Privacy policy
Last Updated: 20/05/2024
Introduction
Welcome to Verba!
Verba is owned and operated by Verba Technology Ltd.
Verba values your privacy and the protection of your personal data. This privacy policy describes what information we collect from you, how we collect it, how we use it, how we obtain your consent, how long we keep it in our databases and, if necessary, with whom we share it.
By using the platform, you are accepting the practices described in this privacy policy. Your use of the platform is also subject to our terms of service. In this privacy policy, the words "platform" refers to the Verba mobile application and the Verba website together, unless referred to individually in the document, "we", "us", "our", and "Verba", refers to Verba Technology Ltd, and "you", and "user" refers to you, the Verba user.
This privacy policy may change from time to time. Your continued use of the platform after we make changes to this privacy policy will be deemed acceptance of those changes, so please check this policy periodically for updates. This privacy policy has been developed and is maintained in accordance with all applicable national and international privacy and data protection laws and regulations and specifically the Data Protection Act 2018 (UK regulations) and the General Data Protection Regulation (GDPR - European regulations).
General information
The personal data of users that are collected and processed through:
Verba mobile application (Available on Google Play and App Store).
Will be under the responsibility and in charge of:
Verba Technology Ltd.
Email: hello@myverba.com
How we obtain your consent
When you register as a user, purchase a subscription, use the functionalities available on the platform as an individual (chat with Verba AI to create a journal), use the functionalities available on the platform as a therapist, subscribe to our newsletter, contact us through our contact details and contact form and provide us with personal information to communicate with you, you consent to our collection, storage and use of your information under the terms set out in this privacy policy.
Types of information collected
The information we collect from our users helps us to continually improve the user experience on the platform. These are the types of information we collect:
Information you provide to us: You provide information when you register as a user, purchase a subscription, use the functionalities available on the platform as an individual (chat with Verba AI to create a journal), use the functionalities available on the platform as a therapist, subscribe to our newsletter, contact us via our contact details and contact form and provide us with personal information to communicate with you. As a result of those actions, you may provide us with the following information:
First and last name
Email
Therapist email (optional)
Usage Data: Verba automatically collects certain types of information during users' use of the application. This collection includes technical data such as device type, operating system, device settings, application usage, interaction preferences and daily chat log. This information is essential to improve the functionality and performance of the application, as well as to personalise the user experience and ensure system compatibility. All data collected is treated in accordance with our privacy policy, ensuring its protection and confidentiality.
User registration: Users have the option to register using their Google or Apple accounts for convenience and security. In doing so, Verba may collect information from those accounts, including full name, email and profile picture, as permitted by the user's Google and Apple privacy settings. Alternatively, users may choose to register directly through our registration page, where they must provide their full name, email and phone number. Information collected during the registration process will be used solely for the purpose of managing the user's account, personalising the experience on the platform and communicating important updates related to our services.
See Google's and Apple's privacy policy here:
User Content: Verba collects, processes and stores user content, which includes data and information entered on our platform when using chat with our Artificial Intelligence, solely for the provision and improvement of our services and the functionalities available on the platform. We are committed to maintaining the confidentiality and security of this content and information, and will not share it with unauthorised third parties, unless required by law or for the operation of the platform.
Payment data: Payment data refers to information related to your credit or debit card, such as card number, expiry date, security code, and any information related to the payment method selected by the user.
Your payment details will be processed by the payment processors available on this platform (Google Pay, Apple Pay), who will process and store your details securely and solely for the purpose of processing the purchase of subscriptions. Verba reserves the right to contract with any payment platform available.
Social Media: On our platform, we provide you with various links that allow you to interact with social media. We invite you to use these functions to share your information as you wish. However, we strongly encourage you to review the privacy and data protection policies of each of the social media sites you use through our website to understand how they handle your personal information.
Contact information: We may access some personal information about the user, such as name and email address, when the user or any third party communicates with us through our contact information. Personal information provided through our contact information is not stored on any Verba server and will be stored on the respective server of our email service.
HIPAA compliance
Verba is committed to complying with all provisions of the Health Insurance Portability and Accountability Act (HIPAA) to ensure the privacy and security of user health information. The Verba platform provides an AI-powered chat, developed by OpenAI Inc, through which users interact on a daily basis. From these interactions, the AI writes a diary of the day and identifies the user's mood and emotions. In addition, Verba offers an optional functionality to send a weekly email to the user's therapist, containing all diaries and their respective moods and emotions.
Verba ensures that all health information provided by users through the chat is processed anonymously by OpenAI Inc. The data processed does not individualise or identify the user, and OpenAI Inc does not retain or use this data for purposes other than those required by Verba. Furthermore, these providers do not use the data stored at Verba to train or refine any technology, including AI models. This anonymisation process ensures that the user's identity remains protected at all times.
To comply with HIPAA, Verba implements stringent technical and administrative security measures to protect user health information from unauthorised access, disclosure, alteration and destruction. These measures include encrypting data in at rest, using secure networks, and limiting access to health information to authorised personnel only. In addition, Verba conducts regular audits and assessments of its privacy and security practices to ensure ongoing compliance with HIPAA.
