Menu
Language
Start free

Privacy Policy

Last updated: February 19, 2026

Privacy Policy

Verbu ApS Effective Date: 8.12.2024 Last Updated: 19.2.2026

1. Who We Are

Verbu ApS (CVR no. 45855309) ("Verbu", "we", "us") Registered address: Nymarksvej 57, 5800 Nyborg, Denmark

Privacy and Legal contact: legal@verbu.com

2. Scope and Our Roles (Controller vs Processor)

2.1 When Verbu is a Data Controller

We act as data controller for personal data processed in connection with:

  • our websites and online services,
  • marketing, sales, and business development,
  • account administration, billing, and customer relationship management,
  • support communications about our own services, and
  • compliance, fraud prevention, and security.

2.2 When Verbu is a Data Processor (Customer Call Data)

When a business uses Verbu to handle calls and related interactions, the business customer is the data controller and Verbu generally acts as a data processor processing call-related personal data on the customer's instructions.

If you are a caller contacting a business that uses Verbu, the business you called is responsible for providing privacy information and handling rights requests. Verbu will assist our business customers with fulfilling such requests where required and technically feasible.

3. What Personal Data We Process

3.1 Website and Marketing Data (Controller)

We may process:

  • Contact and professional information: name, email, phone number, company, job title.
  • Technical data: IP address, device identifiers, browser type, pages visited, referral source, approximate location derived from IP.
  • Marketing preferences: newsletter subscriptions, opt-outs, and consent logs (where applicable).
  • Communications: messages submitted via forms, email, or other channels.

3.2 Account, Billing and Support Data (Controller)

If you sign up for a trial or paid subscription, we may process:

  • account and admin information (name, work email, company, role),
  • billing data (billing contact details, invoices, VAT number, payment status), and
  • support tickets and related correspondence.

Payment cards: We do not store full payment card numbers. Payment processing is handled by authorised payment service providers. We may receive limited payment-related metadata (e.g., payment status, partial identifiers such as last 4 digits where applicable).

3.3 Call-Related Data in the Service (Processor)

On behalf of our business customers, we may process:

  • call metadata (e.g., time, duration, routing outcomes),
  • information a caller provides during a call (e.g., name, contact details, booking details),
  • customer-provided knowledge base content and instructions used to respond, and
  • outputs generated during call handling (e.g., summaries, structured outcomes) delivered to the customer as configured.

Important: Our strict stance on call recordings and retention is set out in Section 6.

4. Why We Process Personal Data (Purposes)

4.1 Purposes as Controller

We process personal data to:

  • operate, maintain, and secure our websites and systems,
  • respond to inquiries and provide support,
  • create and manage accounts and subscriptions,
  • provide billing, invoicing, and customer administration,
  • send operational and service-related communications,
  • conduct B2B marketing and sales outreach (where permitted),
  • prevent fraud, abuse, and security incidents, and
  • comply with legal obligations.

4.2 Purposes as Processor (Customer Call Data)

We process call-related personal data on behalf of business customers to provide the Service, including:

  • handling and routing inbound calls,
  • generating real-time text outputs during calls (e.g., transcription and structured outputs),
  • generating and delivering summaries or structured call outcomes to the customer,
  • enabling knowledge base lookups to respond to callers, and
  • supporting integrations configured by the customer (e.g., sending outcomes into customer systems).

5. Legal Bases (Controller Processing)

Where Verbu is controller, we rely on one or more of the following legal bases:

5.1 Contract (GDPR Art. 6(1)(b))

To provide the services you request (e.g., account creation, subscription management, support).

5.2 Legitimate Interests (GDPR Art. 6(1)(f))

We rely on legitimate interests for:

  • Security and abuse prevention: maintaining platform security, preventing misuse, and protecting our customers and systems.
  • Service improvement (website and operations): improving reliability, performance, and user experience of our website and business operations.
  • B2B sales and business development: contacting relevant business representatives about our services.

We have assessed these interests against individuals' rights and freedoms in documented internal assessments. You have the right to object to processing based on legitimate interests (see Section 12).

5.3 Consent (GDPR Art. 6(1)(a))

Where required (typically for certain cookies/marketing communications), we rely on your consent, which you can withdraw at any time.

5.4 Legal Obligation (GDPR Art. 6(1)(c))

To meet legal requirements (e.g., accounting, compliance, responding to lawful authority requests).

Where Verbu acts as processor, the business customer determines the legal basis for call-related processing.

6. Call Recordings and Anonymised Derivatives

6.1 No Storage of Call Recordings

Verbu does not store call recordings.

Call audio may be processed transiently to provide the Service in real time. Any buffering required to operate the Service is temporary and is not retained after the call ends.

