Veritas Agent Logo Veritas Agent
  • Home
  • Creators
  • Pricing
  • Features
  • Download
  • Updates
Legal

Privacy Policy

This policy explains how Veritas Agent handles your information. Last updated: 06/07/2026.

1. Scope and overview

This Privacy Policy applies to Veritas Agent websites, apps, and services. Veritas Agent is operated by Bradley Bulman (ABN 28 283 798 533). We handle personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It describes what information we collect, how we use it, which services help us operate, and the controls available to you.

Veritas Agent is designed to provide AI-assisted chat, document analysis, image analysis, grounding/search features, searchable saved conversation history, optional Meeting Assistant features, optional email delivery tools, and optional personalization controls.

If you enable Scheduled Research, we store the research brief, recurrence, browser-detected IANA timezone, schedule status, delivery timestamps, generated content, source links, AI token usage counts or estimates, and delivery/error metadata needed to produce and troubleshoot recurring or manually triggered schedules. We use your account plan and role to apply saved schedule limits. Scheduled Research may use AI search grounding and web search providers to retrieve current public web results for the saved brief. When Memories is enabled, we may include your saved memories in the AI request solely to tailor the content's relevance and framing; we do not include them in the delivered email as a memory list. Scheduled content is sent only to the verified email address on your account. Completed content and source snapshots are retained for up to 30 days, unless deleted earlier through your account or account deletion request.

Saved memories may include AI-generated retrieval tags. These tags are internal metadata used to select the most relevant saved memories for a chat or report, including by automatically tagging older memories that do not yet have retrieval tags. Memory tags do not change your memory controls: disabling or deleting memories also stops or removes the related memory context and retrieval metadata.

Document sectioning, image-context indexing, and context-routing tag summaries do not change the categories of information collected, the purposes of processing, or your privacy controls. Context routing may use short snippets from prior messages, model responses, document sections, and internal tag summaries to help the AI select relevant context for the current request.

2. Information we collect

2.1 Account and profile data

  • Name, email address, and authentication records used to create and secure your account.
  • Profile settings such as username, plan status, preferences, and terms-agreement status.

2.2 Conversation and content data

  • Chat messages, prompts, and model responses.
  • Conversation metadata, including timestamps, internal retrieval labels that may describe granular document sections, short context-routing snippets or tag summaries, document section counts/word counts, AI token usage counts or estimates, context-token savings estimates, and related context used to support your session.
  • Saved items for optional personalization features, such as memories and internal memory retrieval tags.

2.2A Enterprise organization data

  • If you use Veritas Agent through a business or enterprise workspace, we may process organization names, slugs, ownership records, admin/member role data, invite records, invite token metadata, workspace metadata, organization settings, audit logs, and enterprise billing identifiers or billing status.
  • Enterprise registration records may include company profile details such as country, ABN or other business identifiers supplied to us, legal business name, trading name, business type, website, phone number, and business address.
  • For Enterprise owners, we may check organization billing status and selected billing interval to decide whether the owner can enter the platform, manage workspace settings, or invite members.
  • Business invite records may include the invited email address, inviter details, organization name, role, status, expiry, and limited token data needed to create, validate, expire, or revoke an invitation.
  • Authorized administrators may permanently delete admin-created business invite records and linked workspace setup records, including related organization invite, membership, billing, and audit records associated with that pending workspace.
  • Enterprise content may be stored in customer data tables scoped by organization membership, organization identifiers, and access controls so business data remains separated from personal consumer data and from other organizations.
  • Organization owners or administrators may be able to manage members, remove member workspace access, review workspace settings, view audit/security events, control organization-owned data, and manage admin-led Enterprise purchase or contact-sales workflows according to their role and applicable workspace settings.
  • Removing a member from an enterprise organization removes that user's access to the business workspace and may create an audit record, but it does not delete the user's personal Veritas Agent account.
  • An authorized Enterprise owner may delete a company workspace. This cancels the linked Enterprise subscription where possible and deletes organization-owned workspace records, member links, invites, billing rows, and organization-scoped app data. It does not delete the personal Veritas Agent accounts of the owner or members.

2.3 Files and media

  • Uploaded documents and images, including extracted content and metadata needed for preview, search, and AI processing.
  • For uploaded images, concise AI-generated retrieval tags, factual summaries, and human-readable display labels used to organize images and select relevant prior image context. These labels may be incomplete or corrected over time and do not change the stored upload filename.
  • AI-generated documents and exports, including filenames, file type, size, storage path, download URL metadata, and generation details needed to save, preview, and download the file.
  • Public or shareable file URLs when required by product features such as previews or support tooling.

