Terms and ConditionsPrivacy PolicyPartner Terms and Conditions

Privacy Policy

This policy outlines how we process your data across the Veri platform, website, and services. By using Veri, you agree to these terms. Last updated: February 2024

If you have any questions regarding your data processing, access, or data erasure, you can reach out to our Data Protection Officer at dpo@veri.co

The controller for all personal data at Veri is Human Engineering Health Oy (business ID: 3115245-3) The address of the controller is Kaikukatu 4 C, 00530 Helsinki, Finland. Please note that our US subsidiary Human Engineering Inc. or a party nominated by it shall also act as a controller for the personal data of our US-based data subjects.

Data Collection

What data do we collect and why

We use data to provide you with and improve Veri’s services, namely the Veri App. We also use customer data to enable payment processing, and for marketing purposes by sending offers and guidance to our customers and persons interested in our products and services.

Default data is information we need in order to provide the service to you.

Optional data is the information needed to provide the best possible usage experience of the Veri app, or it can be information we collect to improve our service and product and its usability or send you tailored messaging. Some features might not work as intended without certain optional data (for example, you need to add food into the Veri app for the meal logging to work).

In multiple cases, we de-identify the collected data when possible. De-identifying means removing or masking the personal identifier so that someone’s identity cannot be revealed. The technical solutions of de-identifying vary between our use cases from pseudonymization to anonymisation.

Account information

  • When you purchase Veri products and services through our website, we collect your name, email, phone number, billing, and shipping address.
  • We also collect your payment details. In countries where it is required, we will also collect your date of birth to determine your eligibility to receive the CGMs.
  • This information is required for account creation, payment, and for us to ship our products to you.

(US) Medical consult questionnaire

  • In the US, when purchasing Veri, our telemedicine partner needs to collect information about your health to determine your eligibility to receive the CGMs. This data is processed in compliance with Veri’s obligations as a HIPAA Business Associate.
  • This information is required in the US to receive the CGMs and for us to fulfill our service.

App information - General

  • When you use the Veri app, you can log the following data: meals, activities, notes, sleep, and meal pictures. You can also add your date of birth, personal goals, and dietary information.
  • You can import data from 3rd parties such as Apple Health, Google Fit, Oura, or Fitbit.
  • This data is optional, and it is used to enhance your product experience. Some features might require your data to work as intended. After de-identification, we might use this data to improve our product, for example by training our algorithms and understanding our customer base for product development.
  • Veri also has features such as automated tutorials and reminders which require the app to collect event logs of app usage to function properly. This data is default data as it is required to provide our service.

App information - Health

  • For Veri to work, we need to collect glucose data from your CGM via the manufacturer’s software. This data transfer is subject to the manufacturer’s privacy policy. We use the glucose data and its derivatives to create metrics and scores that are based on glucose (for example Metabolic Healthspan).
  • When you use the Veri app, you can also log your height, weight, BMI, and heart rate.
  • This data is used to provide the Veri app experience, which is mainly based on glucose data. Other health data is optional and they are used to enhance the product experience. After de-identification, we might use this data to improve our product, for example by training our algorithms and understanding our customer base for product development.

Analytics and Marketing

  • If you wish to help our product development and improve our understanding of our customer base, you can opt-in to share detailed de-identified event logs of the usage of our service, such as how often a certain feature is being used.
  • You can also opt-in for sharing your optional general app information such as your birthday for us to send you targeted marketing and discounts.
  • We collect event logs also on our website, which are optional and you can opt-in to them by accepting cookies.
  • We collect Veri app crash reports and error logs to provide high-quality service for everyone and improve the quality of our service. This data is default data as it is required for us to provide our service to our customers.

Communication

  • We may store support conversations, feedback, or emails you have sent us.
  • If you participate in customer interviews, our team will always ask for your consent before recording the conversation.
  • If you give us in-app feedback about our features, we might also store some de-identified app information, such as how long have you used a certain feature. This is used for analysis and product development.

Where do we collect data

We collect personal data related to Veri in the Veri app, through 3rd parties where the customer has chosen to share their data (i.e. Google Fit, Apple Health, Oura), on our website, and on the Coaching Dashboard available to our Partners and their clients.

Data storage

We retain your data as long as is necessary for us to fulfill the purpose for which the data is collected. Your default personal data shall be stored for a maximum of five years after you stop using Veri. Personal data shall be processed as long as we have the legal obligation to process the data. Your personal data processed on the basis of consent will be processed for as long as you give us your consent to do so.

Data processors

We may transfer your personal data to third-party service providers to for example provide our app service, communicate with you, manage your subscription, or handle payments and shipping. We always transfer as little data as possible and have adequate personal data processing agreements and safeguards in place with each 3rd party we use.

