Vera is on your side — that includes protecting your privacy. We collect only what we need to make Vera work. We never sell your data. We never use your conversations to train AI models. We never share your information with advertisers. If you want your data deleted, we delete it. That's the whole deal.
What we collect
Email address — when you sign in (via Google, email/password, or magic link). Used for authentication, sending you responses you request, and marketing emails if you opt in.
Conversations — the questions you ask Vera and her responses. Signed-in users' conversations are saved to your account so you can access them later. Anonymous users' conversations live only in your browser and are never stored on our servers.
Documents and photos — when you upload a document or photo for Vera to analyze. These are processed in real time to generate your response and are not permanently stored.
Location — only if you grant permission. Stored locally in your browser, never on our servers. Used to answer location-specific questions like "what's near me."
Usage data — daily conversation counts for rate limiting. No browsing history, no tracking cookies, no analytics profiles.
How we use your data
To provide the service — your questions are sent to the AI to generate answers. Your saved responses are stored so you can access them across devices.
To send you emails you request — magic links, responses you email to yourself, and marketing tips if you opt in.
To improve Vera — we may review anonymized, aggregated usage patterns (like "how many people asked about medical bills this month") to understand what Vera is used for. We never read individual conversations.
Never to sell, share, or target ads.
Third-party services
Vera uses a small number of trusted services to work. Each has its own privacy policy:
Services we use
Anthropic (Claude API) — processes your questions and generates Vera's responses. Anthropic does not use API inputs/outputs to train their models. Anthropic's privacy policy
Supabase — stores your account, saved responses, and authentication data. Hosted in the US with encryption at rest. Supabase's privacy policy
Google — provides Sign in with Google authentication and web search via Chrome's Speech API. Google's privacy policy
Your rights
You have full control over your data:
Delete your saved history — go to heyvera.love/account → Privacy & data → "Delete all my history."
Delete your account — email hello@heyvera.love with "Delete my account" and we'll remove everything within 48 hours.
Unsubscribe from marketing emails — every marketing email includes a one-click unsubscribe link. You can also toggle it off at heyvera.love/account.
Export your data — coming soon. For now, email us and we'll send you a copy.
Change your email — email us from your current address and we'll update it.
Children
Vera is not designed for children under 13. We do not knowingly collect data from children. If you believe a child has used Vera, contact us and we'll delete their data immediately.
Security
We take security seriously. All data is encrypted in transit (HTTPS) and at rest (Supabase encryption). Authentication uses magic links or passwords — we never store plaintext passwords. API keys are stored as environment variables, never in source code. Rate limiting protects against abuse. For details, see our security policy.
Changes to this policy
If we make significant changes, we'll notify users via email (if opted in) and update this page. The "last updated" date at the top tells you when it was last revised.
Contact us
Questions about your privacy? We're real people and we respond quickly.