Overview
Universum Global Solutions ("UniversumGS", "we", "our") does not collect personal data without consent. If we ever request information, it is solely to deliver a service you have asked for and to communicate with you about that service.
1. Information We Collect
Information you provide
Examples include your name, email address, or company details when you contact us or request a demo.
Automatic data (minimal)
We may collect minimal technical data (e.g., standard logs) required for security and reliability of the website. We do not build profiles or sell personal data.
2. How We Use Your Information
We use your information to: (a) respond to inquiries, (b) provide requested services or demos, and (c) improve reliability and security of our systems.
3. Data Protection
We implement reasonable technical and organizational measures to protect information against unauthorized access, alteration, or disclosure.
4. Verify2Buy Mobile App
Our Verify2Buy mobile application is an AI-powered anti-counterfeit and product intelligence platform. This section describes how we collect and use data within the app.
Account Registration & Email Collection
When you sign in with Google or Apple, we collect your:
• Email address — used to identify your account, send reward notifications, and communicate redemption information
• Full name — used to personalise your experience
• Authentication provider (Google or Apple) — used to manage your sign-in
We do not use your email for marketing without your explicit consent. You may use the app as a Guest without providing any personal information, however Guest accounts expire after 30 days.
Product Scanning Data
When you scan products using Verify2Buy, we collect:
• Barcode data and product identifiers
• Scan timestamp and approximate GPS location (only if you grant location permission)
• Device information (for app functionality and bug fixes)
We use this data to calculate confidence scores, improve our product database, identify counterfeit patterns, and enhance app performance. All data is anonymized and aggregated for analysis purposes.
AI Image Comparison
When you use the Compare Image feature, we collect:
• A photo taken by your camera of the product you are holding
• The reference product image from our database
Both images are sent to Anthropic's Claude AI API for visual comparison analysis. The photo is temporarily processed to determine whether your product matches the reference image. We do not permanently store the captured photo on our servers beyond what is needed for the comparison. The AI analysis result (match/mismatch, confidence score, reasons) is stored against your scan record.
Anthropic's privacy policy applies to data processed through their API. See anthropic.com/privacy for details.
AI Lens
AI Lens lets you identify a product by pointing your camera at it, without needing a barcode. When you use this feature, we collect:
• A photo captured by your camera of the product, packaging, or item
• Approximate GPS location and device type (iOS/Android), only if you grant location permission
• The AI-generated analysis of the image (product name, brand, category, description, price range, and — where visible on packaging — net weight, country of origin, ingredients, storage instructions, certifications, allergens, warnings, and authenticity indicators)
The photo is sent to Anthropic's Claude AI API for analysis. Unlike the temporary processing used for Compare Image, AI Lens photos that result in a successful identification are stored in our secure cloud storage (AWS S3) along with the AI-generated analysis, so that we can build a more accurate, continuously improving product recognition database. This stored data is linked to your account if you are signed in, or treated as anonymous if you are a Guest user.
If you tap "Verify Now" after an AI Lens scan to confirm the product's barcode, that barcode and the verification result are also linked to the same AI Lens record.
You may request deletion of your AI Lens photos and associated analysis at any time by contacting privacy@universumgs.com.
Data Sharing for Market Intelligence
We partner with brands, manufacturers, and retailers to help combat counterfeiting and optimize supply chain integrity. Through our enterprise brand dashboards, we may share aggregated, de-identified, or pseudonymized statistical insights derived from product scans, including:
• Scanned barcode/QR code data and associated product identifiers.
• Generalized geographic scanning trends (e.g., city, postal code, or regional hub details) to pinpoint potential counterfeit hotspots.
• Scan timestamps and localized metrics regarding anti-counterfeit verification scores.
We do not disclose your direct personal identifiers (such as your full name or account email address) to these third-party brands. The data is shared strictly in an aggregate or pseudonymized format to enable brand protection analysis without compromising individual identity.
Jurisdictional Rights & Opt-Out Preferences
Depending on your location (including jurisdictions such as California), the sharing of pseudonymized scan histories and regional location metadata for commercial analytics may be legally categorized as a "sale" or "sharing" of data. We respect your autonomy over this information.
