Trust Center

Encryption in transit

All connections use TLS 1.3 with 256-bit encryption. Our SSL configuration is rated A+ by Qualys SSL Labs. HTTP Strict Transport Security (HSTS) is enforced with a 1-year max-age and preload.

Encryption at rest

Database storage uses AES-256 encryption at rest. Backups are encrypted with separate keys. API keys are stored as SHA-256 hashes — we never store plaintext keys.

Security headers

All responses include Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy headers. Rated A+ by SecurityHeaders.com.

Access control

API access uses Bearer token authentication with SHA-256 hashed keys. Professional subscription keys include IP-based abuse detection (max 5 unique IPs per hour for standard plans, 15 for team plans). Burst rate limiting at 120 requests/minute.

OFAC compliance

As a US-based company, we comply with OFAC sanctions requirements. Access from sanctioned countries is blocked at the network level. IP geolocation is used for enforcement.

Stripe (Professional subscriptions)

All credit card processing is handled by Stripe, a PCI Level 1 Service Provider. We never see, receive, or store credit card numbers. Stripe handles 3D Secure, fraud detection, and dispute resolution.

x402 (Pay Per Query)

Pay-per-query payments use the x402 protocol with USDC stablecoin on Base L2. Transactions are settled on-chain with cryptographic verification. No credit card or bank information is involved.

Data sources

Professional datasets are sourced exclusively from US government agencies (IRS, FDIC, FEMA, BLS, CMS, Census Bureau, SSA, NANPA) and official public records (state Secretary of State filings, OFAC SDN list). All source data is publicly available.

Data retention

API request logs are retained for 30 days. Subscription data is retained for the duration of the subscription plus 30 days. Mailing list data is retained until unsubscribe. We do not sell or share any customer data.

Backups

Database backups run every 6 hours with 30-day retention. Point-in-time recovery is available. Backups are encrypted and stored in a separate availability zone.

Verilex Data aggregates information from the following sources. We provide attribution as required by their respective licenses:

Data removal requests

If you believe your personal information appears in our datasets and you would like it removed, please submit a removal request. We process all legitimate removal requests within 30 days.

• Email: privacy@verilexdata.com
• Subject line: “Data Removal Request”
• Include: Your full name, the dataset(s) involved, and enough detail to locate the record

Note: Some datasets contain public records required by law to be publicly available (e.g., business filings, tax-exempt organization data). In these cases, we may not be able to remove the data but will work with you to address your concerns.

DMCA takedown notices

If you believe content available through our service infringes your copyright, please send a DMCA takedown notice to:

• DMCA Agent: Optimal Reality LLC
• Email: dmca@verilexdata.com
• Address: 400 North Ervay Street, PO Box 131465, Dallas, TX 75313

Your notice must include: identification of the copyrighted work, identification of the infringing material, your contact information, a statement of good faith belief, a statement under penalty of perjury, and your physical or electronic signature.

Protected address exclusions

Our property tax dataset honors state address protection programs for judges, law enforcement officers, domestic violence survivors, and other protected classes. If you are enrolled in a state address confidentiality program and your information appears in our data, please contact privacy@verilexdata.com for immediate removal.