VeryAIdocs

Privacy Policy

Effective Date: May 12, 2025

This Privacy Policy describes how Veros Inc. ("Veros," "we," "us," or "our") collects, uses, shares, and protects information in connection with the Veros Identity Provider service and all related applications, websites, and APIs (collectively, the "Service"). By using the Service, you acknowledge that you have read and understood this Privacy Policy.

About Our Palm Recognition Service

The Service is built on a palm recognition platform. Users enroll by capturing images of their palm using their device's camera. Our technology analyzes these images and calculates a unique mathematical descriptor, referred to as a "palm model," that represents distinguishing features of the user's palm.

Palm models may constitute sensitive personal data (including biometric data) under applicable data protection laws such as the General Data Protection Regulation (GDPR), the Illinois Biometric Information Privacy Act (BIPA), and the California Consumer Privacy Act (CCPA). We treat palm models with the highest level of protection and process them only with your explicit consent.

About User Service Accounts

User accounts require only minimal personal metadata. Each account is identified by a random, pseudonymous account ID that does not contain personal information.

Our architecture includes an isolated Palm Matching service that stores biometric data (palm models) in a dedicated, encrypted database separate from other account data. This segregation ensures that biometric data cannot be correlated with personal account information without authorized access to both systems.

Information We Collect

Palm Images

Palm images are collected during enrollment and verification. However, palm images are NOT stored after the palm model has been created. Images are processed transiently and deleted immediately upon successful model generation.

Exception: In cases of suspected fraud or security incidents, palm images may be temporarily retained for investigation purposes. Such images are anonymized where possible, subject to strict access controls, reviewed promptly, and deleted after the investigation concludes.

Palm Models

Palm models are encrypted, irreversible mathematical representations derived from palm images. A palm model encodes distinctive features of the palm in a format that cannot be used to reconstruct the original palm image. Palm models are stored in our isolated, encrypted biometric database.

Account ID

Each user is assigned a random, unique account identifier. This ID is pseudonymous and does not contain or reveal any personal information such as name, email, or phone number.

Device Information

We may collect non-personal device information (such as device type, operating system version, and camera capabilities) to optimize the palm scanning experience. This information is collected and used locally on your device and is not transmitted to our servers.

Email Address

Providing an email address is optional. If you choose to provide one, it is used solely for account recovery and important service communications.

Account and Authentication History

We maintain logs of date and time of account creation, authentication events, and other account activities for security, audit, and fraud prevention purposes.

User Control

Your biometric data is processed only with your explicit consent, which you provide during enrollment. You may withdraw consent and delete your biometric data at any time.

The "Erase" function in the application permanently deletes your palm model from our systems. Once erased, the palm model cannot be recovered.

Please note: Deletion of your palm model does not delete records of prior authentication transactions. Transaction records (containing only pseudonymous account IDs, timestamps, and non-biometric metadata) may be retained for up to 3 years for audit, legal, and fraud prevention purposes.

After erasure, you may re-enroll at any time by scanning your palm to generate a new palm model.

Use of Data

We use the data we collect to:

  • Provide, operate, and maintain the Service, including biometric enrollment, verification, and authentication.
  • Enforce our Terms of Use and protect against fraud, abuse, and unauthorized access.
  • Comply with legal obligations and respond to lawful requests from authorities.

We do NOT use your data for:

  • Advertising or targeted marketing.
  • User profiling or behavioral tracking.
  • Sale, rental, or commercial distribution to third parties.

Sharing of Data

When you authorize a third-party application to verify your identity through the Service, the third-party application receives only your pseudonymous account ID and usage metadata (such as verification timestamp and result). Palm models are never shared with third-party applications.

We may also share data with:

  • Contractors and service providers: Trusted parties who assist in operating the Service, bound by contractual confidentiality and data protection obligations.
  • Subsidiaries and affiliates: Entities within the Veros corporate family, subject to the same data protection standards.
  • Legal compliance: When required by law, regulation, legal process, or enforceable governmental request.

Biometric data (palm models) is never sold or rented to any party.

Security

We implement comprehensive physical, organizational, and technical safeguards to protect your data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256+).
  • Storage of palm models in a dedicated, encrypted database isolated from other account data.
  • Role-based access controls and multi-factor authentication for internal systems.
  • Regular security audits, penetration testing, and vulnerability assessments.
  • Privacy-by-design architecture ensuring data minimization at every processing stage.

Data Retention

We retain your biometric data (palm model) until one of the following occurs:

  • You request deletion using the "Erase" function in the application.
  • The Service is terminated or your account is closed.
  • Your account has been inactive for 3 years after your last use of the Service, after which biometric data is automatically deleted.

Non-biometric transaction records may be retained for up to 3 years for audit and legal purposes.

International Users

The Service is operated from the United States. If you access the Service from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States.

For users in the European Union or European Economic Area, international transfers of personal data are conducted with your consent pursuant to GDPR Article 49(1)(a) and, where applicable, with additional safeguards such as Standard Contractual Clauses (SCCs).

Minors

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will take immediate steps to delete such data.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Veros Inc.
Email: legal@veros.org