2.4 Meeting Assistant data

  • If you use Meeting Assistant, Veritas Agent may capture microphone audio, desktop/system audio where available, and related technical metadata such as recording time, file type, file size, and storage path.
  • Meeting Assistant may generate transcripts, transcript segments, timestamped summaries, key moments, action items, follow-ups, decisions, and other notes from the recording.
  • Meeting audio and generated meeting notes may include personal information about you and other participants, including voices, names, opinions, business information, and other information discussed in the recording. Depending on the meeting, this may include sensitive information.
  • When meeting audio is saved, it is stored in private application storage and accessed through time-limited signed URLs for playback. Meeting transcript, summary data, and AI token usage counts or estimates may be stored with the related conversation so you can review and ask follow-up questions about the meeting and so we can monitor operational usage.
  • Meeting transcripts and generated notes may be treated like document content for internal indexing, sectioning, and retrieval so follow-up questions can use organized meeting context.

2.5 Contacts and communication data

  • Email contacts you save in-app.
  • Email payload content when you use the email tool (recipient, subject, body, and reply-to details).
  • Scheduled post and Scheduled Research instructions, cadence, browser-detected timezone, generated summaries, source links, delivery records, AI token usage counts or estimates, and, when your Memories setting is enabled, saved-memory context used to personalize scheduled synthesis.
  • Admin-created business invite emails, including delivery metadata needed to send, troubleshoot, expire, or resend invitations.
  • Support and issue report submissions, including request type, title, description, optional screenshots, collaboration details, and operational context such as page URL, browser user agent, app version, chat ID, viewport size, and language where available.

2.6 Optional location data

  • If enabled by you, location coordinates (latitude/longitude), approximate address details, country/state/city fields, and location update timestamps.
  • Location-derived preferences such as currency context.

2.7 Billing and subscription data

  • Plan and subscription status, billing frequency, and related Stripe customer/subscription identifiers.
  • Organization billing status, Enterprise purchase workflow status, contact-sales request context, company profile summaries used for billing administration, active member seat counts, billing-band snapshots, next-invoice previews, and admin-led checkout or billing-management metadata where applicable.
  • Payment events and metadata needed to maintain your selected plan in the app.

2.8 Connected integration data

  • If you connect a third-party account such as Google, we may store connection metadata such as provider account email/address, provider account ID, granted scopes, capability flags, connection timestamps, and related status/error fields.
  • For Google integrations, we store an encrypted refresh token and related token metadata needed to maintain the connection and perform the actions you request.

2.9 Local and session storage

  • Browser local/session storage values used for session continuity and convenience features, such as remembered login email, style selections, and transient UI state.

3. How we use information and our lawful bases

Depending on the feature and context, Veritas Agent processes personal information to perform our contract with you, with your consent, for legitimate interests such as security and service improvement, or to meet legal obligations.

  • Provide core functionality, including chat, file analysis, and account access.
  • Use concise image retrieval metadata to select relevant prior image context for follow-up requests, rather than sending unrelated images where possible.
  • Operate optional features you enable, such as memories, Meeting Assistant, email tools, and location-based context.
  • Run and deliver Scheduled Research reports at the local time and frequency you select, or when you manually trigger a saved schedule, using your browser-detected timezone and your enabled saved-memory context only to improve relevance and framing.
  • Process meeting recordings to generate transcripts, timestamped summaries, notes, and playback references you request.
  • Maintain and troubleshoot service reliability, security, and abuse prevention.
  • Monitor operational AI usage through provider-reported or estimated token counts and context-token savings estimates, including admin analytics used for capacity planning and service health.
  • Process subscriptions and apply plan entitlements.
  • Send and manage business workspace invitations, validate invite tokens, apply organization roles, maintain audit logs, record company profile details, and support organization billing or Enterprise sales workflows.
  • Respond to support requests, product feedback, collaboration requests, and bug reports, including routing requests by category and using submitted details to diagnose issues or assess product ideas.

Where Meeting Assistant captures or processes meeting audio involving other people, you are responsible for ensuring you have any required consent, authority, or other lawful basis before recording or submitting that audio for processing.

4. Third-party services used to process data

Veritas Agent uses third-party providers as processors/sub-processors for specific functions:

  • Supabase: authentication, database, and private/public storage for application data, including saved meeting audio when Meeting Assistant storage is used.
  • Google Identity and Google Workspace APIs: Google sign-in connection, Gmail actions, and Google Calendar viewing when you choose to connect a Google account.
  • Google Gemini API: AI prompt/response generation and related model processing.
  • Brave Search API: web/news retrieval, extracted web context/snippets, and grounding-related search output.
  • Stripe: subscription checkout, organization billing operations, billing-status updates, and webhook events.
  • Resend: transactional email delivery, including business workspace invitations and email sent through the app.
  • OpenStreetMap Nominatim: reverse geocoding when location tracking is enabled.

4.1 Google integrations and how we manage Google data

Google integrations are optional. If you connect a Google account, Veritas Agent requests only the scopes configured for the connected features. At the time of this policy update, those scopes may include openid, email, profile, https://www.googleapis.com/auth/gmail.send, and https://www.googleapis.com/auth/calendar.events.

