Privacy Policy

Effective May 20, 2026 · Last updated May 20, 2026

“Obsideon” or the “Service” refers to the software-as-a-service platform operated by Veritas Strategies, LLC, a Florida limited liability company (“Veritas,” “we,” “us,” “our”). This Policy describes how Veritas collects, uses, and protects data in connection with the Service. “Agency” refers to our direct customer who subscribes to the Service. “End Client” refers to the Agency’s customer whose data the Agency processes through the Service.

1. Introduction

Veritas Strategies, LLC operates the Obsideon platform. Our direct contractual relationship is with the Agency. End Clients are customers of the Agency; Veritas has no direct relationship with End Clients, and the Agency owns and manages that relationship.

This Policy covers (a) data Veritas collects directly from Agencies and (b) data Veritas processes on behalf of Agencies. With respect to End Client data, the Agency is the data controller and Veritas is the data processor.

Agencies are independently responsible for their own privacy policies and for providing appropriate disclosures and notices to their End Clients.

2. Information We Collect Directly from Agencies

  • Account information (name, email, business name)
  • Payment information (processed by Stripe; Veritas does not store full card numbers)
  • Authentication credentials and OAuth tokens (Google services)
  • Agency profile and business details
  • Usage data (logins, features used, support requests)
  • Communications with Veritas

3. Information Processed on Behalf of Agencies (End Client Data)

OAuth-scoped data from connected Google services, per Agency authorization:

  • Google Business Profile (posts, reviews, performance metrics, location data)
  • Google Search Console (search queries, impressions, clicks)
  • Google Analytics (visitor metrics, page performance)
  • YouTube Data (channel metrics)

Other End Client data:

  • Local SEO data (GeoGrid rank tracking, citations, sentiment)
  • AI search visibility data (citations from ChatGPT, Claude, Gemini, Perplexity)
  • Content provided by Agency or End Client for AI processing or publication

Veritas processes this data only on Agency instructions. Veritas does not control this data and is not responsible for its collection or sharing by the Agency outside the Service.

4. How We Use Information

  • Provide and operate the Service
  • Process payments and billing
  • Generate reports and AI-driven outputs at Agency direction
  • Customer support and troubleshooting
  • Security, fraud prevention, and compliance
  • Service improvement using aggregated and de-identified analytics only
  • Veritas does not use End Client data for marketing
  • Veritas does not sell End Client data to third parties

5. Google API Services Disclosure

Veritas’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We use Google API data only to provide the features that the Agency has authorized. Specifically:

  • We do not transfer Google API data to third parties for advertising
  • We do not use Google API data to serve advertisements
  • We do not allow humans to read Google API data unless: (a) the Agency has provided explicit consent for that specific data, (b) it is necessary for security purposes (e.g., investigating abuse), (c) required by law, or (d) for internal operations where data is aggregated and anonymized

Agencies and End Clients may revoke Google access at any time via their Google account settings.

6. Subprocessors and Service Providers

Veritas uses the following subprocessors:

  • Supabase (database, authentication)
  • Vercel (hosting, serverless infrastructure)
  • Stripe (payment processing)
  • AI providers: OpenAI, Anthropic, Google (Gemini), Perplexity (content generation, citation tracking, analysis)
  • DataForSEO (SEO data enrichment, rank tracking)
  • Transactional email providers

Veritas requires subprocessors to maintain appropriate security and confidentiality. A current list is available on request.

7. Data Sharing

  • Veritas does not sell personal information.
  • We share with subprocessors (Section 6) only as needed to operate the Service.
  • We share with legal authorities when required by law, subpoena, or court order.
  • We share in connection with a merger, acquisition, or asset sale (with notice to Agency where legally permitted).
  • Aggregated, de-identified statistics may be shared publicly or used for service improvement.

8. Data Security

  • Encryption in transit (TLS) and at rest
  • Row-level security (RLS) isolation between Agencies and projects
  • OAuth tokens encrypted
  • Access controls and audit logging
  • No system is 100% secure; Veritas cannot guarantee absolute security and disclaims any implied warranty of security

9. Data Retention

  • Active accounts: data retained while the account is active.
  • Cancelled accounts: account data deleted within 90 days of cancellation, except as required by law (e.g., tax records, dispute resolution, fraud prevention).
  • End Client data: the Agency controls retention; on Agency request, Veritas will delete End Client data within 30 days, subject to legal hold requirements.

10. Agency Responsibilities

The Agency is the data controller for End Client data. The Agency warrants and is responsible for:

  • Obtaining all required consents from End Clients
  • Maintaining its own privacy policy disclosing data processing through the Service
  • Responding to End Client data subject requests (Veritas will provide reasonable technical assistance on request)
  • Ensuring it has the legal right to share End Client data with Veritas
  • Complying with all applicable privacy laws

11. Privacy Rights

Agencies may request access to, correction of, or deletion of their own account data by contacting team@obsideon.io. Veritas will respond within reasonable timeframes and as required by applicable law.

End Clients with privacy rights under state or federal law (including but not limited to the California Consumer Privacy Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, and similar laws) should direct requests to the Agency that controls their data, not to Veritas. As the data processor, Veritas will provide reasonable technical assistance to Agencies responding to End Client requests.

12. Children’s Privacy

  • The Service is not intended for users under 18.
  • Veritas does not knowingly collect data from children.
  • Agencies warrant they will not provide End Client data of children under 13 without verified parental consent in compliance with COPPA.

13. Data Location

Data is processed in the United States. By using the Service, Agencies and their authorized users consent to processing of their data in the United States.

14. Changes to This Policy

  • We may update this Policy from time to time.
  • Material changes notified by email and in-product notice at least 30 days before taking effect.
  • Continued use of the Service after notice constitutes acceptance.

15. Contact

  • team@obsideon.io
  • Veritas Strategies, LLC
  • 1317 Edgewater Dr, Suite #3007, Orlando, FL 32937