Privacy Policy
Effective Date: January 1, 2024 | Last Updated: April 29, 2026
1. Introduction
Ainur B.V. ("we", "us", "our", or "Verus") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Verus platform and services.
This policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Dutch Uitvoeringswet Algemene Verordening Gegevensbescherming (UAVG), and other applicable data protection laws.
2. Data Controller Information
Ainur B.V.
Posthoornstraat 17
3011WD Rotterdam
Netherlands
Email: support@tryverus.com
KvK Number: 92327516
3. Data We Collect
3.1 Information You Provide
- Account Information: Name, email address, company name, job title
- Profile Data: Company website, industry, business goals, target markets
- Payment Information: Billing address, payment method details (processed by Stripe)
- Communications: Support requests, feedback, survey responses
- User Content: Prompts, queries, competitor information, and other data you input
3.2 Information We Collect Automatically
- Usage Data: Features used, queries made, reports generated, interaction patterns
- Device Information: IP address, browser type, operating system, device identifiers
- Log Data: Access times, pages viewed, app crashes, system activity
- Cookies and Tracking: Session cookies, preferences, authentication tokens
- Analytics Data: Performance metrics, feature adoption, user journey data
3.3 Information from Third Parties
- Authentication Providers: Profile information from WorkOS/SSO providers
- Payment Processors: Transaction confirmations from Stripe
- Public Sources: Publicly available business information for analysis
- AI Platforms: Response data from integrated AI services
4. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract Performance: To provide the services you've subscribed to
- Legitimate Interests: To improve our services, ensure security, and prevent fraud
- Legal Obligations: To comply with tax, accounting, and other legal requirements
- Consent: For marketing communications and certain cookies (you can withdraw consent anytime)
- Vital Interests: In rare cases where processing is necessary to protect someone's life
5. How We Use Your Data
5.1 Service Provision
- Execute AI queries and generate insights
- Analyze brand visibility and competitive positioning
- Process prompt executions across AI platforms
- Generate reports and analytics
- Manage your account and workspace
- Process payments and manage subscriptions
5.2 Communication
- Send service updates and important notifications
- Respond to support requests and inquiries
- Provide onboarding and training materials
- Send marketing communications (with consent)
5.3 Improvement and Development
- Analyze usage patterns to improve features
- Conduct research and development
- Test new functionalities
- Optimize performance and user experience
5.4 Legal and Security
- Prevent fraud and abuse
- Ensure platform security
- Comply with legal obligations
- Enforce our Terms of Service
6. Data Sharing and Disclosure
We share your data only in the following circumstances:
6.1 Service Providers (Sub-processors)
We engage trusted third-party service providers ("sub-processors") to help us deliver the Verus platform. These sub-processors are bound by data processing terms that require them to protect your data and process it only on our instructions.
The current list of our sub-processors:
| Sub-processor | Purpose | Processing region |
|---|---|---|
| Google Cloud Platform | Application and database hosting; object storage for generated assets | europe-west1 (EU) |
| Amazon Web Services (Bedrock) | LLM inference infrastructure for Anthropic Claude models | eu-central-1 (EU) |
| Anthropic | Claude language models (primary agent + content generation), accessed via AWS Bedrock, Google Vertex AI, and the Anthropic API | EU (Bedrock / Vertex EU regions); US (direct Anthropic API fallback) |
| Google (Gemini API, Vertex AI) | Fallback language models, multimodal analysis, image-understanding tooling | US / EU (depending on Vertex region) |
| OpenAI | Supplemental language and image models for specific agent tools | US |
| WorkOS | Authentication, SSO/SAML, identity management | US |
| Stripe | Payment processing and subscription billing | US / EU |
| Resend | Transactional email (invitations, receipts, security notifications) | EU |
| Sentry | Error tracking and observability (stack traces and request metadata; no user content) | US |
| PostHog | Product analytics for the Verus web application (own usage telemetry) | EU (eu.i.posthog.com) |
| Exa | Semantic web search and grounding for the content/research workflows | US |
| Firecrawl (Mendable) | Web page crawling and content extraction with JavaScript rendering | US |
| Runware | AI image and video generation (Flux, Imagen, Recraft, Leonardo, Seedance, Veo, Kling models) | US |
| Browserbase | Headless browser automation for agent web-research tasks | US |
| E2B | Sandboxed code execution environment for agent code-interpreter tasks | US |
| Pipedream | Integration platform used to broker customer-authorised third-party API connections | US |
| Redis Cloud / Upstash | Job queue (BullMQ) and ephemeral caching | EU (matches application region) |
This list does not include third-party services that you yourself connect through the Verus integrations dashboard (for example Google Ads, Meta Ads, Shopify, HubSpot, Slack, your CMS, etc.). Those are data destinations under your direct control, not Verus sub-processors. Data flows to and from them only at your explicit OAuth direction, governed by each provider's own terms.
Where you have a Data Processing Agreement (DPA) with us, we will notify you of material changes to this list in accordance with that DPA. For a DPA or for any questions about a specific sub-processor, contact support@tryverus.com.
6.2 Legal Requirements
We may disclose data when required by law, court order, or governmental request, or when necessary to protect our rights, property, or safety.
6.3 Business Transfers
In case of merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections.
6.4 Consent
We may share data with your explicit consent or at your direction.
6.5 Google API Services Limited Use Disclosure
Verus's use of information received from Google APIs, and its transfer to any other app, will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.
We do not use data received from Google Workspace APIs to develop, improve, or train generalized AI and/or ML models.
7. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:
- EU-approved Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Binding Corporate Rules where applicable
- Your explicit consent for specific transfers
8. Data Retention
We retain your data for as long as necessary to provide our services and comply with legal obligations:
- Account Data: Duration of account plus 30 days after deletion
- Usage Data: 24 months for analytics purposes
- Financial Records: 7 years as required by Dutch tax law
- Marketing Data: Until consent is withdrawn
- Legal Claims: As needed for statute of limitations periods
- Backups: Maximum 90 days in backup systems
9. Your Rights Under GDPR
As a data subject, you have the following rights:
9.1 Access Right
Request a copy of your personal data we hold and information about how we process it.
9.2 Rectification Right
Request correction of inaccurate or incomplete personal data.
9.3 Erasure Right ("Right to be Forgotten")
Request deletion of your personal data under certain circumstances.
9.4 Restriction Right
Request limitation of processing your personal data in specific situations.
9.5 Data Portability Right
Receive your personal data in a structured, machine-readable format and transfer it to another controller.
9.6 Objection Right
Object to processing based on legitimate interests or for direct marketing purposes.
9.7 Automated Decision-Making Rights
Not be subject to decisions based solely on automated processing that significantly affect you.
9.8 Consent Withdrawal
Withdraw consent at any time where processing is based on consent.
To exercise these rights, contact us at support@tryverus.com. We will respond within one month, extendable by two months for complex requests.
10. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
- Access Controls: Role-based access, multi-factor authentication, regular access reviews
- Infrastructure: Secure cloud hosting with Google Cloud Platform
- Monitoring: 24/7 security monitoring and intrusion detection
- Testing: Regular security assessments and penetration testing
- Training: Regular security training for all employees
- Incident Response: Documented breach response procedures
- Compliance: SOC 2 Type II certification (in progress)
11. Cookies and Tracking
11.1 Essential Cookies
Required for platform functionality, authentication, and security. Cannot be disabled.
11.2 Analytics Cookies
Help us understand usage patterns and improve the service. Can be disabled in settings.
11.3 Preference Cookies
Remember your settings and preferences. Enhance user experience.
11.4 Marketing Cookies
Used with consent to deliver relevant advertisements and measure campaign effectiveness.
You can manage cookie preferences through your browser settings or our cookie preference center.
12. Children's Privacy
Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data immediately.
13. Data Processing Agreement
For enterprise customers where we act as a data processor, we offer a Data Processing Agreement (DPA) that meets GDPR requirements. Contact support@tryverus.com to request a DPA.
14. Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours
- Notify affected users without undue delay when required
- Document all breaches and remedial actions taken
- Implement measures to prevent future occurrences
15. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority. In the Netherlands:
Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ Den Haag
Netherlands
Phone: 0900-2001201
Website: autoriteitpersoonsgegevens.nl
16. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be notified via email or platform notification at least 30 days before taking effect. The "Last Updated" date at the top reflects the most recent revision.
17. Contact Us
For privacy-related questions, requests, or concerns:
Data Protection Contact
Ainur B.V.
Posthoornstraat 17
3011WD Rotterdam
Netherlands
Email: support@tryverus.com
Subject Line: "Privacy Request"
We aim to respond to all privacy requests within 30 days. For complex requests, we may extend this period by up to 60 additional days, with notification of the extension and reasons.
18. Language
This Privacy Policy is provided in English. In case of any discrepancy between the English version and any translation, the English version shall prevail.