← Back to empirra.com

Privacy Policy

Version 1.1  ·  Last updated: April 7, 2026  ·  Effective: April 7, 2026

1. Data Controller

Empirra is a brand operated by:

Veriva UAB
Švitrigailos g. 11K-109, LT-03228 Vilnius, Lithuania
Company code: 307467721
VAT code: LT100019296610
Phone: +370 630 82634
Email: [email protected]
Privacy contact: [email protected]

As the data controller, Veriva UAB determines how and why personal data is processed through the empirra.com website.

2. Data We Collect

2.1 Data you provide directly

When you submit the Automation Audit request form, we collect:

• First name
• Business email address
• Company name
• Monthly revenue range (selected from options)
• Description of your business process / challenge

2.2 Data collected automatically

When you visit empirra.com, we may collect the following data automatically — subject to your cookie consent:

• IP address (anonymised by Google Analytics)
• Browser type and version
• Operating system
• Pages visited and time spent
• Referral source (how you found the site)
• Session duration and interaction events

Analytics data is only collected if you grant consent via the cookie banner. By default, analytics storage is denied until consent is given (Consent Mode V2).

3. Legal Basis & Purpose (GDPR)

We process personal data only when we have a lawful basis under Article 6 of the GDPR:

Data type	Purpose	Legal basis
Name, email, company, revenue range, process description	To respond to your audit request and provide our service	Contract / pre-contractual steps — Art. 6(1)(b)
Email address (follow-up)	To send confirmation and follow-up communications	Contract — Art. 6(1)(b)
Analytics cookies (GA4)	To understand how visitors use the site and improve it	Consent — Art. 6(1)(a)
Advertising cookies	Personalised ads and remarketing (if enabled)	Consent — Art. 6(1)(a)
Server/access logs	Security, fraud prevention, debugging	Legitimate interest — Art. 6(1)(f)

Automated qualification scoring (Art. 22 disclosure): when you submit our contact form, we run an automated scoring routine that ranks leads as qualified or unqualified based on the data you submit (company size, monthly revenue, role, agency type, current systems). This scoring affects the speed and content of our follow-up emails. It does not produce legal effects, deny access to services, or block any contact. You may request a human review or opt out of automated scoring by emailing [email protected].

4. Data Retention

• Form submissions (name, email, company, message) — retained for 24 months from the date of submission, or until you request deletion.
• Email correspondence — retained for 24 months.
• Analytics data — retained for 14 months in Google Analytics (our account setting), then automatically deleted.
• Server access logs — retained for 30 days (Vercel default), then automatically deleted.

After the retention period expires, data is deleted or anonymised.

5. Third-Party Processors

We share data with the following processors under data processing agreements (DPAs) or equivalent safeguards:

Processor	Purpose	Location	Policy
Supabase, Inc.	Database — stores form submissions, lead records, and follow-up state	USA / EU (eu-central-1 region available)	supabase.com/privacy
Resend	Transactional email delivery (confirmation, follow-up, and notification emails)	USA	resend.com/legal/privacy-policy
Anthropic, PBC (Claude API)	AI processing — generates qualification score, personalised follow-up email content. Submitted data is sent to the Claude API, not used for training (zero-retention enterprise terms).	USA	anthropic.com/privacy
Google LLC (Analytics 4)	Website analytics — page views, sessions, events (consent-gated)	USA	policies.google.com/privacy
Vercel, Inc.	Website hosting — serves empirra.com, processes server logs	USA	vercel.com/legal/privacy-policy
Silktide Ltd	Cookie consent management — records and enforces consent choices	UK	silktide.com/privacy-policy

We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

6. International Data Transfers

Several of our processors are based in the United States. Transfers of personal data from the EU/EEA to the USA are carried out under one or more of the following safeguards:

• EU Standard Contractual Clauses (SCCs) — the European Commission-approved clauses for controller-to-processor transfers.
• EU–US Data Privacy Framework — where the processor is certified under the DPF program.