Users have full control over the optional functionality of sending emails to their therapist. This feature requires the user's explicit consent, and they can choose to enable or disable it at any time through their account settings on the Verba platform. Verba is committed to maintaining the confidentiality of emails sent and ensures that they are transmitted securely.
Users also have the rights set out in HIPAA in relation to the information provided and related to their health. This includes the right to access their data, request corrections, obtain a record of disclosures of their information, and request restrictions on certain uses and disclosures of their information.
Verba allows users to request deletion of their data at any time in accordance with this privacy policy. Deletion requests can be made through the user's account settings or by contacting our support team. Verba is committed to processing these requests in a timely manner and ensuring that the data is securely deleted.
In the event of any security incident that compromises the user's health information, Verba will immediately notify affected users and take the necessary steps to mitigate the impact of the incident and prevent future occurrences.
By using the Verba platform, the user acknowledges and accepts the privacy and security practices described in this policy. Verba is committed to keeping users informed of any significant changes to our privacy practices and to providing full transparency about how your health information is handled and protected.
5. How long we keep your data
Personal data provided by users through the platform will be retained for the time necessary to provide the functionalities available on the platform, to fulfil the legitimate purposes described in this policy or until the user closes the user account, unsubscribes from our newsletter or requests deletion of their data. Verba may retain personal data for a longer period provided that the user has consented to such processing, as long as such consent is not withdrawn. In addition, Verba may be obliged to retain personal data for a longer period provided that this is required for compliance with a legal obligation or by order of an authority. Once the retention period has expired, the personal data will be deleted. Therefore, the right of access, the right of deletion, the right of rectification and the right to data portability cannot be asserted after the retention period has expired.
How we use your information
In general, we use the data we collect primarily to provide, maintain, protect and improve our platform and to properly deliver the functionalities available on the platform. We use the data collected through our platform as described below:
User registration.
Provide the mobile application (Available on Google Play and App Store).
Provide the functionalities available on the platform.
Facilitate chatting with Verba's Artificial Intelligence.
Facilitate the creation of a journal according to chat information.
Send the user journals to the relevant therapists.
Facilitate the use of the platform for therapists.
Facilitate the creation of licences for therapists' clients.
Provide our subscriptions.
Process subscription payments.
Send relevant notifications within the platform.
Understand and improve your experience using our platform.
Respond to your comments or questions through our contact information.
Send you related information, including confirmations, technical notices, updates, security alerts, and support and administrative messages.
Send you relevant information about Verba.
Verba marketing purposes.
Link or combine your information with other data we obtain from third parties to help us understand your needs and provide you with better service.
Process and respond to requests related to users' privacy rights.
Protect, investigate and deter fraudulent, unauthorised or illegal activities.
How we share information
Information about our customers is an important part of our business, and we are not in the business of selling it to others. We share customer information only as described below.
Information shared with therapists: Verba offers an optional functionality to send a weekly email to the user's designated therapist, containing diaries of daily chats with the AI, including identified moods and emotions. By activating this feature, the user authorises Verba to share such information with their therapist via the email address provided by the user.
Verba guarantees that the therapist's email address is used exclusively for this purpose and that the information shared is transmitted securely. This functionality is only activated with the explicit consent of the user, who has the option to activate or deactivate this function at any time through their account settings on the platform.
By opting in to this functionality, the user acknowledges and agrees that Verba may send diary and mood information to the designated therapist. Verba undertakes to maintain the confidentiality of the information submitted and to protect it against unauthorised access. Use of this functionality is completely voluntary and is provided for the purpose of enhancing the user's therapeutic experience. Verba ensures that any changes to this functionality or related privacy practices are clearly and timely communicated to users.
Storage services: Verba stores user information using secure and reliable storage services, including Amazon EU, Google Cloud EU and MongoDB Inc. These service providers allow us to ensure the integrity and security of the data collected. Information is primarily stored and processed in the European Union, ensuring compliance with applicable data protection regulations, such as the General Data Protection Regulation (GDPR).
The information we collect is used to provide and improve our services, ensure the security of the platform and comply with our legal obligations. Verba takes appropriate technical and organisational measures to protect user information against unauthorised access, alteration, disclosure or destruction. In addition, our storage service providers are subject to strict security and confidentiality policies to protect user information.
By using the Verba platform, you agree to have your data stored and processed by these service providers in the aforementioned locations. We are committed to notifying users of any significant changes to our information storage practices through updates to this privacy policy.
See the privacy policy of Amazon EU, Google Cloud EU and MongoDB Inc here:
Third-Party Service Providers: We use third party services to perform certain functions on our platform. Some of these functions and services include: App hosting (Google Play, App Store), payment processing (Google Pay, Apple Pay), AI functions (OpenAI Inc), tracking and analytics services on the platform, and sending emails.
These third-party services and tools may have access to personal information needed to perform their functions, but may not use that information for other purposes. Information shared with these third-party services will be treated and stored in accordance with their respective privacy policies and our privacy policy.
E-mail communications: By providing us with your email address, you consent and agree that we may send relevant content, notifications and information to your email address. Therefore, your email address may be shared with third party bulk email services for the sole and exclusive purpose of sending you relevant communications. If you wish to stop receiving communications from Verba, you may unsubscribe at any time by using the "unsubscribe" option available in the same emails or by sending your request through our contact information.
