Privacy Policy
Effective Date: October 30, 2025
Last Updated: October 30, 2025
Introduction
Welcome to Vera Tech Assist ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our AI-powered technical documentation assistant platform.
By using Vera Tech Assist, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.
1. Information We Collect
1.1 Personal Information You Provide
When you create an account and use our service, we collect:
Account Information:
- Username (unique identifier)
- Email address
- Company name
- Password (stored using industry-standard scrypt hashing with salt; never stored in plain text)
Uploaded Content:
- PDF documents you upload
- Document filenames
- Document metadata (file size, upload date, document type)
- Text content extracted from your PDFs
Usage Data:
- Chat conversations (your questions and our AI-generated responses)
- Chat titles and conversation history
- Citations and sources used in responses
- Feedback you provide (ratings, payment willingness, feature requests)
1.2 Automatically Collected Information
Session Data:
- Login timestamps
- Session IDs and expiration data
- IP addresses (via session management)
Analytics Data:
- User behavior and interaction patterns
- Feature usage statistics
- Device and browser information (collected via Mixpanel)
2. How We Use Your Information
We use the collected information for the following purposes:
Service Delivery:
- Authenticate your account and manage sessions
- Process and search your uploaded documents
- Generate AI-powered responses to your technical questions
- Provide multi-turn conversational assistance
Service Improvement:
- Analyze usage patterns to improve our features
- Monitor system performance and troubleshoot issues
- Understand user needs and develop new capabilities
Communication:
- Send service-related notifications
- Respond to your inquiries and support requests
- Notify you of changes to our service or policies
Security:
- Detect and prevent fraud, abuse, and security incidents
- Enforce our Terms of Service
3. Third-Party Service Providers
We share certain data with trusted third-party service providers to deliver our service. Below is a detailed breakdown:
3.1 Mixpanel (Analytics)
Purpose: User behavior analytics and product usage tracking
Data Shared:
- User ID (numeric identifier)
- Email address
- Username
- Event data (login, registration, chat creation, document uploads)
- Document filenames, file types, file count, and file size
- Chat IDs (as "trace_id")
Privacy Policy: https://mixpanel.com/legal/privacy-policy/
3.2 Anthropic (Claude AI)
Purpose: Generate intelligent responses to your technical questions
Data Shared:
- Your questions and conversation history
- Document content chunks relevant to your query
- NOT shared: User IDs, email addresses, usernames, or company names
Privacy Policy: https://www.anthropic.com/legal/privacy
3.3 Pinecone (Vector Database)
Purpose: Semantic search and document retrieval
Data Shared:
- User ID (for multi-tenant data isolation)
- Document filenames
- Document content chunks (embedded as vectors)
- Document metadata (type, section titles, chapter information)
- NOT shared: Email addresses, usernames, or company names
Privacy Policy: https://www.pinecone.io/privacy/
3.4 Voyage AI (Embeddings)
Purpose: Generate vector embeddings for semantic search
Data Shared:
- Document content text (chunks)
- Your search queries
- NOT shared: User IDs, email addresses, usernames, or any identifying information
Privacy Policy: https://www.voyageai.com/privacy-policy
3.5 Microsoft Azure (Document Intelligence)
Purpose: Extract text, tables, and structure from PDF documents
Data Shared:
- PDF file content (binary data)
- NOT shared: User IDs, email addresses, usernames, or filenames
Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement
3.6 Neon (PostgreSQL Database Hosting)
Purpose: Store and manage application data
Data Shared:
- All data stored in our database (user accounts, documents, chats, feedback)
Privacy Policy: https://neon.tech/privacy-policy
3.7 Replit (Application Hosting & Object Storage)
Purpose: Host and run our application infrastructure, provide object storage for public assets
Data Shared:
- Application code and configuration
- Server logs and performance metrics
- All data processed by our application
- Public assets stored via Replit's object storage integration (Google Cloud Storage backend)
Privacy Policy: https://replit.com/site/privacy
Note: Object storage integration uses Google Cloud Storage as the backend provider. Data stored in object storage follows Google Cloud's data protection standards.
