: We will never send you commercial electronic messages without your explicit, opt-in consent
• Clear identification: All emails clearly identify VeriFran as the sender with our contact information
• Easy unsubscribe: Every commercial email includes a working unsubscribe mechanism that is processed within 10 business days
• No pre-checked boxes: Consent checkboxes are never pre-selected
• Record-keeping: We maintain records of when and how consent was obtained

As a Canadian organization, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). Our practices align with PIPEDA's 10 fair information principles:

• Accountability: We are responsible for personal information under our control
• Purpose: We identify the purpose for collecting information at or before the time of collection
• Consent: We obtain meaningful consent for the collection, use, and disclosure of personal information
• Limiting collection: We collect only the information necessary for the identified purposes
• Limiting use, disclosure, and retention: Information is used only for the purposes for which it was collected, and retained only as long as necessary
• Accuracy: We keep personal information as accurate, complete, and up-to-date as necessary
• Safeguards: We protect personal information with appropriate security measures
• Openness: This policy makes our practices readily available
• Individual access: You can request access to your personal information
• Challenging compliance: You can challenge our compliance by contacting our privacy officer

For users in the United Kingdom, European Union, or other jurisdictions with equivalent data protection laws:

• Legal basis: We process your data based on your explicit consent (FitScore assessment) and our legitimate interests (platform improvement)
• Data portability: You may request a copy of your data in a machine-readable format
• Right to erasure: You may request deletion of all your personal data
• Right to restriction: You may request that we limit how we process your data
• Data transfers: Your data is stored in Canada, which the EU recognizes as providing adequate data protection

We never share your personal information with franchise brands or any third party without your explicit permission.

Specifically:

• Your FitScore results are only shared with franchisors if you explicitly opt in to being discoverable
• We do not sell, rent, or trade your personal information
• We may share anonymized, aggregated data in industry reports (e.g., "the average FitScore of candidates in Ontario") - this data can never identify you
• We use third-party service providers (hosting, email delivery, AI processing) who are contractually bound to protect your data and use it only for providing services to us

Service providers we use

• Supabase: Database hosting and authentication
• Vercel: Application hosting
• Anthropic: AI conversation processing (Vera)
• Resend: Transactional email delivery
• Stripe: Payment processing (franchisor subscriptions only)

• FitScore assessments: Retained for 24 months from completion, then automatically deleted unless you request earlier deletion
• Conversation transcripts: Retained for 12 months for quality improvement, then deleted
• Account data: Retained as long as your account is active, then deleted within 30 days of account closure
• Contact form submissions: Retained for 6 months
• Anonymized analytics data: Retained indefinitely (cannot be linked back to you)

We protect your information using:

• TLS/SSL encryption for all data in transit
• Encryption at rest for stored data
• Access controls limiting who within our team can access personal data
• Regular security reviews of our infrastructure and practices

You have the right to:

• Access: Request a copy of all personal information we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal data
• Data portability: Receive your data in a structured, machine-readable format
• Withdraw consent: Withdraw your consent for data processing at any time
• Opt out: Unsubscribe from marketing communications at any time

To exercise any of these rights, email us at privacy@verifran.com or use our self-serve data deletion page. We will respond within 30 days.

We use essential cookies required for the platform to function (e.g., session management). We do not use third-party advertising or tracking cookies. Analytics data is collected through Vercel Analytics, which does not use cookies and does not track individual users across sites.

VeriFran is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

We may update this privacy policy from time to time. We will notify you of material changes by email (if we have your address) and by posting a notice on our website. Your continued use of VeriFran after changes constitutes acceptance of the updated policy.

For privacy questions, data requests, or complaints: