Veractis Logo
Veractis.io
Sign inGet started

PRIVACY POLICY

Last updated: 20.12.2025
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
Krafthub GmbH

Marktplatz 4

85567 Grafing
Germany
Email: legal@veractis.io
Veractis.io is a brand and online portal operated by Krafthub GmbH.
2. General Information
Protecting personal data is important to us. This Privacy Policy explains the nature, scope, and purpose of the processing of personal data in connection with the use of Veractis.io.
Veractis.io is operated as a technical platform in a B2B context. Contractual relationships exist exclusively between Krafthub GmbH and business customers.
Consumers, patients, or other natural persons who interact with the platform ("End Users") are not contractual parties of Krafthub GmbH.
3. GDPR Roles
Depending on the specific use case, different roles under the GDPR apply:
- Krafthub GmbH generally acts as a data processor within the meaning of Article 28 GDPR on behalf of the respective business customer.- The respective business customer acts as the data controller for the processing of personal data relating to End Users.
In particular, the business customer is responsible for:- the lawfulness of data processing,- fulfilling information obligations towards End Users,- obtaining required consents,- ensuring and handling data subject rights.
4. Categories of Data Processed
When using Veractis.io, the following categories of data may be processed:
- technical access data (e.g. IP address, timestamps, browser information),- registration and contact data of business customers,- content and configuration data provided by business customers,- End User-related data processed on behalf of business customers (e.g. activation or order data).
The specific scope of data processed is determined by the respective business customer.
5. Purposes of Processing
Personal data is processed for the following purposes:
- provision and operation of the platform,- technical administration and security,- error analysis and system stability,- management of contractual relationships with business customers.
Krafthub GmbH does not process personal data for medical, diagnostic, or healthcare purposes.
6. Legal Bases
Personal data is processed on the following legal bases:
- Article 6(1)(b) GDPR (performance of a contract) with respect to business customers,- Article 6(1)(f) GDPR (legitimate interests in secure and reliable platform operation),- Article 6(1)(c) GDPR (legal obligations),- Article 28 GDPR in the context of data processing on behalf of business customers.
7. Technical Infrastructure and Service Providers
Veractis.io is operated using modern cloud and platform services, including:
- hosting and edge infrastructure provided by Vercel,- database and authentication services provided by Supabase (PostgreSQL),- content management via Sanity CMS.
Personal data may be processed in data centers within the European Union or, where necessary, outside the EU. In such cases, appropriate safeguards pursuant to Articles 44 et seq. GDPR are applied.
8. Data Retention
Personal data is stored only for as long as necessary to achieve the respective purposes or to comply with statutory retention obligations.
Deletion or anonymization is carried out in accordance with the instructions of the respective business customer and the applicable contractual arrangements.
9. Data Subject Rights
Data subjects have the following rights under the GDPR:
- right of access (Article 15 GDPR),- right to rectification (Article 16 GDPR),- right to erasure (Article 17 GDPR),- right to restriction of processing (Article 18 GDPR),- right to data portability (Article 20 GDPR),- right to object (Article 21 GDPR).
Requests from End Users should generally be directed to the respective business customer acting as controller.
10. Data Security
We implement appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access.
11. No Medical Responsibility
Krafthub GmbH does not provide medical, laboratory, or diagnostic services via Veractis.io. Responsibility for content, results, and regulatory compliance lies solely with the respective business customer.
12. Changes to this Privacy Policy
This Privacy Policy may be updated to reflect legal, technical, or organizational changes. The current version always applies.