1. How To Read This Page
This page is intended to help enterprise buyers, legal teams, and security reviewers understand the current posture of the Vereonix website and its supporting pre-sales workflow. It focuses on what is true today about this website, the vendors it uses, and the types of review materials we may be able to provide during a real procurement process.
Unless we expressly confirm otherwise in writing, nothing on this page should be read as a statement that Vereonix currently holds a specific certification, has completed a particular audit, or guarantees that every customer project inherits the same controls. Where a customer needs contract-backed terms, those belong in the signed agreement.
2. Current Compliance Baseline
Privacy Notices And Consent
We publish privacy, security, and terms pages, enforce consent-gated HubSpot forwarding, and let visitors reopen Cookie Preferences at any time.
Vendor And Subprocessor Awareness
We document the main third-party services used to host the website, store enquiries, support CRM workflows, and schedule meetings.
Contractual Controls
For real business opportunities, we can support NDAs, DPAs, questionnaires, and customer-specific review requests where appropriate.
Data Minimization
The site collects a limited set of business contact and project qualification fields rather than broad or sensitive datasets.
3. Common Review Areas
| Review Area | How We Support It | Important Scope Note |
|---|---|---|
| GDPR / UK GDPR readiness | Privacy notice, rights request channel, limited lead collection, consent handling for optional HubSpot tracking, and processor-aware vendor disclosures. | This is a description of our current approach, not a public claim of regulator approval or certification. |
| Enterprise procurement reviews | Security and privacy discussions, subprocessor summaries, website architecture explanations, and answers to reasonable diligence questionnaires. | Depth of response depends on opportunity stage, confidentiality needs, and project scope. |
| NDA / DPA support | We can review confidentiality agreements and data processing terms when a relationship or project requires them. | Final obligations come from the signed contract, not from this public page. |
| Customer-specific framework mapping | Where relevant, we can discuss how a proposed engagement maps to customer control expectations or common framework categories. | We do not claim a certification or audit outcome unless we expressly state that status in writing. |
4. Documentation We May Share On Request
Depending on the stage of the relationship and the sensitivity of the discussion, we may be able to provide or review items such as:
- Non-disclosure agreements for procurement or due diligence discussions.
- Data processing terms where the engagement involves personal data.
- Questionnaire responses covering website security and operational practices.
- High-level architecture or vendor summaries relevant to the proposed work.
- Project-specific statements about scope, responsibilities, and client-side dependencies.
5. Website Vendor Transparency
| Provider | Role | When Used |
|---|---|---|
| Google Cloud Platform | Website hosting and server infrastructure | Used to run the production VM, serve the Next.js application, and support HTTPS traffic through the configured web server. |
| Neon | Managed PostgreSQL lead storage | Used only when the deployment has a DATABASE_URL configured for lead capture. |
| HubSpot | CRM and optional lead tracking | Used when HubSpot portal and form identifiers are configured. The optional tracking script is loaded only after a visitor accepts analytics preferences. |
| Stripe | Secure payment processing | Used only when a visitor starts a hosted checkout session for a product plan. |
| Calendly | Scheduling provider | Used only if a visitor chooses to book a meeting through the external scheduling link. |
6. Customer-Specific Scope Matters
The Vereonix website is only one part of how we work. A customer project may involve different data types, different vendors, different hosting models, or stricter obligations than those described here. That is why we prefer to tie commitments to signed commercial documents and the actual delivery scope.
If you need confirmation about a specific framework, audit artifact, data handling measure, or regional requirement, contact us directly so we can answer in the context of the proposed engagement rather than relying on broad marketing language.