Legal
Privacy Policy
Last updated: February 21, 2026
VeriflowAPI is operated by an individual developer. This policy explains what data we collect, how we use it, and your rights regarding your information. We keep this simple and honest.
1. Who We Are
VeriflowAPI ("we", "our", or "us") is an API service for medical license verification, operated by an individual developer. You can contact us at support@veriflowapi.com.
2. Information We Collect
Information you provide to us:
- Email address when you join our waitlist or sign up for an account
- Your intended use case when completing our waitlist form
- Communications you send us via email
Information collected through API usage:
- Provider details submitted for verification (name, NPI, state, date of birth)
- API request logs including timestamps, endpoints called, and response status
- Your API key (stored as a one-way hash — we cannot recover the original key)
Information collected automatically:
- IP address and general location
- Browser type and operating system (from web visitors)
- Pages visited and time spent on our website
3. What We Do Not Collect
We do not collect, store, or process Protected Health Information (PHI) as defined under HIPAA. The provider data we verify — names, NPIs, license numbers, and status — is publicly available government information, not PHI.
We do not store payment card information. All billing is handled by Stripe, who have their own privacy policy.
4. How We Use Your Information
- To provide and operate the VeriflowAPI service
- To communicate with you about your account, our service, and updates
- To send you early access notifications if you joined our waitlist
- To maintain verification records and audit certificates as described in our documentation
- To monitor API usage, detect abuse, and maintain service security
- To improve our service based on usage patterns
5. Data Retention
- Verification records and certificates: Retained for 7 years from the date of verification, in line with standard healthcare compliance record retention requirements
- API request logs: Retained for 90 days
- Account information: Retained for the duration of your account and for a reasonable period after account closure
- Waitlist submissions: Retained until you request removal or we close the waitlist
6. Data Sharing
We do not sell your personal information. We do not share your information with third parties for their marketing purposes.
We may share your information with:
- Stripe — for payment processing
- Formspree — for processing waitlist form submissions
- AWS — for infrastructure and hosting
- Law enforcement — if required by law or to protect our legal rights
7. Data Security
We take reasonable measures to protect your information:
- All data in transit is encrypted using TLS 1.3
- Data at rest is encrypted using AES-256
- API keys are stored as one-way hashes
- Infrastructure is hosted on AWS with industry-standard security controls
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but we take our responsibility seriously.
8. Your Rights
You have the right to:
- Request access to the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your personal information, subject to our legal retention obligations
- Withdraw consent for communications at any time by emailing us
- Request removal from our waitlist at any time
To exercise any of these rights, email us at support@veriflowapi.com. We will respond within 30 days.
9. Cookies
Our website uses minimal cookies necessary for basic functionality. We do not use tracking cookies or advertising cookies. We do not use Google Analytics or similar tracking services.
10. Third-Party Links
Our website links to third-party services including our API documentation. We are not responsible for the privacy practices of those services.
11. Children's Privacy
VeriflowAPI is a professional B2B service not directed at children under 16. We do not knowingly collect information from children.
12. Changes to This Policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify active customers by email.
13. Contact
For any questions about this Privacy Policy or how we handle your data, contact us at support@veriflowapi.com. We respond to all inquiries personally.