Privacy Policy

Verora AI (“we,” “our,” or “us”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform, website, and related services.

By using Verora AI, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our services.

Account Information

When you create an account, we collect:

• Name and contact details (email address, phone number)
• Practice name and business address
• Professional credentials (NPI number, Tax ID)
• Billing and payment information (processed securely by Stripe)

Practice Management System Data

When you connect your PMS, we temporarily process:

• Patient scheduling information (appointment dates, times, procedures)
• Patient demographics necessary for insurance verification
• Insurance information (carrier name, member ID, group number)

Important: This data is processed in real-time and is not stored in our database. Please see our HIPAA Compliance page for details on our zero-PHI-at-rest architecture.

Usage Data

We automatically collect:

• Log data (IP address, browser type, pages visited)
• Device information (operating system, screen resolution)
• Feature usage patterns and interaction data
• Error logs and performance data

We use the information we collect to:

• Provide and maintain the Verora AI platform and services
• Process insurance verifications and generate reports
• Communicate with you about your account, including support and service updates
• Process payments and manage your subscription
• Improve our products, features, and user experience
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and enforce our terms

We do not sell your personal information. We may share information with:

• Insurance Clearinghouses: To process eligibility and benefits verifications on your behalf
• Payment Processors: Stripe processes all payment information — we never store your credit card details
• Cloud Infrastructure Providers: Our hosting and infrastructure partners process data under strict contractual obligations
• Legal Authorities: When required by law, subpoena, or court order

All third-party service providers are bound by confidentiality agreements and, where applicable, Business Associate Agreements (BAAs).

With your express consent, Verora AI and the dental practices we serve may send you SMS text messages related to appointment scheduling, reminders, and confirmations. You opt in by checking the SMS consent box on our contact form, by replying YES to an opt-in message, or by providing express written consent to your dental practice.

• Message types: Appointment scheduling offers, booking confirmations, reminders, and rescheduling notices.
• Message frequency: Message frequency varies based on your appointment activity.
• Cost: Message and data rates may apply, depending on your mobile carrier and plan.
• Opt-out: You can opt out at any time by replying STOP to any message. Reply HELP for help, or visit our SMS Help page.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent are not shared with any third parties under any circumstances. Information collected when you opt in to SMS is used solely to deliver the messaging service you requested.

We implement robust security measures to protect your information:

• All data is encrypted in transit using TLS 1.2+
• Temporarily cached data is encrypted at rest using AES-256
• Access to systems is controlled through role-based permissions and multi-factor authentication
• Regular security audits and penetration testing are conducted
• Employees undergo security awareness training

We retain different types of data for different periods:

• Patient Data (PHI): Not retained — processed in real-time only and held in short-lived memory caches that expire daily
• Account Information: Retained for the duration of your active account, plus 30 days after cancellation for data export purposes
• Billing Records: Retained for 7 years as required by tax and financial regulations
• Usage Logs: Retained for 12 months for analytics and security purposes
• Audit Logs: Retained for 6 years as required by HIPAA

We use essential cookies for authentication and core functionality, plus analytics and advertising technologies on our public marketing pages. These load by default; you can opt out at any time (see “Your Privacy Choices” below).

• Essential Cookies: Required for authentication and session management
• Analytics: Google Analytics 4 — usage and traffic patterns
• Advertising & conversion measurement: Google Ads and the Meta (Facebook) Pixel, including the Google Click ID (GCLID), used to measure and improve our ads. These involve sharing limited data with Google and Meta for cross-context behavioral advertising.
• Security: Google reCAPTCHA Enterprise (bot protection) and Sentry (error monitoring)

California and other U.S. state residents may opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising. To exercise this right:

• Use the “Do Not Sell or Share My Personal Information” control at the bottom of any page, or choose Opt out on our cookie notice.
• We honor the Global Privacy Control (GPC) browser signal automatically — if your browser sends it, we treat you as opted out.

Opting out stops the advertising signals shared with Google and Meta (it sets Google’s ad-consent signals to denied and prevents the Meta Pixel from loading). It does not affect essential cookies, and first-party analytics we do not use for cross-context advertising may continue.

Depending on your location, you may have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Request your data in a structured, machine-readable format
• Opt-Out: Opt out of non-essential communications at any time

To exercise any of these rights, please contact us at thomas@veroraai.com.

Verora AI is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will promptly delete it.

Our services are primarily operated in the United States. If you access Verora AI from outside the United States, your information may be transferred to and processed in the United States. By using our services, you consent to this transfer.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our platform. We encourage you to review this policy periodically.

If you have any questions or concerns about this Privacy Policy, please contact us:

• Email: thomas@veroraai.com
• Call or text: (512) 537-9513
• Support: support@veroraai.com