vericveric
Preview — awaiting legal review. This document is a working draft. Executed terms are available on request for customers on paid plans. Email legal@veric.dev with questions.

Privacy policy

Effective date: 2026-01-01. Last revised: 2026-04-20.

What we collect

  • Account data. Name, email, workspace name, role, authentication events.
  • Service data. Findings produced by the analyzer (SQL fragments, lineage paths, rule metadata). No warehouse row values.
  • Operational telemetry. Anonymous CLI invocation counts, error traces, and feature-flag state. See the CLI’s telemetry off command.
  • Billing data. Held by Stripe; we retain customer IDs and invoice metadata.

How we use it

To operate the service, improve detections, send transactional emails, and meet legal obligations. We do not sell personal data.

Sharing

We share data only with the subprocessors listed on /legal/subprocessors. Each subprocessor is bound by a data processing agreement with Veric.

Retention

Findings retention matches your plan’s configured window (14, 90, or 365 days). Account data is retained for the life of the account plus 30 days after deletion.

Your rights

You may access, correct, or delete your personal data by emailing privacy@veric.dev. EU/UK residents may lodge complaints with their supervisory authority.

Security

Data in transit uses TLS 1.2+. Data at rest is encrypted with Azure platform-managed keys. Access is limited to named engineers on the on-call rotation.

Contact

Data protection officer: privacy@veric.dev.