Privacy Policy

Effective Date: January 1, 2025

1. Introduction

At 3verest, we believe privacy is a fundamental right, not a feature. This Privacy Policy explains how we collect, use, protect, and respect your personal data in accordance with GDPR, HIPAA, and other applicable data protection regulations.

2. Data We Collect

We collect only the data necessary to provide our sovereign cloud services:

  • Account Information: Name, email address, company details, and billing information
  • Service Data: Data you store, process, or transmit through our cloud infrastructure
  • Usage Data: Service performance metrics, access logs, and security monitoring data
  • Technical Data: IP addresses, device information, and browser types for security and service optimization

3. How We Use Your Data

Your data is used exclusively for:

  • Providing and maintaining our sovereign cloud services
  • Ensuring security, compliance, and service integrity
  • Billing and account management
  • Communicating service updates and security notifications
  • Meeting legal and regulatory obligations

4. Data Sovereignty & Storage

All customer data is stored within the jurisdiction you select. We do not transfer data across borders without explicit consent and contractual safeguards. Your data remains under your control and governance.

5. Data Protection & Security

We implement enterprise-grade security measures:

  • End-to-end encryption at rest and in transit
  • ISO 27001, SOC 2 Type II, and GDPR compliance
  • Regular security audits and penetration testing
  • Multi-factor authentication and role-based access controls
  • 24/7 security monitoring and incident response

6. Your Rights

Under GDPR and applicable regulations, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data (right to be forgotten)
  • Object to or restrict data processing
  • Data portability
  • Withdraw consent at any time

7. Data Retention

We retain your data only as long as necessary to provide services and meet legal obligations. Upon account termination, data is securely deleted within 90 days unless required for compliance or dispute resolution.

8. Third-Party Services

We do not sell or share your data with third parties for marketing purposes. Limited data may be shared with service providers (e.g., payment processors) under strict contractual obligations that meet our sovereignty standards.

9. Cookies & Tracking

We use essential cookies for service functionality and security. We do not use advertising or tracking cookies. You can manage cookie preferences in your browser settings.

10. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or service notifications.

12. Contact Us

For privacy inquiries, data requests, or concerns:

Email: privacy@3verest.com
Data Protection Officer: dpo@3verest.com
Compliance Team: compliance@3verest.com

Our Commitment: Privacy is engineered into every layer of our sovereign cloud. We believe that healthcare data deserves the highest standards of protection, transparency, and ethical stewardship.