Business Transfers: In the event Verba creates, merges with, or is acquired by another entity, your information will likely be transferred. Verba will send you an email or post a prominent notice on our platform before your information becomes subject to another privacy policy.
Protection of Verba and Others: We release personal information when we believe release is appropriate to comply with the law, enforce or apply our terms and conditions and other agreements, or protect the rights, property, or safety of Verba, our users, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.
Anonymous Information: Verba uses anonymous browsing information collected automatically by our servers primarily to help us administer and improve the platform. We may also use aggregated anonymous information to provide information about the platform to potential business partners and other unaffiliated entities. This information is not personally identifiable.
Data breach notifications
In the event of a security breach that compromises the confidentiality of the personal data of our users, Verba undertakes to notify those affected in a timely manner. This notification will be made through the means of contact that have been provided by the user on our platform. We will take all reasonable measures to protect the information and remedy any situation that compromises the security of your data.
International data transfer
By using our platform, you agree that your personal data may be transferred and processed outside the UK, where data protection laws may differ. Verba is committed to taking the necessary steps to ensure that your data is treated in accordance with applicable privacy protection rules and is adequately protected during any international transfer.
Protection of your information
We grant access to your personal information only to those outside persons or services that have a legitimate need to know it and in accordance with our privacy policy. We adhere to industry-recognised security standards to protect your personal information, both during transmission and in storage. However, it is important to note that no method of transmission over the Internet or electronic storage is foolproof and 100% secure. Therefore, while we at Verba strive to implement commercially viable data protection methods, we cannot ensure absolute security of your personal information. We undertake not to sell, distribute or transfer your personal data to unauthorised third parties, unless we have your explicit consent or are required by law to do so.
Rights
Users who provide information through our platform, as data subjects, have the right to access, rectify, download or delete their information, as well as to restrict and oppose certain processing of their information. While some of these rights apply generally, others only apply in certain limited circumstances. These rights are described below:
Access and portability: to access and know what information is stored on our servers, you can send us your request through our contact information.
Rectification, restriction, limitation and deletion: You may also rectify, restrict, limit or delete much of your information.
Right to be informed: Users of our platform will be informed, upon request, about what data we collect, how it is used, how long it is kept and whether it is shared with third parties.
Object: Where we process your data based on our legitimate interests, as explained above, or in the public interest, you may object to this processing in certain circumstances. In such cases, we will stop processing your information unless we have legitimate grounds to continue processing it or where necessary for legal reasons.
Withdraw consent: Where you have previously given your consent, for example to allow us to process and store your personal information, you have the right to withdraw your consent to the processing and storage of your information at any time. For example, you can withdraw your consent by updating your settings. In certain cases, we may continue to process your information after you have withdrawn your consent if we have a lawful basis for doing so or if your withdrawal of consent was limited to certain processing activities.
Complaint: If you wish to lodge a complaint about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority. Users may exercise all of these rights by contacting us via the contact information or contact page.
Rights related to automated decision-making, including profiling: Users may request that we provide them with a copy of the automated processing activities we conduct if they believe that data is being unlawfully processed.
Users or holders of personal data provided through the platform may exercise these rights over their personal data at any time and without limitation by sending their request through our contact information. The request to exercise their rights will be attended and answered within a maximum period of 10 working days.
Right of editing and deletion
We are committed to ensuring that our users maintain full control over their data. Therefore, we grant users the explicit right to modify or delete any information they have provided to the platform.
Users can exercise this right directly through their user account by facilitating the editing or deletion of their data. In the event that certain requests cannot be handled through the user account, users may contact us through our contact information to make the necessary edits or deletions.
Our approach is designed to ensure that users have constant and effective control over their data, allowing them to manage their information in a way that protects their privacy and autonomy.
Protection of children's online privacy
We comply with the requirements of national and international data protection regulations regarding the protection of personal data of minors. We do not collect any information from children under the age of 16. If we become aware that a child under the age of 16 has provided us with personal information, we will take immediate steps to delete that information.
Third parties
Except as expressly included in this privacy policy, this document addresses only the use and disclosure of information Verba collects from you. If you disclose information to third parties, either through links available on the platform, different rules may apply to the use and processing of the data you provide to those third parties. Verba does not control the privacy policies of third parties, and you are subject to the privacy policies of such third parties where applicable. Verba is not responsible for the privacy or security practices of other third party platforms, products or services, including those linked to or from the Verba platform. Please review the privacy policies of any third party services or products you access through the Verba platform.
Changes to Privacy Policy
We reserve the right to change our privacy policy at any time. Changes will be promptly notified to our users and posted on the platform. Your continued use of the platform and our services following these changes implies your acceptance of the changes.
Changes to Privacy Policy
If you have questions or concerns about this privacy policy and the treatment and security of your data, please contact us through our contact forms or by using the following contact information:
Verba Technology Ltd.
Email: hello@myverba.com
Last Updated: 20/05/2024
Introduction
Welcome to Verba!
Verba is owned and operated by Verba Technology Ltd.
Verba values your privacy and the protection of your personal data. This privacy policy describes what information we collect from you, how we collect it, how we use it, how we obtain your consent, how long we keep it in our databases and, if necessary, with whom we share it.
