Verity

Privacy Policy

Last updated: March 5, 2026

1. Introduction

Shadow Solutions ("we", "us", or "our"), based in Chicago, Illinois, operates the Verity hotel guest verification platform ("Verity" or the "Service"). Verity is a software-as-a-service solution that enables hotel operators to capture legally-binding guest attestations during check-in, reducing chargebacks through OTP verification, digital attestation, and compliance-ready evidence reports. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with the Service.

2. Information We Collect

Hotel Operator Data

When a hotel operator registers for and uses Verity, we collect:

  • Name and email address
  • Hotel name and property information
  • Account credentials (passwords are stored as cryptographic hashes)

Guest Data

On behalf of hotel operators, we collect the following information from guests during the check-in verification process:

  • Phone number (used for SMS-based verification)
  • IP address
  • Geolocation data (latitude and longitude)
  • Device information (browser type, operating system)
  • Attestation timestamps
  • Credit card last 4 digits
  • Driver's license number and issuing state
  • Check-in and check-out dates

Automatically Collected Information

We automatically collect certain information when you access or use the Service:

  • Server logs (access times, pages viewed, referring URLs)
  • Usage analytics and interaction data
  • Cookies and similar tracking technologies

3. How We Use Information

We use the information we collect for the following purposes:

  • Providing the guest verification and attestation service
  • Generating compliance-ready evidence reports for chargeback disputes (Visa, Mastercard, American Express)
  • Maintaining audit trails of attestation events
  • Communicating with operators about their accounts and the Service
  • Improving, maintaining, and securing the Service

4. Data Processing Role

With respect to guest data, the hotel operator acts as the data controller, determining the purposes and means of processing guest personal information. Verity and Shadow Solutions act as the data processor, processing guest data solely on behalf of and under the instructions of the hotel operator. Hotel operators are responsible for ensuring they have the appropriate legal basis for collecting and processing guest data through the Service.

5. SMS Communications

Verity uses SMS messaging exclusively for transactional purposes related to the check-in verification process. We do not send marketing or promotional messages to guests. SMS messages are delivered through our integration with Twilio. The hotel operator is responsible for obtaining appropriate guest consent before initiating the SMS-based verification process.

6. Data Sharing

We do not sell personal information. We may share information with the following categories of recipients:

  • Twilio — for SMS delivery as part of the verification process
  • Cloud infrastructure providers — for hosting and operating the Service
  • Payment processors — for hotel operator billing only (not guest payment data)
  • Law enforcement — when required by valid legal process (subpoena, court order, or equivalent)
  • Card networks — only when a hotel operator generates a chargeback dispute evidence report, which may be submitted to Visa, Mastercard, or American Express

7. Data Security

We implement industry-standard security measures to protect the information we process, including:

  • Encryption of data at rest and in transit
  • Role-based access controls
  • Regular security audits and vulnerability assessments
  • AWS infrastructure with SOC 2 Type II and PCI DSS Level 1 certified hosting

8. Data Retention

Guest attestation data is retained to support chargeback dispute windows, which are typically 120 days but may extend longer for certain dispute categories. We retain data for the minimum period necessary to fulfill the purposes for which it was collected. Hotel operators may request earlier deletion of their data by contacting us, subject to any legal or contractual retention obligations.

9. Your Rights

Hotel operators may exercise the following rights with respect to their data:

  • Access and review data stored in your Verity account
  • Export attestation records and reports
  • Request deletion of your account and associated data

Guests should contact the hotel operator directly to exercise any data rights (access, correction, deletion) related to their personal information. As a data processor, we will assist hotel operators in responding to such requests.

10. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

11. International Data

All data collected through the Service is stored and processed in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer and processing.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify hotel operators of material changes by email and/or by posting a prominent notice on the Service. Changes become effective upon posting unless otherwise stated. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

13. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Shadow Solutions

Chicago, Illinois

Email: privacy@shadowsolutions.tech