You can request a copy of the applicable transfer safeguards by emailing [email protected].

7. Cookies & Consent Management

7.1 Cookie categories

Category	Description	Consent required?
Necessary	Essential for the site to function (session, security). Cannot be disabled.	No
Analytics	Google Analytics 4 — tracks page views, sessions, and events. IP is anonymised.	Yes
Advertising	Used for personalised ads and remarketing (e.g. Google Ads remarketing tags).	Yes

7.2 How we manage consent

We use Silktide Consent Manager with Google Consent Mode V2. When you first visit the site, analytics and advertising storage are set to denied by default. Cookies are only activated after you explicitly accept each category via the consent banner.

You can change your consent choices at any time by clicking the cookie settings link in the footer or emailing [email protected].

7.3 Google Analytics opt-out

You can also opt out of Google Analytics tracking globally using the Google Analytics Opt-out Browser Add-on.

8. Your Rights — EU/EEA Residents (GDPR)

Under the General Data Protection Regulation (GDPR), if you are located in the EU or EEA, you have the following rights:

• Right of access (Art. 15) — request a copy of the personal data we hold about you.
• Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17) — request deletion of your data ("right to be forgotten").
• Right to restriction (Art. 18) — request that we limit how we use your data in certain circumstances.
• Right to data portability (Art. 20) — receive your data in a machine-readable format.
• Right to object (Art. 21) — object to processing based on legitimate interest.
• Right to withdraw consent (Art. 7(3)) — withdraw analytics/advertising consent at any time without affecting prior processing.
• Right not to be subject to automated decisions (Art. 22) — we use automated lead-qualification scoring (see Section 3 above) but it does not produce legal or similarly significant effects. You may still request a human review at any time.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

9. Your Rights — California Residents (CCPA / CPRA)

If you are a resident of California, the California Consumer Privacy Act (CCPA) as amended by the CPRA grants you the following rights:

9.1 Categories of personal information we collect

• Identifiers — name, email address, IP address
• Commercial information — revenue range, company name
• Internet or other electronic network activity — pages visited, session data (analytics, consent-gated)
• Inferences — we do not create consumer profiles

9.2 Your CCPA rights

• Right to Know — request disclosure of what personal information we collect, use, disclose, or sell.
• Right to Delete — request deletion of your personal information (subject to exceptions).
• Right to Correct — request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing — We do not sell or share your personal information for cross-context behavioural advertising.
• Right to Non-Discrimination — we will not discriminate against you for exercising any of your CCPA rights.

9.3 Do Not Sell or Share My Personal Information

Veriva UAB does not sell personal information to third parties. We do not share personal information for cross-context behavioural advertising. If this changes, we will update this policy and provide a clear opt-out mechanism before doing so.

9.4 "Shine the Light" (CalOPPA)

California Civil Code § 1798.83 allows California residents to request information about personal information shared with third parties for direct marketing. We do not share personal information with third parties for their direct marketing purposes.

9.5 Do Not Track (DNT)

Our website does not currently respond to Do Not Track signals from browsers. We use consent-based opt-in for all non-essential tracking (Google Analytics), which achieves an equivalent result.

9.6 How to submit a CCPA request

Email [email protected] with subject line "CCPA Request". We will respond within 45 days. If we need an extension, we will notify you within the initial 45-day period.

10. Children's Privacy

Empirra's services are intended for business owners and professionals. Our website is not directed to children under 16 years of age (EU/GDPR) or under 13 years of age (USA/COPPA).

We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact [email protected] and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

• The "Last updated" date at the top of this page will be revised.
• For material changes, we will notify active contacts by email at least 14 days before the change takes effect.
• Continued use of empirra.com after the effective date constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions, requests, or complaints:

Veriva UAB (Empirra)
Švitrigailos g. 11K-109, LT-03228 Vilnius, Lithuania
Email: [email protected]
Phone: +370 630 82634

© 2026 Veriva UAB · empirra.com · Company code 307467721