By using the platform, you are accepting the practices described in this privacy policy. Your use of the platform is also subject to our terms of service. In this privacy policy, the words "platform" refers to the Verba mobile application and the Verba website together, unless referred to individually in the document, "we", "us", "our", and "Verba", refers to Verba Technology Ltd, and "you", and "user" refers to you, the Verba user.
This privacy policy may change from time to time. Your continued use of the platform after we make changes to this privacy policy will be deemed acceptance of those changes, so please check this policy periodically for updates. This privacy policy has been developed and is maintained in accordance with all applicable national and international privacy and data protection laws and regulations and specifically the Data Protection Act 2018 (UK regulations) and the General Data Protection Regulation (GDPR - European regulations).
General information
The personal data of users that are collected and processed through:
Verba mobile application (Available on Google Play and App Store).
Will be under the responsibility and in charge of:
Verba Technology Ltd.
Email: hello@myverba.com
How we obtain your consent
When you register as a user, purchase a subscription, use the functionalities available on the platform as an individual (chat with Verba AI to create a journal), use the functionalities available on the platform as a therapist, subscribe to our newsletter, contact us through our contact details and contact form and provide us with personal information to communicate with you, you consent to our collection, storage and use of your information under the terms set out in this privacy policy.
Types of information collected
The information we collect from our users helps us to continually improve the user experience on the platform. These are the types of information we collect:
Information you provide to us: You provide information when you register as a user, purchase a subscription, use the functionalities available on the platform as an individual (chat with Verba AI to create a journal), use the functionalities available on the platform as a therapist, subscribe to our newsletter, contact us via our contact details and contact form and provide us with personal information to communicate with you. As a result of those actions, you may provide us with the following information:
First and last name
Email
Therapist email (optional)
Usage Data: Verba automatically collects certain types of information during users' use of the application. This collection includes technical data such as device type, operating system, device settings, application usage, interaction preferences and daily chat log. This information is essential to improve the functionality and performance of the application, as well as to personalise the user experience and ensure system compatibility. All data collected is treated in accordance with our privacy policy, ensuring its protection and confidentiality.
User registration: Users have the option to register using their Google or Apple accounts for convenience and security. In doing so, Verba may collect information from those accounts, including full name, email and profile picture, as permitted by the user's Google and Apple privacy settings. Alternatively, users may choose to register directly through our registration page, where they must provide their full name, email and phone number. Information collected during the registration process will be used solely for the purpose of managing the user's account, personalising the experience on the platform and communicating important updates related to our services.
See Google's and Apple's privacy policy here:
User Content: Verba collects, processes and stores user content, which includes data and information entered on our platform when using chat with our Artificial Intelligence, solely for the provision and improvement of our services and the functionalities available on the platform. We are committed to maintaining the confidentiality and security of this content and information, and will not share it with unauthorised third parties, unless required by law or for the operation of the platform.
Payment data: Payment data refers to information related to your credit or debit card, such as card number, expiry date, security code, and any information related to the payment method selected by the user.
Your payment details will be processed by the payment processors available on this platform (Google Pay, Apple Pay), who will process and store your details securely and solely for the purpose of processing the purchase of subscriptions. Verba reserves the right to contract with any payment platform available.
Social Media: On our platform, we provide you with various links that allow you to interact with social media. We invite you to use these functions to share your information as you wish. However, we strongly encourage you to review the privacy and data protection policies of each of the social media sites you use through our website to understand how they handle your personal information.
Contact information: We may access some personal information about the user, such as name and email address, when the user or any third party communicates with us through our contact information. Personal information provided through our contact information is not stored on any Verba server and will be stored on the respective server of our email service.
HIPAA compliance
Verba is committed to complying with all provisions of the Health Insurance Portability and Accountability Act (HIPAA) to ensure the privacy and security of user health information. The Verba platform provides an AI-powered chat, developed by OpenAI Inc, through which users interact on a daily basis. From these interactions, the AI writes a diary of the day and identifies the user's mood and emotions. In addition, Verba offers an optional functionality to send a weekly email to the user's therapist, containing all diaries and their respective moods and emotions.
Verba ensures that all health information provided by users through the chat is processed anonymously by OpenAI Inc. The data processed does not individualise or identify the user, and OpenAI Inc does not retain or use this data for purposes other than those required by Verba. Furthermore, these providers do not use the data stored at Verba to train or refine any technology, including AI models. This anonymisation process ensures that the user's identity remains protected at all times.
To comply with HIPAA, Verba implements stringent technical and administrative security measures to protect user health information from unauthorised access, disclosure, alteration and destruction. These measures include encrypting data in at rest, using secure networks, and limiting access to health information to authorised personnel only. In addition, Verba conducts regular audits and assessments of its privacy and security practices to ensure ongoing compliance with HIPAA.
Users have full control over the optional functionality of sending emails to their therapist. This feature requires the user's explicit consent, and they can choose to enable or disable it at any time through their account settings on the Verba platform. Verba is committed to maintaining the confidentiality of emails sent and ensures that they are transmitted securely.
Users also have the rights set out in HIPAA in relation to the information provided and related to their health. This includes the right to access their data, request corrections, obtain a record of disclosures of their information, and request restrictions on certain uses and disclosures of their information.