Troubleshooting carve-out (limited): In rare cases of immediate technical incident handling, short-lived technical buffers may be retained for up to 24 hours solely to diagnose and resolve the incident, after which they are deleted automatically. These buffers are not used for product training or general analytics and are access-restricted.

6.2 No Retention of Identifiable Call Content for Product Improvement

Verbu does not retain identifiable call transcripts or identifiable call content for product improvement purposes.

6.3 Anonymised Derivatives

Verbu may retain anonymised derivatives derived from calls for purposes including but not limited to:

  • service improvement and quality assurance,
  • performance and reliability analysis,
  • security monitoring, and
  • statistical analysis.

"Anonymised derivatives" are derived information anonymised in a manner reasonably designed to prevent re-identification (for example, aggregated statistics, intent/topic classifications, redacted summaries without identifiers, and technical performance metrics). Anonymised derivatives are not personal data.

7. Cookies and Similar Technologies

We use cookies and similar technologies for site functionality, security, analytics, and marketing (where applicable and subject to consent rules).

For details, please see our Cookie Policy: www.verbu.com/legal/cookies.

You can manage cookie preferences via our cookie banner and your browser settings.

8. Sharing of Personal Data (Recipients)

We may share personal data with:

  • Service providers supporting hosting, security, communications, analytics, billing, and customer support (acting as processors/sub-processors as applicable).
  • Professional advisors (lawyers, accountants, auditors) under confidentiality obligations.
  • Authorities where required by law or valid legal requests.
  • Resellers where relevant for provisioning and supporting a reseller-managed relationship (limited to what is necessary).

We do not sell personal data.

Sub-processor / provider transparency: A current list of key service providers and sub-processors (including location) is available at: www.verbu.com/legal/sub-processors (or you may request it via legal@verbu.com).

9. International Transfers

We aim to process and store personal data within the EU/EEA where feasible. However, some service providers may be located outside the EU/EEA (including, for example, the United States), which may involve international data transfers.

When transfers occur outside the EU/EEA, we implement appropriate safeguards such as:

  • the European Commission's Standard Contractual Clauses (SCCs), and
  • supplementary technical and organisational measures where necessary.

You can request information about applicable safeguards for a specific transfer by contacting privacy@verbu.com. The countries/regions relevant to our current providers are described in our sub-processor list: www.verbu.com/legal/sub-processors.

10. Data Retention

We retain personal data only as long as necessary for the purposes described above:

  • Leads and B2B sales contacts (CRM): typically up to 24 months from last meaningful interaction, unless you object earlier or we need longer to document compliance or handle disputes.
  • Account data (customer admins/users): for the duration of the subscription, and typically up to 12 months after termination unless longer retention is required for legal claims or compliance.
  • Billing and invoicing records: typically 5 years from the end of the financial year to which the record relates, to comply with accounting and tax obligations.
  • Support communications: typically up to 24 months after case closure (unless needed longer for ongoing issues or disputes).
  • Security logs and anti-abuse monitoring: typically up to 90 days, unless extended to investigate or document a security incident.
  • Call recordings: not stored (Section 6.1).
  • Troubleshooting technical buffers: up to 24 hours (Section 6.1).
  • Anonymised derivatives: may be retained as long as reasonably necessary for the purposes in Section 6.3.

11. Security

We implement technical and organisational measures designed to protect personal data, including access controls, encryption in transit where appropriate, and security monitoring.

No system is 100% secure. If you suspect unauthorised access, contact: legal@verbu.com

12. Your Rights (GDPR)

Where Verbu is the controller, you may have the right to:

  • access your personal data,
  • rectify inaccurate data,
  • request deletion,
  • restrict processing,
  • object to processing (including where we rely on legitimate interests),
  • withdraw consent (where consent is the basis), and
  • data portability (where applicable).

Response timeframe: We respond without undue delay and generally within one month of receiving a verified request. This may be extended by up to two additional months where necessary due to complexity or volume; if so, we will inform you within one month.

To exercise rights, contact: legal@verbu.com.

Callers contacting a Verbu customer: The business you called is the controller for call-related data. Please contact that business to exercise rights regarding the call. Verbu assists the business customer where required and technically feasible.

13. Complaints

You may lodge a complaint with your supervisory authority. In Denmark, this is Datatilsynet: www.datatilsynet.dk Carl Jacobsens Vej 35, 2500 Valby, Denmark Phone: +45 33 19 32 00

14. Children

Our website and services are intended for business use and are not directed to children.

15. Changes to This Policy

We may update this Privacy Policy from time to time.

For material changes, we will provide at least 30 days' notice by publishing an updated version on our website and/or by other appropriate communication channels.

16. Contact

Verbu ApS Nymarksvej 57 5800 Nyborg Denmark Email: privacy@verbu.com / legal@verbu.com