Privacy Policy

Last updated: March 4, 2026

1. Introduction

Vero Health, Inc. ("we," "us," or "our") operates the Vero mobile application and website at heyvero.ai (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information, including health-related data.

We take your privacy seriously — especially when it comes to your health data. We are committed to maintaining HIPAA-compliant infrastructure and will never sell your personal information.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, and authentication credentials.
  • Health profile: date of birth, biological sex, height, weight, blood type, medical conditions, allergies, medications, and family health history.
  • Lab results: blood work, test results, and medical documents you upload or photograph.
  • Chat conversations: questions you ask and responses generated by our AI.

2.2 Information from Connected Services

  • Apple HealthKit: with your permission, we read health metrics such as heart rate, sleep data, step count, activity levels, and other data available through HealthKit.
  • Wearable devices: data synced through Apple Health from devices like Apple Watch and Oura Ring.

2.3 Automatically Collected Information

  • Device type, operating system, and app version.
  • Usage patterns and feature interactions.
  • Crash logs and performance data.

3. How We Use Your Information

We use your information to:

  • Provide personalized health insights by analyzing your health data in context with your questions.
  • Improve our AI to deliver more accurate and relevant responses.
  • Maintain and improve the Service, including debugging, analytics, and feature development.
  • Communicate with you about your account, updates, and service-related notices.
  • Ensure security and prevent fraud or abuse.

We do not use your health data for advertising. We do not sell your personal information to third parties. Ever.

4. How We Share Your Information

We only share your information with third parties in the following circumstances:

  • AI processing providers: your health context and questions are sent to our AI providers (e.g., OpenAI) to generate responses. We have Business Associate Agreements (BAAs) in place where applicable.
  • Infrastructure providers: we use HIPAA-compliant cloud infrastructure (e.g., Supabase) to store your data securely.
  • Legal requirements: we may disclose information if required by law, regulation, or legal process.
  • Business transfers: in the event of a merger, acquisition, or sale, your data may be transferred as part of that transaction.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit: all data is transmitted over TLS/SSL (HTTPS).
  • Encryption at rest: health data is encrypted using AES-256 encryption.
  • Access controls: strict role-based access to production data.
  • HIPAA-compliant infrastructure: our database and storage providers maintain HIPAA compliance.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • Your health profile, chat history, and lab results are permanently deleted within 30 days.
  • Anonymized, aggregated data may be retained for service improvement.
  • Data required for legal compliance may be retained as mandated by law.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate data.
  • Deletion: request deletion of your account and associated data.
  • Export: request a portable copy of your data.
  • Opt-out: disconnect HealthKit or other data sources at any time through your device settings.

To exercise any of these rights, contact us at privacy@heyvero.ai.

8. Apple HealthKit Data

We comply with Apple's HealthKit guidelines. Specifically:

  • HealthKit data is not used for advertising or marketing.
  • HealthKit data is not sold to data brokers or any third party.
  • HealthKit data is only shared with third parties with your explicit consent and for the purpose of providing health insights.

9. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete it, and the right to opt out of the sale of personal information. We do not sell personal information.

10. Children's Privacy

Vero is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

11. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you via email and/or in-app notification within 72 hours of becoming aware of the breach, in accordance with applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by email. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

Vero Health, Inc.
privacy@heyvero.ai