Verba allows users to request deletion of their data at any time in accordance with this privacy policy. Deletion requests can be made through the user's account settings or by contacting our support team. Verba is committed to processing these requests in a timely manner and ensuring that the data is securely deleted.
In the event of any security incident that compromises the user's health information, Verba will immediately notify affected users and take the necessary steps to mitigate the impact of the incident and prevent future occurrences.
By using the Verba platform, the user acknowledges and accepts the privacy and security practices described in this policy. Verba is committed to keeping users informed of any significant changes to our privacy practices and to providing full transparency about how your health information is handled and protected.
5. How long we keep your data
Personal data provided by users through the platform will be retained for the time necessary to provide the functionalities available on the platform, to fulfil the legitimate purposes described in this policy or until the user closes the user account, unsubscribes from our newsletter or requests deletion of their data. Verba may retain personal data for a longer period provided that the user has consented to such processing, as long as such consent is not withdrawn. In addition, Verba may be obliged to retain personal data for a longer period provided that this is required for compliance with a legal obligation or by order of an authority. Once the retention period has expired, the personal data will be deleted. Therefore, the right of access, the right of deletion, the right of rectification and the right to data portability cannot be asserted after the retention period has expired.
How we use your information
In general, we use the data we collect primarily to provide, maintain, protect and improve our platform and to properly deliver the functionalities available on the platform. We use the data collected through our platform as described below:
User registration.
Provide the mobile application (Available on Google Play and App Store).
Provide the functionalities available on the platform.
Facilitate chatting with Verba's Artificial Intelligence.
Facilitate the creation of a journal according to chat information.
Send the user journals to the relevant therapists.
Facilitate the use of the platform for therapists.
Facilitate the creation of licences for therapists' clients.
Provide our subscriptions.
Process subscription payments.
Send relevant notifications within the platform.
Understand and improve your experience using our platform.
Respond to your comments or questions through our contact information.
Send you related information, including confirmations, technical notices, updates, security alerts, and support and administrative messages.
Send you relevant information about Verba.
Verba marketing purposes.
Link or combine your information with other data we obtain from third parties to help us understand your needs and provide you with better service.
Process and respond to requests related to users' privacy rights.
Protect, investigate and deter fraudulent, unauthorised or illegal activities.
How we share information
Information about our customers is an important part of our business, and we are not in the business of selling it to others. We share customer information only as described below.
Information shared with therapists: Verba offers an optional functionality to send a weekly email to the user's designated therapist, containing diaries of daily chats with the AI, including identified moods and emotions. By activating this feature, the user authorises Verba to share such information with their therapist via the email address provided by the user.
Verba guarantees that the therapist's email address is used exclusively for this purpose and that the information shared is transmitted securely. This functionality is only activated with the explicit consent of the user, who has the option to activate or deactivate this function at any time through their account settings on the platform.
By opting in to this functionality, the user acknowledges and agrees that Verba may send diary and mood information to the designated therapist. Verba undertakes to maintain the confidentiality of the information submitted and to protect it against unauthorised access. Use of this functionality is completely voluntary and is provided for the purpose of enhancing the user's therapeutic experience. Verba ensures that any changes to this functionality or related privacy practices are clearly and timely communicated to users.
Storage services: Verba stores user information using secure and reliable storage services, including Amazon EU, Google Cloud EU and MongoDB Inc. These service providers allow us to ensure the integrity and security of the data collected. Information is primarily stored and processed in the European Union, ensuring compliance with applicable data protection regulations, such as the General Data Protection Regulation (GDPR).
The information we collect is used to provide and improve our services, ensure the security of the platform and comply with our legal obligations. Verba takes appropriate technical and organisational measures to protect user information against unauthorised access, alteration, disclosure or destruction. In addition, our storage service providers are subject to strict security and confidentiality policies to protect user information.
By using the Verba platform, you agree to have your data stored and processed by these service providers in the aforementioned locations. We are committed to notifying users of any significant changes to our information storage practices through updates to this privacy policy.
See the privacy policy of Amazon EU, Google Cloud EU and MongoDB Inc here:
Third-Party Service Providers: We use third party services to perform certain functions on our platform. Some of these functions and services include: App hosting (Google Play, App Store), payment processing (Google Pay, Apple Pay), AI functions (OpenAI Inc), tracking and analytics services on the platform, and sending emails.
These third-party services and tools may have access to personal information needed to perform their functions, but may not use that information for other purposes. Information shared with these third-party services will be treated and stored in accordance with their respective privacy policies and our privacy policy.
E-mail communications: By providing us with your email address, you consent and agree that we may send relevant content, notifications and information to your email address. Therefore, your email address may be shared with third party bulk email services for the sole and exclusive purpose of sending you relevant communications. If you wish to stop receiving communications from Verba, you may unsubscribe at any time by using the "unsubscribe" option available in the same emails or by sending your request through our contact information.
Business Transfers: In the event Verba creates, merges with, or is acquired by another entity, your information will likely be transferred. Verba will send you an email or post a prominent notice on our platform before your information becomes subject to another privacy policy.
Protection of Verba and Others: We release personal information when we believe release is appropriate to comply with the law, enforce or apply our terms and conditions and other agreements, or protect the rights, property, or safety of Verba, our users, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.