You have the right to restrict this data sharing at any time. If you wish to opt-out of market intelligence insights, you may toggle your preferences to a restricted privacy state in the app settings, or submit a request directly to our privacy desk at privacy@universumgs.com with the subject line "Do Not Sell or Share My Information".
Receipt Upload
When you upload a purchase receipt to earn bonus points, we collect:
• A photo of your receipt
• Product barcodes visible on the receipt (extracted by AI)
• Total price paid (extracted by AI)
• Purchase date (extracted by AI)
We do not collect, read, or store: your name, credit card or payment details, card numbers, billing address, loyalty card numbers, or any other personal information visible on the receipt. Our AI is specifically instructed to extract only product barcodes, price, and date — nothing else.
The receipt image is stored securely in our cloud storage (AWS S3) and is only used to verify your purchase for points eligibility. You may request deletion of your receipt images at any time by contacting us.
Report Fake
When you submit a fake product report, we collect:
• The product barcode you are reporting
• Your reason for the report (selected from a predefined list)
• Optional notes you choose to provide
• An optional photo of the suspected fake product
• Your approximate location at time of report (if location permission is granted)
Fake reports are used to improve our Consumer Confidence Score algorithm and to alert other users about potential counterfeits. Reports are reviewed and aggregated — individual reports are not publicly attributed to you by name.
You may submit a maximum of 5 fake reports per day. One report is permitted per product per account to maintain data integrity.
Rewards & Points
We maintain a points balance and transaction history associated with your account. This includes points earned from valid scans, receipt uploads, and fake reports. Points history is stored on our secure servers and linked to your user account.
Important: Consumer Confidence Score Disclaimer
The Consumer Confidence Score is a statistical indicator based on product scan history, database verification, and user reports. This score is provided for informational purposes only and should not be considered as a guarantee of product authenticity.
Verify2Buy makes no warranties or representations about the accuracy or completeness of this information. Users should exercise their own judgment and consider multiple factors when making purchasing decisions. We are not liable for any losses, damages, or claims arising from reliance on the Consumer Confidence Score.
The score is calculated using automated algorithms and may not reflect the actual authenticity or quality of any product. Always verify products through official channels when possible.
GS1 Digital Link & QR Code Scanning
Verify2Buy supports scanning GS1 Digital Link QR codes found on medical devices, pharmaceutical products, and consumer goods. When you scan a GS1 Digital Link QR code, we extract the Global Trade Item Number (GTIN) and any production identifiers (lot number, expiry date, serial number) encoded in the URL. This data is treated identically to barcode scan data and used to perform product verification and recall checks. We do not transmit the full GS1 Digital Link URL to third parties.
Data Retention
We retain your data for the following periods:
• Scan history: Retained for 3 years from the date of scan, after which records are anonymized or deleted
• Account data: Retained for the lifetime of your account, plus 90 days after account deletion
• Receipt images: Retained for 12 months from upload date
• AI Lens photos: Retained indefinitely to improve our product recognition database, unless you request deletion
• Fake reports: Retained for 5 years to support ongoing counterfeit pattern analysis
• Guest account data: Automatically deleted 30 days after the Guest session expires
You may request early deletion of any of your data at any time by contacting privacy@universumgs.com.
Your Rights
You have the right to request deletion of your data at any time. Contact us at privacy@universumgs.com with your request. Please note that deleting historical data may affect the accuracy of confidence scores for products you've previously scanned.
5. VerifyMed (Healthcare Supply Chain Verification)
VerifyMed is our B2B platform for healthcare facilities, designed to verify medical device authenticity and screen for active safety recalls using FDA, Health Canada, TGA Australia, and MHRA UK data, with EU MDR (targeted 2027) and CDSCO India coverage on our roadmap. VerifyMed is intended for use by hospital staff, supply chain teams, and authorized facility personnel — not for use by patients or members of the general public.
Account & Facility Information
When your organization onboards to VerifyMed, we collect:
• Facility name, department, and authorized user names and email addresses
• Authentication credentials used to sign in to the platform
• Role and permission level within your organization's account
VerifyMed does not collect, process, or store patient information. VerifyMed is a device and supply chain verification tool — it does not interact with electronic health records, patient identifiers, or any protected health information (PHI) as defined under HIPAA.
