Privacy Policy

Last updated: July 10, 2026

Overview

VerifiedWin ("we", "us") operates verifiedwin.com, a platform where professionals document achievements and request independent verification from colleagues. This policy explains what data we collect, how we use it, and the choices available to you.

Information we collect

  • Account data — name, email address, profile photo, and LinkedIn member ID when you sign in with LinkedIn.
  • Profile data — public profile URL (slug), visibility settings, and optional organization membership.
  • Achievement data — titles, descriptions, companies, dates, skills, metrics, and verification status.
  • Verification data — verification links, verifier identity (LinkedIn ID), timestamps, IP address, and user agent when a colleague approves or declines.
  • Usage data — API key usage, notifications, billing plan metadata, and standard server logs (including Cloudflare request headers such as IP and country).
  • Bot protection data — technical signals processed by Cloudflare Turnstile on login and verification flows (see Cloudflare Turnstile below).

How we use your information

We use collected data to:

  • Provide authentication, profiles, and achievement verification.
  • Display verified achievements on public or unlisted profiles.
  • Send in-app and optional email notifications about verification status.
  • Enforce security, prevent abuse, and comply with legal obligations.
  • Operate billing and API access for paid plans.

LinkedIn authentication

Sign-in uses LinkedIn OpenID Connect (scopes: openid, profile, email). We receive only the profile information LinkedIn shares with authorized applications. We do not access your LinkedIn connections or post on your behalf. LinkedIn's own privacy policy applies to data processed by LinkedIn.

Cloudflare Turnstile

We use Cloudflare Turnstile in invisible mode on login and achievement verification to reduce automated abuse. Turnstile may process browser and device signals to distinguish legitimate visitors from bots. Because invisible mode runs without a visible challenge, we disclose this processing here.

Cloudflare's processing of Turnstile data is described in the Cloudflare Turnstile Privacy Addendum, which supplements Cloudflare's main privacy policy.

Sharing and disclosure

Verified achievements on public profiles are visible to anyone with the profile or search URL. We share data with service providers that help us run the platform (hosting, email, payments, analytics) under contractual safeguards. We do not sell personal data.

Data retention

We retain account and achievement data while your account is active. Verification audit records are kept to support the integrity of verified achievements. You may delete your account at any time; see Your rights below.

Your rights

If you are in the European Economic Area, United Kingdom, or another region with similar data protection laws, you may have rights to access, correct, export, restrict processing of, or delete your personal data.

Signed-in users can export a copy of their data or permanently delete their account from the Privacy & data page in the dashboard. You may also contact us using the details in our security.txt.

Security

We use industry-standard measures including encrypted connections, secure session cookies, and infrastructure protections (including Cloudflare WAF and rate limiting). No method of transmission over the internet is completely secure.

Changes

We may update this policy from time to time. Material changes will be posted on this page with an updated "Last updated" date.

Contact

Questions about this policy: see security.txt for contact information.