Anonymous Information: Verba uses anonymous browsing information collected automatically by our servers primarily to help us administer and improve the platform. We may also use aggregated anonymous information to provide information about the platform to potential business partners and other unaffiliated entities. This information is not personally identifiable.
Data breach notifications
In the event of a security breach that compromises the confidentiality of the personal data of our users, Verba undertakes to notify those affected in a timely manner. This notification will be made through the means of contact that have been provided by the user on our platform. We will take all reasonable measures to protect the information and remedy any situation that compromises the security of your data.
International data transfer
By using our platform, you agree that your personal data may be transferred and processed outside the UK, where data protection laws may differ. Verba is committed to taking the necessary steps to ensure that your data is treated in accordance with applicable privacy protection rules and is adequately protected during any international transfer.
Protection of your information
We grant access to your personal information only to those outside persons or services that have a legitimate need to know it and in accordance with our privacy policy. We adhere to industry-recognised security standards to protect your personal information, both during transmission and in storage. However, it is important to note that no method of transmission over the Internet or electronic storage is foolproof and 100% secure. Therefore, while we at Verba strive to implement commercially viable data protection methods, we cannot ensure absolute security of your personal information. We undertake not to sell, distribute or transfer your personal data to unauthorised third parties, unless we have your explicit consent or are required by law to do so.
Rights
Users who provide information through our platform, as data subjects, have the right to access, rectify, download or delete their information, as well as to restrict and oppose certain processing of their information. While some of these rights apply generally, others only apply in certain limited circumstances. These rights are described below:
Access and portability: to access and know what information is stored on our servers, you can send us your request through our contact information.
Rectification, restriction, limitation and deletion: You may also rectify, restrict, limit or delete much of your information.
Right to be informed: Users of our platform will be informed, upon request, about what data we collect, how it is used, how long it is kept and whether it is shared with third parties.
Object: Where we process your data based on our legitimate interests, as explained above, or in the public interest, you may object to this processing in certain circumstances. In such cases, we will stop processing your information unless we have legitimate grounds to continue processing it or where necessary for legal reasons.
Withdraw consent: Where you have previously given your consent, for example to allow us to process and store your personal information, you have the right to withdraw your consent to the processing and storage of your information at any time. For example, you can withdraw your consent by updating your settings. In certain cases, we may continue to process your information after you have withdrawn your consent if we have a lawful basis for doing so or if your withdrawal of consent was limited to certain processing activities.
Complaint: If you wish to lodge a complaint about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority. Users may exercise all of these rights by contacting us via the contact information or contact page.
Rights related to automated decision-making, including profiling: Users may request that we provide them with a copy of the automated processing activities we conduct if they believe that data is being unlawfully processed.
Users or holders of personal data provided through the platform may exercise these rights over their personal data at any time and without limitation by sending their request through our contact information. The request to exercise their rights will be attended and answered within a maximum period of 10 working days.
Right of editing and deletion
We are committed to ensuring that our users maintain full control over their data. Therefore, we grant users the explicit right to modify or delete any information they have provided to the platform.
Users can exercise this right directly through their user account by facilitating the editing or deletion of their data. In the event that certain requests cannot be handled through the user account, users may contact us through our contact information to make the necessary edits or deletions.
Our approach is designed to ensure that users have constant and effective control over their data, allowing them to manage their information in a way that protects their privacy and autonomy.
Protection of children's online privacy
We comply with the requirements of national and international data protection regulations regarding the protection of personal data of minors. We do not collect any information from children under the age of 16. If we become aware that a child under the age of 16 has provided us with personal information, we will take immediate steps to delete that information.
Third parties
Except as expressly included in this privacy policy, this document addresses only the use and disclosure of information Verba collects from you. If you disclose information to third parties, either through links available on the platform, different rules may apply to the use and processing of the data you provide to those third parties. Verba does not control the privacy policies of third parties, and you are subject to the privacy policies of such third parties where applicable. Verba is not responsible for the privacy or security practices of other third party platforms, products or services, including those linked to or from the Verba platform. Please review the privacy policies of any third party services or products you access through the Verba platform.
Changes to Privacy Policy
We reserve the right to change our privacy policy at any time. Changes will be promptly notified to our users and posted on the platform. Your continued use of the platform and our services following these changes implies your acceptance of the changes.
Changes to Privacy Policy
If you have questions or concerns about this privacy policy and the treatment and security of your data, please contact us through our contact forms or by using the following contact information:
Verba Technology Ltd.
Email: hello@myverba.com
Last Updated: 20/05/2024
Introduction
Welcome to Verba!
Verba is owned and operated by Verba Technology Ltd.
Verba values your privacy and the protection of your personal data. This privacy policy describes what information we collect from you, how we collect it, how we use it, how we obtain your consent, how long we keep it in our databases and, if necessary, with whom we share it.
By using the platform, you are accepting the practices described in this privacy policy. Your use of the platform is also subject to our terms of service. In this privacy policy, the words "platform" refers to the Verba mobile application and the Verba website together, unless referred to individually in the document, "we", "us", "our", and "Verba", refers to Verba Technology Ltd, and "you", and "user" refers to you, the Verba user.
