Privacy Policy

1. Introduction

Veruno.AI ("Veruno," "we," "us") operates the Veruno.AI platform at veruno.ai. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy. Our AI agent platform processes data on your behalf, and we treat your data with the same care we would treat our own.

2. Information We Collect

2.1 Account Information

When you register, we collect your email address, company name, industry, and password (hashed). If you sign up via Google OAuth, we receive your name, email address, and profile picture from Google.

2.2 Task and Interaction Data

When you use AI agents, we process the instructions you provide, the data you upload or paste, chat messages, task descriptions, and agent outputs. This data is necessary to operate the Service.

2.3 Usage Data

We automatically collect information about how you use the Service, including pages visited, features used, agent interactions, task completion rates, and timestamps. This data is used to improve the Service and provide usage analytics in your dashboard.

2.4 Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers, bank account numbers, or other sensitive financial information on our servers. We receive a payment confirmation and limited billing details (last four digits, card type, billing address) from Stripe.

2.5 Communications

If you contact us via email or through the Service, we retain those communications to respond to your inquiries and improve support.

3. How We Use Your Information

• To provide the Service: Processing your tasks, running AI agents, generating outputs, and managing your account.
• To improve the Service: Analyzing usage patterns, identifying bugs, and developing new features. We use aggregated, anonymized data for this purpose.
• To communicate with you: Sending account notifications, trial lifecycle emails, billing confirmations, and product updates.
• To ensure security: Detecting and preventing fraud, abuse, and unauthorized access.
• To comply with law: Meeting legal obligations, responding to lawful requests from public authorities.

4. How AI Agents Process Your Data

This section is specific to how data flows through our AI agent system:

• Input processing: When you send a task to an agent, your instructions and any attached data are sent to our agent runtime service, which processes them using third-party AI models.
• Third-party AI providers: We use Anthropic (Claude) as our primary AI model provider. Your task data is sent to their API for processing. Anthropic's data usage policies apply to data processed through their models. Anthropic does not use API inputs to train their models.
• Tool execution: Agents may use tools (web search, code execution, document processing) that interact with third-party services. Data sent to these tools is limited to what is necessary for the task.
• Agent memory: Agents may retain context from previous interactions to provide better results over time. This memory is scoped to your account and never shared with other customers.
• Data isolation: Each customer's data is logically isolated at the orchestration layer. Agents from one customer cannot access data from another customer.

5. What We Do NOT Do With Your Data

• We do not use your task data, uploads, or agent interactions to train AI models.
• We do not sell your personal information or business data to third parties.
• We do not share your data with other customers.
• We do not use your data for advertising purposes.
• We do not access your data manually unless required for support (with your consent) or legal compliance.

6. Data Sharing and Disclosure

We share your information only in these circumstances:

• Service providers: Third-party services that help us operate (Anthropic for AI, Stripe for payments, Google Cloud for infrastructure, SendGrid for email). These providers are contractually obligated to protect your data.
• Legal requirements: When required by law, subpoena, or court order.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you.
• With your consent: When you explicitly authorize sharing.

7. Data Security

We implement industry-standard security measures to protect your data:

• All data in transit is encrypted using TLS 1.2 or higher.
• Data at rest is encrypted using AES-256 encryption.
• API keys and secrets are stored in encrypted secret management systems (Google Cloud Secret Manager).
• Access to production systems is restricted to authorized personnel with multi-factor authentication.
• We maintain audit logs of all system access and data processing activities.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Retention

• Active accounts: Your data is retained for as long as your account is active.
• Cancelled accounts: After cancellation, your data is retained for 30 days to allow for reactivation or export. After 30 days, it is permanently deleted.
• Expired trials: Trial data is retained in read-only mode for 90 days, then permanently deleted.
• Agent memory: Agent memories are deleted when the associated agent or account is deleted.
• Audit logs: Activity logs are retained for 12 months for security and compliance purposes.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your personal data ("right to be forgotten").
• Export your data in a portable format.
• Object to certain types of data processing.
• Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at privacy@veruno.ai. We will respond within 30 days.

10. Cookies and Tracking

We use essential cookies required for the Service to function (authentication, session management). We do not use advertising cookies or third-party tracking pixels. We may use privacy-focused analytics to understand how the Service is used, without collecting personally identifiable information.

11. International Data Transfers

The Service is hosted on Google Cloud in the United States (us-east4, Northern Virginia). If you are located outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

12. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If we discover that a child has provided personal information, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top reflects the most recent revision.

14. Contact Us

For privacy-related questions or requests, contact us at: