Privacy Policy

This policy explains how Veritas Agent handles your information. Last updated: 31/03/2026.

1. Scope and overview

This Privacy Policy applies to Veritas Agent websites, apps, and services. It describes what information we collect, how we use it, which services help us operate, and the controls available to you.

Veritas Agent is designed to provide AI-assisted chat, document analysis, image analysis, grounding/search features, optional email delivery tools, and optional personalization controls.

2. Information we collect

2.1 Account and profile data

  • Name, email address, and authentication records used to create and secure your account.
  • Profile settings such as username, plan status, preferences, and terms-agreement status.

2.2 Conversation and content data

  • Chat messages, prompts, and model responses.
  • Conversation metadata, including timestamps and related context used to support your session.
  • Saved items for optional personalization features, such as adaptive learning entries and memories.

2.3 Files and media

  • Uploaded documents and images, including extracted content and metadata needed for preview, search, and AI processing.
  • Public or shareable file URLs when required by product features such as previews or support tooling.

2.4 Contacts and communication data

  • Email contacts you save in-app.
  • Email payload content when you use the email tool (recipient, subject, body, and reply-to details).
  • Support and issue report submissions, including optional screenshots and collaboration details.

2.5 Optional location data

  • If enabled by you, location coordinates (latitude/longitude), approximate address details, country/state/city fields, and location update timestamps.
  • Location-derived preferences such as currency context.

2.6 Billing and subscription data

  • Plan and subscription status, billing frequency, and related Stripe customer/subscription identifiers.
  • Payment events and metadata needed to maintain your selected plan in the app.

2.7 Connected integration data

  • If you connect a third-party account such as Google, we may store connection metadata such as provider account email/address, provider account ID, granted scopes, capability flags, connection timestamps, and related status/error fields.
  • For Google integrations, we store an encrypted refresh token and related token metadata needed to maintain the connection and perform the actions you request.

2.8 Local and session storage

  • Browser local/session storage values used for session continuity and convenience features, such as remembered login email, style selections, and transient UI state.

3. How we use information

  • Provide core functionality, including chat, file analysis, and account access.
  • Operate optional features you enable, such as memories, adaptive learning, email tools, and location-based context.
  • Maintain and troubleshoot service reliability, security, and abuse prevention.
  • Process subscriptions and apply plan entitlements.
  • Respond to support requests and product feedback.

4. Third-party services used to process data

Veritas Agent uses third-party providers as processors/sub-processors for specific functions:

  • Supabase: authentication, database, and storage for application data.
  • Google Identity and Google Workspace APIs: Google sign-in connection, Gmail actions, and Google Calendar actions when you choose to connect a Google account.
  • Google Gemini API: AI prompt/response generation and related model processing.
  • Brave Search API: web/news retrieval and grounding-related search output.
  • Stripe: subscription checkout, billing operations, and webhook events.
  • Resend: transactional email delivery when you send email through the app.
  • OpenStreetMap Nominatim: reverse geocoding when location tracking is enabled.

4.1 Google integrations and how we manage Google data

Google integrations are optional. If you connect a Google account, Veritas Agent requests only the scopes configured for the connected features. At the time of this policy update, those scopes may include openid, email, profile, https://www.googleapis.com/auth/gmail.send, and https://www.googleapis.com/auth/calendar.events.

  • Account connection: We use Google identity/profile information to identify the connected account and display connection status in the app.
  • Gmail actions: If you ask Veritas Agent to send an email through your connected account, we use the granted Gmail send scope to perform that request.
  • Calendar actions: If you ask Veritas Agent to list or create Google Calendar events, we use the relevant granted Calendar scope to perform that request.
  • Stored connection data: We store Google connection metadata in our application database, and we store the Google refresh token in encrypted form so the connection can be reused without asking you to reconnect on every request.
  • Returned action data: Data returned from Google to fulfill your request, such as Gmail send status or calendar event details, may appear in your chat session and chat history as part of the response generated for you.
  • AI formatting/synthesis: When a Google action result is turned into a natural-language response inside Veritas Agent, the action result may be processed by our AI provider to format or synthesize the answer you asked for.
  • Disconnect and revocation: If you disconnect Google in the app, we attempt to revoke the stored Google token remotely, delete the stored credentials from our systems, and mark the connection as disconnected. Remote revocation may fail in some cases outside our control, but local stored credentials are still removed by the disconnect flow.

5. Data retention and deletion

We retain data as needed to provide the service, maintain account integrity, comply with legal obligations, and support security and operational requirements.

You can use in-app controls to remove major categories of stored data, including chat history and user data. Deletion workflows attempt to remove both database records and related storage objects, but some data may persist in backups, logs, or legally required records for a limited period.

6. Security practices

We use technical and organizational controls intended to protect personal information. No system can guarantee absolute security, and you are responsible for safeguarding your account credentials and device access.

7. International processing and storage

Based on current system configuration, core managed database/storage infrastructure may operate in Australia and may replicate within that region for reliability. Third-party processors may handle data in additional jurisdictions according to their own infrastructure and compliance practices.

8. Your controls and rights

  • Review and update profile/settings information in-app.
  • Disable optional features such as location tracking, memories, or adaptive learning.
  • Disconnect your Google integration in-app to remove stored Google credentials and stop future Gmail/Calendar actions through Veritas Agent.
  • Use in-app deletion controls to remove chats, files, and other stored user data.
  • Contact support through the in-app Report Issue workflow for privacy questions or requests.

9. Children and sensitive use

Veritas Agent is not intended for unlawful use or unauthorized processing of sensitive personal data. Do not upload/share data you do not have rights to process.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by a revised last-updated date. Continued use of Veritas Agent after an update means you accept the revised policy.

11. Contact

For privacy-related questions, requests, or concerns, use the in-app Report Issue/support path.

This document is provided for product transparency and operational notice and does not constitute legal advice.