This privacy policy may change from time to time. Your continued use of the platform after we make changes to this privacy policy will be deemed acceptance of those changes, so please check this policy periodically for updates. This privacy policy has been developed and is maintained in accordance with all applicable national and international privacy and data protection laws and regulations and specifically the Data Protection Act 2018 (UK regulations) and the General Data Protection Regulation (GDPR - European regulations).
General information
The personal data of users that are collected and processed through:
Verba mobile application (Available on Google Play and App Store).
Will be under the responsibility and in charge of:
Verba Technology Ltd.
Email: hello@myverba.com
How we obtain your consent
When you register as a user, purchase a subscription, use the functionalities available on the platform as an individual (chat with Verba AI to create a journal), use the functionalities available on the platform as a therapist, subscribe to our newsletter, contact us through our contact details and contact form and provide us with personal information to communicate with you, you consent to our collection, storage and use of your information under the terms set out in this privacy policy.
Types of information collected
The information we collect from our users helps us to continually improve the user experience on the platform. These are the types of information we collect:
Information you provide to us: You provide information when you register as a user, purchase a subscription, use the functionalities available on the platform as an individual (chat with Verba AI to create a journal), use the functionalities available on the platform as a therapist, subscribe to our newsletter, contact us via our contact details and contact form and provide us with personal information to communicate with you. As a result of those actions, you may provide us with the following information:
First and last name
Email
Therapist email (optional)
Usage Data: Verba automatically collects certain types of information during users' use of the application. This collection includes technical data such as device type, operating system, device settings, application usage, interaction preferences and daily chat log. This information is essential to improve the functionality and performance of the application, as well as to personalise the user experience and ensure system compatibility. All data collected is treated in accordance with our privacy policy, ensuring its protection and confidentiality.
User registration: Users have the option to register using their Google or Apple accounts for convenience and security. In doing so, Verba may collect information from those accounts, including full name, email and profile picture, as permitted by the user's Google and Apple privacy settings. Alternatively, users may choose to register directly through our registration page, where they must provide their full name, email and phone number. Information collected during the registration process will be used solely for the purpose of managing the user's account, personalising the experience on the platform and communicating important updates related to our services.
See Google's and Apple's privacy policy here:
User Content: Verba collects, processes and stores user content, which includes data and information entered on our platform when using chat with our Artificial Intelligence, solely for the provision and improvement of our services and the functionalities available on the platform. We are committed to maintaining the confidentiality and security of this content and information, and will not share it with unauthorised third parties, unless required by law or for the operation of the platform.
Payment data: Payment data refers to information related to your credit or debit card, such as card number, expiry date, security code, and any information related to the payment method selected by the user.
Your payment details will be processed by the payment processors available on this platform (Google Pay, Apple Pay), who will process and store your details securely and solely for the purpose of processing the purchase of subscriptions. Verba reserves the right to contract with any payment platform available.
Social Media: On our platform, we provide you with various links that allow you to interact with social media. We invite you to use these functions to share your information as you wish. However, we strongly encourage you to review the privacy and data protection policies of each of the social media sites you use through our website to understand how they handle your personal information.
Contact information: We may access some personal information about the user, such as name and email address, when the user or any third party communicates with us through our contact information. Personal information provided through our contact information is not stored on any Verba server and will be stored on the respective server of our email service.
HIPAA compliance
Verba is committed to complying with all provisions of the Health Insurance Portability and Accountability Act (HIPAA) to ensure the privacy and security of user health information. The Verba platform provides an AI-powered chat, developed by OpenAI Inc, through which users interact on a daily basis. From these interactions, the AI writes a diary of the day and identifies the user's mood and emotions. In addition, Verba offers an optional functionality to send a weekly email to the user's therapist, containing all diaries and their respective moods and emotions.
Verba ensures that all health information provided by users through the chat is processed anonymously by OpenAI Inc. The data processed does not individualise or identify the user, and OpenAI Inc does not retain or use this data for purposes other than those required by Verba. Furthermore, these providers do not use the data stored at Verba to train or refine any technology, including AI models. This anonymisation process ensures that the user's identity remains protected at all times.
To comply with HIPAA, Verba implements stringent technical and administrative security measures to protect user health information from unauthorised access, disclosure, alteration and destruction. These measures include encrypting data in at rest, using secure networks, and limiting access to health information to authorised personnel only. In addition, Verba conducts regular audits and assessments of its privacy and security practices to ensure ongoing compliance with HIPAA.
Users have full control over the optional functionality of sending emails to their therapist. This feature requires the user's explicit consent, and they can choose to enable or disable it at any time through their account settings on the Verba platform. Verba is committed to maintaining the confidentiality of emails sent and ensures that they are transmitted securely.
Users also have the rights set out in HIPAA in relation to the information provided and related to their health. This includes the right to access their data, request corrections, obtain a record of disclosures of their information, and request restrictions on certain uses and disclosures of their information.
Verba allows users to request deletion of their data at any time in accordance with this privacy policy. Deletion requests can be made through the user's account settings or by contacting our support team. Verba is committed to processing these requests in a timely manner and ensuring that the data is securely deleted.
In the event of any security incident that compromises the user's health information, Verba will immediately notify affected users and take the necessary steps to mitigate the impact of the incident and prevent future occurrences.