  • Account connection: We use Google identity/profile information to identify the connected account and display connection status in the app.
  • Gmail actions: If you ask Veritas Agent to send an email through your connected account, we use the granted Gmail send scope to perform that request.
  • Calendar viewing: If Google Calendar is available to your account and the calendar view is available to your role, we use the relevant granted Calendar scope to load and display calendar events for the requested range. The calendar view may be limited to administrator accounts. @calendar chat mentions prepare an internal calendar request payload only and do not retrieve event details from Google Calendar. Veritas Agent does not create or delete calendar events through chat commands.
  • Stored connection data: We store Google connection metadata in our application database, and we store the Google refresh token in encrypted form so the connection can be reused without asking you to reconnect on every request.
  • Returned action data: Data returned from Google to fulfill your request, such as Gmail send status or calendar event details shown in the calendar view, may appear in your session or stored application data as part of the feature you used.
  • AI formatting/synthesis: When a Google action result is turned into a natural-language response inside Veritas Agent, the action result may be processed by our AI provider to format or synthesize the answer you asked for.
  • Disconnect and revocation: If you disconnect Google in the app, we attempt to revoke the stored Google token remotely, delete the stored credentials from our systems, and mark the connection as disconnected. Remote revocation may fail in some cases outside our control, but local stored credentials are still removed by the disconnect flow.

5. Data retention and deletion

We retain data as needed to provide the service, maintain account integrity, comply with legal obligations, and support security and operational requirements.

Meeting transcripts, summaries, timestamp data, and saved meeting audio are retained with the related conversation unless you delete the conversation, delete your account data, or a shorter retention setting is introduced and selected. Deletion workflows attempt to remove both database records and related storage objects, including saved meeting audio, but some data may persist in backups, logs, or legally required records for a limited period.

Enterprise organization data may be retained under the control of the organization even if an individual member leaves or deletes a personal account. Organization-owned data deletion, export, retention, access transfer, invite-token expiry, invite deletion, workspace deletion, or audit-log handling may require action by an organization owner or administrator.

You can use in-app controls to remove major categories of stored data, including chat history, meeting data, files, and user data. If you need help removing meeting recordings or related generated notes, contact us using the privacy contact details below.

6. Security practices

We use technical and organizational controls intended to protect personal information. Saved meeting audio is intended to be stored in private storage and accessed through time-limited signed URLs rather than permanent public URLs. No system can guarantee absolute security, and you are responsible for safeguarding your account credentials and device access.

7. International processing and storage

Based on current system configuration, core managed database/storage infrastructure may operate in Australia and may replicate within that region for reliability. Third-party processors may handle data in additional jurisdictions according to their own infrastructure and compliance practices.

8. Your controls and rights

  • Review and update profile/settings information in-app.
  • Export a machine-readable copy of account data from Privacy & Data settings.
  • Disable optional features such as location tracking or memories.
  • Choose whether to use Meeting Assistant and avoid recording or uploading meetings where you do not have permission to do so.
  • Disconnect your Google integration in-app to remove stored Google credentials and stop future Gmail/Calendar actions through Veritas Agent.
  • Use in-app deletion controls to remove chats, meeting summaries, saved meeting audio, files, and other stored user data.
  • For enterprise workspaces, contact your organization owner or administrator for organization-owned data access, correction, export, deletion, invite status, role changes, billing status, audit logs, or workspace membership changes.
  • Submit access, deletion, correction, restriction, objection, portability, CCPA opt-out, CCPA sensitive-use limit, or other privacy requests through Privacy & Data settings.
  • Email veritas.agent.delivery@gmail.com for privacy questions or requests.

9. CCPA privacy choices and Global Privacy Control

Veritas Agent does not currently sell or share personal information for cross-context behavioral advertising. We still provide a "Do Not Sell or Share My Personal Information" / privacy choices route and store opt-out preferences defensively.

If your browser sends a Global Privacy Control signal, we treat it as an opt-out signal for that browser/device where applicable.

10. Children and sensitive use

Veritas Agent is not intended for unlawful use or unauthorized processing of sensitive personal data. Do not upload/share data, record meetings, or process audio involving people unless you have the necessary rights, consent, or lawful basis to do so.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by a revised last-updated date. Continued use of Veritas Agent after an update means you accept the revised policy.

12. Contact

For privacy-related questions, requests, or complaints, use Privacy & Data settings in the app or email veritas.agent.delivery@gmail.com. If your complaint is not resolved to your satisfaction, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.

13. Notifiable Data Breaches

In the event of a data breach that is likely to result in serious harm, Veritas Agent will notify affected individuals and the Office of the Australian Information Commissioner as required under the Notifiable Data Breaches scheme.

This document is provided for product transparency and operational notice and does not constitute legal advice.

Veritas Agent Logo
Veritas Agent Future-ready conversations for every team.

Navigate

  • Creators
  • Pricing
  • Features
  • Download
  • Change Logs

Legal

  • Privacy Policy
  • Do Not Sell or Share
  • Terms & Conditions
Veritas Agent Stella Bradley

© Veritas Agent. All rights reserved.