Privacy Policy

Last Updated: December 4, 2024 | Effective Date: December 4, 2024

VeraNeural, Inc. ("VeraNeural," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use VERA and our related services (collectively, the "Service").

1. Information We Collect

Information You Provide

• Account Information: Email address for authentication via magic link or social login (Google, Apple)
• Conversation Content: Messages, prompts, and responses exchanged with VERA
• Saved Content: Messages you explicitly choose to save
• Profile Preferences: Theme settings, notification preferences
• Payment Information: Processed securely by Stripe; we do not store full payment card details

Information Collected Automatically

• Device Information: Device type, operating system, browser type, unique device identifiers
• Usage Data: Features used, session duration, interaction patterns, timestamps
• Log Data: IP address, access times, error logs for troubleshooting
• Analytics Data: Aggregated usage statistics via Google Analytics

Cookies & Similar Technologies

We use essential cookies for authentication and session management. We also use analytics cookies (Google Analytics) to understand how users interact with VERA. You can control cookie preferences through your browser settings.

2. How We Use Your Information

• Provide the Service: Deliver AI-powered conversations and features you request
• Personalization: Remember your preferences and provide continuity in conversations
• Improvement: Analyze usage patterns to improve VERA's responses and features
• Safety: Detect crisis situations, prevent abuse, and ensure platform security
• Communication: Send service-related emails (e.g., magic links, billing confirmations)
• Billing: Process subscriptions and manage your account
• Legal Compliance: Meet legal obligations and respond to lawful requests

3. Data Storage & Security

Local-First Architecture

By default, your conversation history is stored locally on your device using browser storage. This means:

• Your conversations remain on your device unless you choose to sync
• Clearing your browser data will delete local conversation history
• We cannot access locally-stored conversations

Server-Side Storage

For subscribers and authenticated users who opt into cloud sync, certain data is stored on secure servers:

• Account information and authentication data
• Subscription and billing records
• Synced conversation threads (if enabled)
• Saved messages

Security Measures

• TLS/SSL encryption for all data in transit
• Encryption at rest for server-stored data
• Secure authentication via magic links (no passwords stored)
• Regular security audits and monitoring
• Access controls limiting employee access to user data

4. Information Sharing

We do not sell your personal information. We share information only in the following circumstances:

Service Providers

We use trusted third-party services to operate VERA:

• OpenAI: AI model provider for generating VERA's responses
• Supabase: Database and authentication services
• Vercel: Application hosting and deployment
• Stripe: Payment processing
• Google Analytics: Usage analytics

Legal Requirements

We may disclose information if required by law, legal process, or government request, or to protect the rights, safety, or property of VeraNeural, our users, or the public.

Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction. We will notify you of any such change.

5. Your Rights & Choices

You have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your account and associated data
• Export: Download your data in a portable format
• Opt-Out: Unsubscribe from marketing communications
• Withdraw Consent: Where processing is based on consent, withdraw it at any time

To exercise these rights, visit your Profile settings or contact us at privacy@veraneural.com.

6. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information (subject to exceptions)
• Right to Opt-Out: We do not sell personal information, so this right does not apply
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To submit a request, email privacy@veraneural.com with "CCPA Request" in the subject line. We will verify your identity before processing requests.

7. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process data based on consent, contract performance, and legitimate interests
• Right of Access: Obtain confirmation and access to your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact privacy@veraneural.com. You also have the right to lodge a complaint with your local data protection authority.

8. Children's Privacy

VERA is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@veraneural.com, and we will delete such information.

Users between 13-17 years old may use VERA only with parental or guardian consent.

9. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy. Specifically:

• Account Data: Retained until you delete your account
• Conversation Data (server-side): Retained until you delete your account or specific threads
• Conversation Data (local): Stored on your device; deleted when you clear browser data
• Billing Records: Retained for 7 years for tax and legal compliance
• Usage Analytics: Aggregated data retained indefinitely; identifiable data deleted after 26 months

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

10. International Data Transfers

VeraNeural is based in the United States. If you access VERA from outside the U.S., your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission and other appropriate safeguards.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we may also send you an email notification. Your continued use of VERA after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

This Privacy Policy is provided for general information purposes. VeraNeural reserves the right to modify this policy at any time. We recommend consulting with a qualified attorney for specific legal advice.