Vera logoVeraverus, vera(adj) – true, real, well-founded
HomeProfilesField GuideForumBlog♪ SoundsHow it worksTrust ModelFAQ
Share an Idea

Privacy Policy

What we collect, why, and the control you keep over it.

Last updated: July 9, 2026

This Privacy Policy explains how Vera Project LLC ("Vera," "we," "us") handles information when you use the Vera website, the Vera collector agent, and related services (together, the "Service").

We built Vera around a simple idea: prove what actually happened, without surveilling people. This policy is written to be read by a human, not just a lawyer. If anything here is unclear, write to us.

Information we collect

Vera is designed to collect the minimum needed to produce meaningful integrity evidence. The collector agent gathers technical signals about your system, not the content of what you do on it:

  • Software inventory: process names, file paths, and publisher signatures (what software was running).
  • Driver inventory: loaded kernel drivers (software operating at the highest privilege level).
  • Integrity posture: flags such as Secure Boot, HVCI, and test-signing status.
  • System information: hardware and configuration details about the device.
  • Session metadata: when activity occurred and how long it lasted.
  • Device identifiers: identifiers that link sessions to a device.
  • Account and contact data: your email address when you subscribe to updates or sign in by magic link, and, if you connect it, your public YouTube channel information.

What we do NOT collect

Vera is defense, not surveillance. The collector does not capture any of the following:

  • No keystrokes, mouse input, or controller data.
  • No screenshots, screen recordings, or webcam capture.
  • No personal files, documents, or browsing history.
  • No network traffic inspection or packet capture.
  • No memory scanning, code injection, or game modification.

How we use information

We use the information above to: operate and secure the Service; produce the integrity evidence and proofs that are Vera's purpose; link sessions to the correct account and device; send you the emails you ask for (magic-link sign-in and, if you opt in, the dispatch); respond to your messages and requests; and understand and improve how the Service is used.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. There are no advertising trackers in the collector agent or the website.

Cookies and analytics

The website uses Vercel Web Analytics to understand aggregate traffic (for example, which pages are visited). It is a privacy-minded, aggregate measurement tool. The Service also uses cookies or similar storage that are strictly necessary to keep you signed in and to operate core features.

We do not use advertising or cross-site tracking cookies. If you visit from a region that requires opt-in consent for non-essential analytics (such as the EU/UK), we will honor the choices required there.

Website and security logs

To keep the Service secure and available, our servers keep short-lived logs of the requests they receive. As with any web server, this includes the network address a request comes from, the approximate location and network that address belongs to, the browser or client it identifies as, and the pages requested. We use this only to protect Vera: to understand traffic, to detect and investigate abuse or attacks, and to keep the Service running.

This is standard server-side logging of information a request already carries. It sets no advertising cookie and adds no tracking script, and we do not use it to build advertising profiles of you. We keep these logs for a limited time (currently up to 90 days) and then delete them, except where we need to retain something longer to investigate an incident or meet a legal obligation. Where the law requires a legal basis, we rely on our legitimate interest in the security and integrity of the Service.

How we share information

We share information only as needed to run Vera, never with advertisers or data brokers. Specifically:

  • Service providers (sub-processors) who host and run the Service on our behalf: Amazon Web Services (cloud storage and database), Vercel (web hosting and analytics), Resend (authentication and update emails), and Google/YouTube (only if you connect your channel).
  • Public proof you choose to publish: if you make a creator profile public, the sessions, evidence, and proof links on it become visible to anyone. You control this.
  • Legal and safety: when required by law, to enforce our Terms, or to protect the rights, safety, and integrity of people and the Service.
  • Business transfers: if Vera is ever involved in a merger, acquisition, or sale of assets, information may transfer as part of that transaction, subject to this policy.

How visibility works

Vera profiles are public by design. This is a permanent commitment, not a setting you toggle off: a record only proves something if anyone can check it, so the record stays open and inspectable, with no private tier and no per-session privacy. Nothing is hidden within a profile. The limits Vera enforces are on what is collected at all, described above, never on who is allowed to see it.

Data retention

Session data tied to a published, public proof is retained for as long as the proof is meant to remain verifiable, so links don't rot. Authentication tokens are short-lived. When you ask us to delete your account, we delete or de-identify the personal information associated with it, except where we must keep something to meet a legal obligation. Deleting your account is the control you keep over the whole record, in place of hiding individual parts of it.

Your privacy rights

Depending on where you live (for example, California under the CCPA/CPRA, or the EU/UK under the GDPR), you may have the right to access, correct, delete, or receive a copy of your personal information, and to object to or restrict certain processing. We honor these rights regardless of where you live, to the extent we reasonably can.

To make a request, email legal@veraproject.xyz. We will not discriminate against you for exercising your rights, and we aim to respond within the timeframes the law requires.

Children's privacy

Vera is a general-audience service and is not directed to children. You must be at least 13 years old to use it. We do not knowingly collect personal information from children under 13.

If you believe a child under 13 has provided us personal information, contact legal@veraproject.xyz and we will delete it. If you are between 13 and the age of majority where you live, please use Vera with a parent or guardian's involvement.

Security

We use technical and organizational measures to protect information, including least-privilege access and encrypted transport. No system is perfectly secure, but we work to keep Vera worthy of the trust its name implies. See our Security page for more detail.

International users

Vera is operated from the United States and information is processed there. If you use Vera from outside the U.S., you understand your information will be transferred to and processed in the U.S., where data-protection laws may differ from those in your country.

Changes to this policy

We may update this policy as Vera evolves. When we make material changes, we will update the date below and, where appropriate, give additional notice. Continuing to use Vera after a change means you accept the updated policy.

Contact us

Vera Project LLC. Questions, requests, or concerns about privacy go to legal@veraproject.xyz.

This page is provided for general information and to describe how Vera operates. It is not legal advice.

← Privacy overviewTerms of Service →
Vera

Independent proof of what actually happened during digital competition.

The dispatch. New writing, only when it's worth your time.
ConnectDiscordYouTubeInstagramSubstack
ProfilesField GuideSide by SideBlogHow it worksTrust ModelResearchFAQShare an Idea
© 2026 Vera Project LLC
PrivacyTerms
Proof, not reputation.
Family-built. Parents belong here — registered, not worked around.