4. Data Storage and Security
4.1 Data Storage Locations
- Primary Database: PostgreSQL hosted by Neon (cloud-based, persistent across deployments)
- Document Files (PDFs): Stored on local disk within Replit's container infrastructure
- Public Assets: Stored in Replit's object storage (Google Cloud Storage backend)
- Vector Embeddings: Stored in Pinecone's cloud infrastructure
- Session Data: Stored in PostgreSQL via connect-pg-simple
4.2 Security Measures
We implement industry-standard security practices to protect your data:
- Password Security: All passwords are hashed using Node.js crypto.scrypt with 16-byte random salt and 64-byte key derivation (never stored in plain text)
- Session Security: Sessions use httpOnly cookies with strict same-site policies, 7-day expiration
- Transport Encryption: HTTPS/TLS enforced by Replit hosting infrastructure for all data transmission
- Access Control: Multi-tenant data isolation ensures users can only access their own data (enforced at database query level)
- File Validation: Multi-layer security validation for uploaded PDFs (MIME type check, magic byte verification, file size limits)
- Database Security: Secure connection to PostgreSQL via DATABASE_URL environment variable with Neon's enterprise-grade security
- Resource Enumeration Prevention: Ownership verification returns 404 (not 403) for unauthorized access attempts
4.3 Data Retention
- Account Data: Retained while your account is active
- Documents & Chats: Retained until you delete them or close your account
- Analytics Data: Retained according to Mixpanel's retention policies
- Session Data: Automatically expired after 7 days of inactivity
5. Your Rights and Choices
Depending on your location, you may have the following rights:
5.1 Access and Portability
- Right to Access: Request a copy of the personal data we hold about you
- Data Portability: Receive your data in a structured, machine-readable format
5.2 Correction and Deletion
- Right to Correct: Update or correct inaccurate personal information
- Right to Delete: Request deletion of your personal data (subject to legal retention requirements)
- Account Deletion: Close your account and request removal of your data
5.3 Restriction and Objection
- Right to Restrict: Limit how we process your data
- Right to Object: Object to processing based on legitimate interests
5.4 Withdraw Consent
You may withdraw consent for data processing at any time by closing your account
5.5 How to Exercise Your Rights
To exercise these rights, please contact us at:
We will respond to your request within 30 days.
6. Cookies and Tracking Technologies
We use the following technologies:
- Session Cookies: Essential for authentication and session management (httpOnly, secure)
- Analytics Cookies: Mixpanel tracking for usage analytics and product improvements
- Local Storage: Store user preferences (theme, onboarding status)
You can disable cookies in your browser settings, but this may limit functionality.
7. Children's Privacy
Vera Tech Assist is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
8. International Data Transfers
Your data may be processed and stored in countries outside your country of residence, including the United States. These countries may have different data protection laws. By using our service, you consent to such transfers.
We ensure appropriate safeguards are in place when transferring data internationally.
9. Data Breach Notification
In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of discovery.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date at the top
- Sending an email notification (for significant changes)
Your continued use of the service after changes constitutes acceptance of the updated policy.
11. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process personal data based on:
- Contractual Necessity: To provide our service as agreed in our Terms of Service
- Legitimate Interests: To improve our service, prevent fraud, and ensure security
- Consent: For analytics and marketing (where required)
- Legal Obligations: To comply with applicable laws
12. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request details about the categories and specific pieces of personal information we collect
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell personal data)
- Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights
To exercise these rights, contact us at: else@vera-field.com
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Email: else@vera-field.com
Company: Vera Tech Assist
Address: Rollbergstraße 28A, 12053 Berlin, Germany
14. Data Processing Agreement (For Enterprise Customers)
For enterprise customers requiring a Data Processing Agreement (DPA) to comply with GDPR Article 28 or similar regulations, please contact us at: else@vera-field.com
Appendix: Summary of Third-Party Data Sharing
| Service Provider | Data Shared | Purpose |
|---|---|---|
| Mixpanel | User ID, email, username, event data, document filenames | Analytics |
| Anthropic (Claude) | Questions, conversation history, document content | AI responses |
| Pinecone | User ID, document filenames, content chunks | Vector search |
| Voyage AI | Document text, search queries | Embeddings |
| Azure | PDF file content | Document parsing |
| Neon | All application data | Database hosting |
| Replit + GCS | All application data, public assets | Application & object storage hosting |
By using Vera Tech Assist, you acknowledge that you have read and understood this Privacy Policy.