Device Scanning & UDI Lookup
When facility staff scan a medical device barcode, Data Matrix code, or manually enter a Unique Device Identifier (UDI), we collect:
• The UDI, barcode, or device identifier scanned
• Scan timestamp and the facility/department associated with the scan
• The device record matched from the FDA Global Unique Device Identification Database (GUDID), including manufacturer, brand, model, and lot/batch information where available
This data is used to confirm the device is registered in official databases, surface any matching FDA, Health Canada, TGA Australia, or MHRA UK recall alerts, and maintain a verification history for your facility's compliance records.
Invoice Upload & Processing
VerifyMed allows authorized staff to upload supplier invoices for automated line-item verification, either one at a time (PDF or JPEG) or in bulk via CSV import for high-volume batches. When you upload an invoice or CSV batch, we collect:
• The invoice image, document file, or CSV batch file
• Vendor name, invoice number, invoice date, and line-item details extracted by AI (including device identifiers, descriptions, and quantities)
• The validation result for each line item (UDI match, recall status, and any items flagged for manual review)
Invoice line items are processed using Anthropic's Claude AI to extract device identifiers and orchestrate validation against the GUDID device database and FDA, Health Canada, TGA Australia, and MHRA UK recall databases. Anthropic's privacy policy applies to data processed through their API — see anthropic.com/privacy. We do not extract or store patient information, payment card numbers, or billing details from uploaded invoices; extraction is limited to vendor, device, and line-item information needed for verification.
Uploaded invoice images are stored securely in our cloud storage (AWS S3) and linked to your facility's account for audit and compliance reporting purposes.
Compliance Reporting & Dashboard Analytics
VerifyMed generates summary metrics for your facility, including products processed, products verified, recall matches, invalid identifiers, items requiring manual review, and an overall A–F compliance score. These reports may be viewed on your facility's dashboard or exported as Excel or PDF documents by authorized users within your organization. Compliance reports and dashboard data are accessible only to authorized users within your facility's account and are not shared with other VerifyMed customers.
Asset Registry & Warranty Tracking
VerifyMed automatically builds a manufacturer → brand → asset registry for your facility, populated from invoice processing and from device scans performed through the VerifyMed mobile app. For each tracked asset, we collect and store:
• Manufacturer, brand, model, and device class
• Facility and department assignment
• Warranty expiry date (where available from invoice or manual entry)
We use warranty expiry dates to generate automated status alerts (Expired, expiring within 30 days, within 90 days, or Valid), refreshed nightly, so your team can act before coverage lapses. Asset registry data is accessible only to authorized users within your facility's account.
Vendor Risk Ranking
VerifyMed aggregates your facility's own invoice and device data to produce a vendor risk ranking — surfacing suppliers by flagged and recalled item volume and average compliance score. This ranking is calculated solely from your organization's own data and is not benchmarked against or shared with other VerifyMed customers.
White-Label & Partner Deployments
VerifyMed may be deployed under a partner organization's own branding, domain, and user management as part of a white-label or enterprise agreement. In such deployments, the partner organization is responsible for its own end-user communications, and a separate data processing agreement governs how data is handled between UniversumGS and that partner.
Data Retention
VerifyMed data is retained as follows:
• Device scan records: Retained for 7 years to support regulatory compliance and audit requirements
• Invoice uploads and line-item records (including bulk CSV batches): Retained for 7 years from the date of upload
• Asset registry and warranty records: Retained for the duration of your organization's active subscription, plus 7 years to support audit history
• Vendor risk ranking data: Retained for 7 years, derived from your organization's own invoice and device data
• Compliance reports and dashboard data: Retained for 7 years
• User account and facility records: Retained for the duration of your organization's active subscription, plus 1 year after contract termination
• Exported PDF/Excel reports: Generated on-demand and not stored on our servers beyond the generation request
The 7-year retention period reflects common healthcare regulatory record-keeping requirements. If your organization requires a different retention schedule, this may be specified in your Data Processing Agreement.
Your Rights
Authorized facility administrators may request deletion or export of their organization's VerifyMed data at any time by contacting privacy@universumgs.com. Please note that deleting historical scan or invoice data may affect the completeness of your facility's compliance history.
6. Contact
Questions about this policy? Email us at privacy@universumgs.com.