3rd party services used in the Veri app and services

  • Cloud infrastructure, automation, data storage: AWS, Google (Cloud & Firebase), Zapier, Vercel
  • Telemedicine partners: Truepill, Foundation Health, OpenLoop
  • Order fulfillment: Health Warehouse, OGOShip, Phlo
  • Payments & subscription management: Stripe, Chargebee, RevenueCat
  • Glucose data: Abbott
  • App analytics, Feedback collection: Mixpanel
  • AI photo recognition and analytics: OpenAI, Google
  • Internal service development: Google (Drive), Slack, Notion
  • Communication, Support: Intercom, CustomerIO, Circle, Google (Gmail)
  • Customer interviews: Otter.ai, Typeform, Calendly
  • Web analytics: Hotjar, Facebook Pixel, Google Analytics, Captiv8, IPGeolocation, Vercel
  • Marketing analytics: Trevor, Stitch, Paved

Transfers outside the EU/EEA

Veri App’s servers are located in Paris, France. Where we process your personal data to provide and improve the Veri App or analyze usage data, we may transfer personal data to the US. When processing personal data outside the EU/EEA, we ensure an adequate level of data protection, for example through standard contractual clauses and other similar arrangements.

Data export and deletion

You can export your glucose-, meal-, and exercise data from the Veri app Settings.

You can export past invoices in our membership management portal, where you can also view your payment history and shipping details.

You can also choose to delete your Veri account within the Veri app, however, this does not destroy your logged data with us. It also does not remove any active subscriptions. You’ll need to either cancel your subscription separately or ask our team to help with the cancellation by emailing care@veri.co.

At your request, we can de-identify your account in our membership platform, however, we cannot remove past payment and order data as it is stored for fraud prevention and compliance reasons. We also cannot remove your data from any 3rd party platforms we use, you might have to reach out to these providers separately.

Data protection

How we secure your data

We value your privacy. We value security.

Your App information is stored in secure databases hosted by well-established third parties. The data is encrypted as rest using the industry standard AES-256 encryption algorithm. The third parties do not have access or permission to use your personal information, except for necessary cloud storage or retrieval activities.

The secure databases have also been configured so that our employees cannot directly see or access your stored personal app information. To improve our product further, develop our algorithm, and understand our customer base, we de-identify the information to ensure your privacy stays intact.

All our employees who may interact with your personal information, such as your shipping address information or your messages to our customer support, have gone through both annual GDPR and HIPAA training.

GDPR

In the EU and UK, we follow GDPR principles and are fully GDPR compliant.

Under GDPR regulations, customers in the EU & UK have the following rights:

  • Right to inspect: You can ask which data we hold of you
  • Right to rectify: You can correct us if you find any mistakes in the data we hold
  • Right to erasure: You can ask us to delete the data we have of you, to the extent we are able to do so
  • Right to restriction of processing: You can ask us to stop processing your data
  • Right to data portability: You can ask for your data
  • Right to object: You can object to the way we use your data

You can contact our Data Protection officer with any questions, access, removal or other GDPR-related matters at dpo@veri.co.

In addition, you have the right to make a complaint with the data protection authorities if you think the processing of your data infringes data protection laws.

HIPAA

Veri is considered a Business Associate as defined under the Health Insurance Portability and Accountability Act (HIPAA) to our independent pharmacy and fulfillment network partners with respect to the information you provide in the medical consult form. We treat all personal health information (PHI) collected in the medical consult process in compliance with our Business Associate Agreements with our Covered-Entity partners.

Veri is not intended for medical use and does not provide medical care, and is thus not a Covered Entity under HIPAA. Regardless, all glucose data is transferred in encrypted form and stored securely. The access to all data is strictly limited. Veri maintains access logs to all data to ensure compliance with HIPAA. We utilize Safe Harbor de-identification methods.

Corporate customers and Business partner relationships

Personal data is processed to maintain our relationships with our business partners.

Category of data subjects: Representatives of corporate business partners and individual business partners.

Categories of personal data: Basic information and contact details.

Legal basis for processing: Performance of our contractual obligations or consent.

Recruiting

Your personal data is processed to carry out recruiting if you choose to apply for a job at Veri.

We will collect and store your contact details, CV data, any videos and pictures, bank data and possibly other data disclosed to us by you.

We have legitimate interests, according to which we carry out our recruiting. Our interests are in line with those of the job applicants, as they expect us to process their data for recruiting purposes.

NB! You have a right to object data processing for these purposes.

Amendments

We have a unilateral right to modify this privacy notice. We modify the privacy notice whenever necessary, for example in the case of changing legislation. The modifications take effect immediately when we post an up-to-date version of this privacy notice to our website.

If we make significant changes to the privacy notice, or if there is a significant change in the way it is used, we will notify the data subjects.