Privacy Policy

Last updated: February 17, 2026

1. Introduction

Vero ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital receipt platform and services.

By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Transaction Data

When merchants use our platform, we collect transaction information including:

  • Purchase details (items, prices, timestamps)
  • Merchant information
  • Payment method metadata (not full card numbers)

2.2 Technical Information

We automatically collect certain technical information including:

  • IP addresses
  • Browser type and version
  • Device information
  • Access times and dates

2.3 Email Data (Optional Feature)

If you choose to connect your email account via Google OAuth, we collect the following information:

  • Your Google email address associated with the connected account
  • Email receipt messages from merchants (e.g., order confirmations, purchase receipts, shipping notifications)
  • Metadata from receipt emails, including sender, subject line, date, and transaction amounts

We do not collect or access:

  • Personal emails unrelated to purchase receipts
  • Email drafts, sent messages, or contacts
  • Any email content beyond what is necessary to identify and extract receipt information

Email access is entirely optional. You can use Vero without connecting your email. If you do connect your email, you can disconnect it at any time from your account settings.

3. How We Use Your Information

We use the collected information for the following purposes:

  • To provide and maintain our digital receipt services
  • To encrypt and securely deliver receipts to cardholders
  • To improve and optimize our platform
  • To detect and prevent fraud
  • To comply with legal obligations
  • To communicate with you about our services
  • To match email receipts with your card transactions for a unified receipt history (if you connect your email)
  • To extract and display receipt details from your email for your personal review

If you connect your Google email account, email data is used solely for the purpose of identifying, extracting, and matching purchase receipts to your card transactions. We do not use your email data for advertising, marketing profiling, or any purpose unrelated to providing our receipt management services.

4. End-to-End Encryption

Vero implements end-to-end encryption for all receipt data. This means:

  • Receipt data is encrypted before leaving the merchant's system
  • Only the intended cardholder can decrypt the receipt
  • We cannot access the contents of encrypted receipts
  • No intermediaries, including Vero, can view your purchase details

5. Data Sharing and Disclosure

We do not sell your personal information. We may share information only in the following circumstances:

  • With card issuers to deliver encrypted receipts to your banking app
  • With service providers who assist in operating our platform
  • When required by law or to protect our legal rights
  • In connection with a merger, acquisition, or sale of assets

Google user data obtained through the Gmail API is never sold, transferred to third parties for advertising, transferred to data brokers, or used for any purpose beyond providing Vero's receipt-matching feature to you.

6. Data Retention

We retain encrypted receipt metadata for as long as necessary to provide our services and comply with legal obligations. Encrypted receipt content is stored only as long as required by card issuers and can be deleted upon request.

If you connect your email account, extracted receipt data is retained for as long as your account is active or as needed to provide the receipt-matching service. If you disconnect your email account, we stop accessing new email data immediately. Previously extracted receipt data that has been matched to transactions remains part of your receipt history but no further email data is collected. You may request deletion of all email-derived receipt data at any time by contacting us or through your account settings.

7. Google API Services Usage Disclosure

Vero's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

7.1 What We Access

When you connect your Google account, Vero requests read-only access to your Gmail messages for the sole purpose of identifying and extracting purchase receipt emails. We use the Gmail API with the narrowest scope necessary to provide this feature.

7.2 How We Use Google User Data

Data obtained through Google APIs is used exclusively to:

  • Identify emails that contain purchase receipts or order confirmations
  • Extract transaction details (merchant name, items, amounts, dates) from those receipt emails
  • Match extracted receipt data with your existing card transactions within Vero
  • Display matched receipts in your Vero receipt history

7.3 Limited Use Restrictions

In accordance with Google's Limited Use requirements, Vero:

  • Does not sell Google user data to any third party
  • Does not use Google user data for advertising, including retargeting, personalized ads, or interest-based advertising
  • Does not use Google user data to train generalized or non-personalized artificial intelligence (AI) or machine learning (ML) models
  • Does not allow humans to read your email data unless (a) you have given explicit, affirmative consent for a specific purpose (such as a support request), (b) it is necessary for security purposes (such as investigating abuse), or (c) it is required to comply with applicable law
  • Does not transfer Google user data to any other app or service except as necessary to provide or improve the receipt-matching feature that you see in Vero's interface

7.4 Storage and Security of Google User Data

All data obtained through Google APIs is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to this data within our systems is limited to automated receipt-extraction processes. We conduct regular security audits and follow industry best practices for data protection.

7.5 Revoking Access

You may disconnect your Google account from Vero at any time through your account settings. Upon disconnection, Vero will immediately stop accessing your Gmail data. You may also revoke Vero's access directly from your Google Account permissions page. Previously extracted receipt data that has been matched to your transactions will remain in your Vero account unless you request its deletion.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access to your personal information
  • Correction of inaccurate data
  • Deletion of your data
  • Restriction of processing
  • Data portability
  • Objection to processing
  • Disconnection of connected email accounts at any time
  • Revocation of Google OAuth access through your Google Account security settings

You can disconnect your Google email at any time from your Vero account settings page. When you disconnect, Vero immediately stops accessing your email data. You can also revoke Vero's access directly from your Google Account permissions page.

9. Security

We implement industry-standard security measures to protect your information, including encryption, secure servers, and regular security audits. However, no method of transmission over the internet is 100% secure.

All Google user data is encrypted in transit using TLS and at rest using AES-256 encryption. Access to email data within our systems is restricted to automated processes that extract receipt information. Human employees do not read your email content unless you have provided explicit, affirmative consent for a specific support request.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy, please contact us through the contact information provided on our website.