Privacy Policy

Verora AI (“we,” “our,” or “us”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform, website, and related services.

By using Verora AI, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our services.

Account Information

When you create an account, we collect:

• Name and contact details (email address, phone number)
• Practice name and business address
• Professional credentials (NPI number, Tax ID)
• Billing and payment information (processed securely by Stripe)

Practice Management System Data

When you connect your PMS, we temporarily process:

• Patient scheduling information (appointment dates, times, procedures)
• Patient demographics necessary for insurance verification
• Insurance information (carrier name, member ID, group number)

Important: This data is processed in real-time and is not stored in our database. Please see our HIPAA Compliance page for details on our zero-PHI-at-rest architecture.

Usage Data

We automatically collect:

• Log data (IP address, browser type, pages visited)
• Device information (operating system, screen resolution)
• Feature usage patterns and interaction data
• Error logs and performance data

We use the information we collect to:

• Provide and maintain the Verora AI platform and services
• Process insurance verifications and generate reports
• Communicate with you about your account, including support and service updates
• Process payments and manage your subscription
• Improve our products, features, and user experience
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and enforce our terms

We do not sell your personal information. We may share information with:

• Insurance Clearinghouses: To process eligibility and benefits verifications on your behalf
• Payment Processors: Stripe processes all payment information — we never store your credit card details
• Cloud Infrastructure Providers: Our hosting and infrastructure partners process data under strict contractual obligations
• Legal Authorities: When required by law, subpoena, or court order

All third-party service providers are bound by confidentiality agreements and, where applicable, Business Associate Agreements (BAAs).

We implement robust security measures to protect your information:

• All data is encrypted in transit using TLS 1.2+
• Temporarily cached data is encrypted at rest using AES-256
• Access to systems is controlled through role-based permissions and multi-factor authentication
• Regular security audits and penetration testing are conducted
• Employees undergo security awareness training

We retain different types of data for different periods:

• Patient Data (PHI): Not retained — processed in real-time only and held in short-lived memory caches that expire daily
• Account Information: Retained for the duration of your active account, plus 30 days after cancellation for data export purposes
• Billing Records: Retained for 7 years as required by tax and financial regulations
• Usage Logs: Retained for 12 months for analytics and security purposes
• Audit Logs: Retained for 6 years as required by HIPAA

We use essential cookies to maintain your session and provide core functionality. We do not use third-party advertising cookies or cross-site tracking.

• Essential Cookies: Required for authentication and session management
• Analytics: We use privacy-respecting analytics to understand usage patterns (no PII is tracked)

Depending on your location, you may have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Request your data in a structured, machine-readable format
• Opt-Out: Opt out of non-essential communications at any time

To exercise any of these rights, please contact us at thomas@veroraai.com.

Verora AI is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will promptly delete it.

Our services are primarily operated in the United States. If you access Verora AI from outside the United States, your information may be transferred to and processed in the United States. By using our services, you consent to this transfer.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our platform. We encourage you to review this policy periodically.

If you have any questions or concerns about this Privacy Policy, please contact us:

• Email: thomas@veroraai.com
• Phone: (512) 395-5633
• Support: support@veroraai.com