Legal · Privacy Policy

Veris Privacy Policy

Effective date: May 21, 2026 Last updated: May 21, 2026

References to “Veris” below mean the Veris platform operated by Artemyx Labs.

1. Introduction

Veris is a longitudinal health intelligence platform owned and operated by Artemyx Labs. This Privacy Policy explains what data Veris collects about you, how Veris uses that data, who Veris shares it with, and the choices you have about your data.

Veris is not a covered entity under HIPAA and not a medical or healthcare service. Veris is a wellness and personal-data platform. Veris does not provide medical advice, diagnosis, or treatment. The information Veris’s AI agent and dashboards provide is for informational purposes only and is not a substitute for professional medical advice. Always consult a qualified healthcare provider for medical decisions.

If you do not agree with this Privacy Policy, do not use Veris.

2. What we collect

2.1 Information you give us directly

Account information. Email address, password (stored as a salted hash, never in plaintext), name, age, biological sex, and any profile data you choose to enter.
Health and fitness data you log or enter manually. This includes (but is not limited to) workout records, strength performance (1RMs, PRs), aerobic test results, race results, body composition measurements, subjective wellness ratings, training notes, goals, and any other observations you type into Veris or describe to its AI agent.
Files you upload. Lab reports (PDFs, images), workout photos, screenshots, progress photos, and other artifacts you choose to upload. The contents of these files are extracted and stored as structured observations in your profile, alongside the original file.
Conversations with the AI agent. All messages you send to the AI agent, all messages it sends back to you, and any structured data it proposes to write on your behalf (which you confirm, edit, or discard).
Payment information. If and when Veris charges for services, payment information is processed by a third-party payment processor (Stripe). Veris does not store your full credit card number or banking information.

2.2 Information we collect automatically

Usage data. Pages you visit within Veris, features you use, time of access, device type, browser type. We use this to improve the product.
Technical data. IP address (collected for security purposes; not used to track you), browser fingerprint (limited; no advertising trackers), session identifiers.
Error logs. When the app encounters an error, we log details (which page, what action, what error type) to debug. These logs may include your account identifier so we can correlate the error with your session.

2.3 Information from third parties (with your consent)

When you connect a third-party data source through Veris’s connections feature, we receive data from that source on your behalf. This may include: - Wearable device data (e.g., from WHOOP, Oura, Garmin, Apple Health) routed through Terra, our data aggregator: heart rate, sleep stages, HRV, training load, recovery scores, activity data. - Nutrition tracking data (e.g., from MyFitnessPal, Cronometer) routed through Terra: daily calorie totals, macronutrients, micronutrients, meal events. - Other connected services as we add them: rowing logbooks, race results from event organizers, etc.

You control which connections are active. You can connect, disconnect, or revoke access at any time in Settings. Disconnecting a service stops new data from coming in but does not automatically delete data we have already received from that service. To delete that data, use the data-deletion options described in Section 7.

3. How we use your data

3.1 To provide Veris’s core service

Your data is used to: - Display your health and fitness data back to you (Profile, Home, dashboards) - Compute scores, percentiles, and insights based on your data - Power the AI agent’s responses to your questions and its proactive observations - Allow the AI agent to write structured observations on your behalf, with your confirmation - Compare your data to anonymized cohort statistics (e.g., “78th percentile vs. men 35-40”) - Track program adherence if you are enrolled in a coaching program

3.2 To improve Veris

Your data may be used in anonymized and aggregated form to: - Improve cohort statistics and reference ranges (so future users get more accurate percentile comparisons) - Train and improve the AI agent’s responses (only with your explicit consent — see Section 4) - Identify product issues and improvements

Aggregated and anonymized data cannot be re-identified to you.

3.3 To communicate with you

We may use your email address to: - Send account-related messages (password resets, security alerts) - Send product updates relevant to your subscription (when major features change) - Respond to feedback and support requests - Send marketing emails only if you opt in (you can opt out at any time)

3.4 To comply with legal obligations

We may use your data to: - Comply with applicable laws and regulations - Respond to lawful requests from public authorities - Defend legal rights and prevent fraud or abuse

4. The four consent scopes

Veris’s data handling is structured around four explicit consent scopes you control. You can grant or revoke each independently in Settings → Privacy. Granting these scopes is required to use Veris meaningfully:

Data storage. Permission to store your observations in our database. Without this, Veris cannot function. Revoking this consent triggers full deletion of your data.
Agent access. Permission for the AI agent to read your observations and propose insights. Without this, the agent will not have access to your health data and will only respond to general questions.
Coach visibility. Permission for a Cerus coach (a human professional) assigned to you, if any, to see your data. Without this, no human at Artemyx Labs or Cerus can see your data without an explicit, audited request from you.
Anonymous benchmarks. Permission to include your data, anonymized and aggregated, in cohort statistics that improve Veris for all users. Without this, your data is excluded from cohort calculations. (Your individual data is never visible to other users in any form.)

Default settings on signup: data storage and agent access are required. Coach visibility and anonymous benchmarks default to “off” until you choose.

5. Who we share your data with

5.1 Service providers (under contract)

We use trusted third-party services that process your data on our behalf, under written agreements requiring them to handle your data securely and only as we direct. These include:

Anthropic, Inc. — Provides the Claude AI model that powers Veris’s agent. When you converse with the agent or when the agent processes uploads (lab PDFs, screenshots, photos), the relevant content is sent to Anthropic’s API. Anthropic’s privacy policy applies to that processing. Anthropic does not train its models on Veris user data per its commercial terms.
Supabase (operated by Supabase Inc.) — Hosts our database, file storage, and authentication. Your account credentials and observation data are stored on Supabase’s infrastructure.
Amazon Web Services (AWS) — Hosts our backend services and uploaded files. Your uploaded artifacts (lab PDFs, photos) are stored in AWS S3.
Cloudflare — Hosts the Veris frontend and provides content delivery, DNS, and security services.
Terra — Aggregates data from third-party fitness apps and wearables you choose to connect. Terra’s privacy policy applies to data flowing through them.
Stripe — Processes payments if you subscribe to a paid Veris plan. Stripe’s privacy policy applies to your payment information.

We do not sell your data. We do not share your individual data with advertisers or marketers. We do not allow our service providers to use your data for purposes beyond providing services to Veris.

5.2 Cerus coaches (with your explicit consent)

If you have granted “coach visibility” consent and are paired with a Cerus coach, that coach can see your data within Veris’s coach interface. Coaches are bound by professional confidentiality. You can revoke coach visibility consent at any time, immediately removing the coach’s access.

5.3 Legal requirements

We may disclose your data if required by law, subpoena, or other legal process; to protect the rights, property, or safety of Veris, our users, or others; or in connection with a merger, acquisition, or sale of assets (in which case, you will be notified before your data is transferred and given the opportunity to delete your account).

5.4 With your consent for specific purposes

We may share your data with third parties for purposes you specifically consent to (e.g., participating in research, sharing data with a healthcare provider you nominate). Any such sharing requires explicit, granular consent — not buried in a checkbox.

6. Data security

We protect your data using: - Encryption in transit (TLS for all connections to and from Veris) - Encryption at rest (Supabase storage, AWS S3, all use encryption at rest) - Strong password hashing (bcrypt or equivalent; no plaintext storage) - Access controls (only authorized personnel at Artemyx Labs can access production systems, with audit logs) - Row-level security policies (your data is isolated from other users at the database level) - Audit logging for any agent-initiated writes to your profile

No system is perfectly secure. If we discover a breach affecting your data, we will notify you in accordance with applicable law.

7. Your rights and choices

You have the following rights regarding your data:

7.1 Access

You can view all data Veris has stored about you within the app’s Profile, Settings, and Data sections. You can request a complete data export in machine-readable format (JSON archive) via Settings → Data → Export.

7.2 Correction

You can correct or update most data directly in the app (your profile information, observations you’ve entered). For data you cannot edit directly (e.g., system-generated logs), contact us at hello@verisfit.com.

7.3 Deletion

You can delete your account from Settings → Data → Delete Account. Account deletion follows our tiered deletion model:

Immediate (within 24 hours): Your authentication credentials are disabled. Personally identifiable information (name, email, profile, contact details) is purged from our active database. Your uploaded files (lab PDFs, photos, screenshots) are hard-deleted from AWS S3.
Within 30 days: All data linked to you is deleted from our active systems and from backups (within the rolling backup window).
Retained indefinitely (in anonymized form): Your individual observation data, stripped of all identifying information, may be retained for cohort statistics and product improvement. This anonymized data cannot be linked back to you.

If you do not want anonymized data retained, contact us at hello@verisfit.com within 30 days of account deletion. We will purge anonymized data records associated with your former account on request, subject to legal retention requirements.

7.4 Restricting and revoking consent

You can revoke any of the four consent scopes (Section 4) at any time in Settings → Privacy. Revoking consent does not retroactively undo data processing that occurred while consent was active, but it stops future processing under that scope.

7.5 Objecting to processing

You can object to specific uses of your data (e.g., inclusion in anonymous benchmarks) by toggling consents in Settings, or by contacting us at hello@verisfit.com for processing not covered by the consent scopes.

7.6 Data portability

Your data export (Section 7.1) is in JSON format suitable for porting to another service. Veris does not currently integrate with other consumer health platforms for direct data transfer; manual import to another service may require their support.

7.7 Lodging a complaint

If you believe we have mishandled your data, you may contact us first at hello@verisfit.com. If you are not satisfied with our response, you may have the right to lodge a complaint with a data protection authority in your jurisdiction (e.g., the ICO in the UK, your state Attorney General’s office in the US).

8. Children

Veris is not intended for use by anyone under 18. We do not knowingly collect data from anyone under 18. If you believe a minor has provided us data, contact us at hello@verisfit.com and we will delete it promptly.

9. International data transfers

Veris’s primary infrastructure is hosted in the United States (AWS us-west-2; Supabase us-west-1). If you access Veris from outside the United States, your data will be transferred to and processed in the United States. By using Veris, you consent to this transfer.

For users in jurisdictions with specific data-transfer requirements (e.g., the European Economic Area, the United Kingdom): we rely on Standard Contractual Clauses or other approved transfer mechanisms with our service providers. Contact us for details.

10. AI and automated decision-making

Veris’s AI agent makes recommendations and surfaces patterns based on your data. These recommendations are advisory only and do not produce legal effects on you. You can override, ignore, or dispute any agent recommendation. The agent does not autonomously make decisions that affect your finances, healthcare, or legal status.

The agent may write structured observations to your profile, but only with your explicit confirmation for each one. You can edit or discard any agent-proposed observation before it is written.

11. Changes to this policy

We may update this Privacy Policy as Veris evolves. When we make material changes, we will: - Update the “Last updated” date at the top of this page - Notify you by email if you have an active account - For substantial changes affecting how we handle data, request re-consent before continuing to use your data under the new terms

You can review prior versions of this policy on request to hello@verisfit.com.

12. Contact us

For privacy questions, requests, or complaints:

Email: hello@verisfit.com

For urgent security issues: security@verisfit.com

If any provision of this policy is found to conflict with applicable law, that provision is severable and the remainder of the policy continues in effect.