By using the Verba platform, the user acknowledges and accepts the privacy and security practices described in this policy. Verba is committed to keeping users informed of any significant changes to our privacy practices and to providing full transparency about how your health information is handled and protected.
5. How long we keep your data
Personal data provided by users through the platform will be retained for the time necessary to provide the functionalities available on the platform, to fulfil the legitimate purposes described in this policy or until the user closes the user account, unsubscribes from our newsletter or requests deletion of their data. Verba may retain personal data for a longer period provided that the user has consented to such processing, as long as such consent is not withdrawn. In addition, Verba may be obliged to retain personal data for a longer period provided that this is required for compliance with a legal obligation or by order of an authority. Once the retention period has expired, the personal data will be deleted. Therefore, the right of access, the right of deletion, the right of rectification and the right to data portability cannot be asserted after the retention period has expired.
How we use your information
In general, we use the data we collect primarily to provide, maintain, protect and improve our platform and to properly deliver the functionalities available on the platform. We use the data collected through our platform as described below:
User registration.
Provide the mobile application (Available on Google Play and App Store).
Provide the functionalities available on the platform.
Facilitate chatting with Verba's Artificial Intelligence.
Facilitate the creation of a journal according to chat information.
Send the user journals to the relevant therapists.
Facilitate the use of the platform for therapists.
Facilitate the creation of licences for therapists' clients.
Provide our subscriptions.
Process subscription payments.
Send relevant notifications within the platform.
Understand and improve your experience using our platform.
Respond to your comments or questions through our contact information.
Send you related information, including confirmations, technical notices, updates, security alerts, and support and administrative messages.
Send you relevant information about Verba.
Verba marketing purposes.
Link or combine your information with other data we obtain from third parties to help us understand your needs and provide you with better service.
Process and respond to requests related to users' privacy rights.
Protect, investigate and deter fraudulent, unauthorised or illegal activities.
How we share information
Information about our customers is an important part of our business, and we are not in the business of selling it to others. We share customer information only as described below.
Information shared with therapists: Verba offers an optional functionality to send a weekly email to the user's designated therapist, containing diaries of daily chats with the AI, including identified moods and emotions. By activating this feature, the user authorises Verba to share such information with their therapist via the email address provided by the user.
Verba guarantees that the therapist's email address is used exclusively for this purpose and that the information shared is transmitted securely. This functionality is only activated with the explicit consent of the user, who has the option to activate or deactivate this function at any time through their account settings on the platform.
By opting in to this functionality, the user acknowledges and agrees that Verba may send diary and mood information to the designated therapist. Verba undertakes to maintain the confidentiality of the information submitted and to protect it against unauthorised access. Use of this functionality is completely voluntary and is provided for the purpose of enhancing the user's therapeutic experience. Verba ensures that any changes to this functionality or related privacy practices are clearly and timely communicated to users.
Storage services: Verba stores user information using secure and reliable storage services, including Amazon EU, Google Cloud EU and MongoDB Inc. These service providers allow us to ensure the integrity and security of the data collected. Information is primarily stored and processed in the European Union, ensuring compliance with applicable data protection regulations, such as the General Data Protection Regulation (GDPR).
The information we collect is used to provide and improve our services, ensure the security of the platform and comply with our legal obligations. Verba takes appropriate technical and organisational measures to protect user information against unauthorised access, alteration, disclosure or destruction. In addition, our storage service providers are subject to strict security and confidentiality policies to protect user information.
By using the Verba platform, you agree to have your data stored and processed by these service providers in the aforementioned locations. We are committed to notifying users of any significant changes to our information storage practices through updates to this privacy policy.
See the privacy policy of Amazon EU, Google Cloud EU and MongoDB Inc here:
Third-Party Service Providers: We use third party services to perform certain functions on our platform. Some of these functions and services include: App hosting (Google Play, App Store), payment processing (Google Pay, Apple Pay), AI functions (OpenAI Inc), tracking and analytics services on the platform, and sending emails.
These third-party services and tools may have access to personal information needed to perform their functions, but may not use that information for other purposes. Information shared with these third-party services will be treated and stored in accordance with their respective privacy policies and our privacy policy.
E-mail communications: By providing us with your email address, you consent and agree that we may send relevant content, notifications and information to your email address. Therefore, your email address may be shared with third party bulk email services for the sole and exclusive purpose of sending you relevant communications. If you wish to stop receiving communications from Verba, you may unsubscribe at any time by using the "unsubscribe" option available in the same emails or by sending your request through our contact information.
Business Transfers: In the event Verba creates, merges with, or is acquired by another entity, your information will likely be transferred. Verba will send you an email or post a prominent notice on our platform before your information becomes subject to another privacy policy.
Protection of Verba and Others: We release personal information when we believe release is appropriate to comply with the law, enforce or apply our terms and conditions and other agreements, or protect the rights, property, or safety of Verba, our users, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.
Anonymous Information: Verba uses anonymous browsing information collected automatically by our servers primarily to help us administer and improve the platform. We may also use aggregated anonymous information to provide information about the platform to potential business partners and other unaffiliated entities. This information is not personally identifiable.
Data breach notifications
In the event of a security breach that compromises the confidentiality of the personal data of our users, Verba undertakes to notify those affected in a timely manner. This notification will be made through the means of contact that have been provided by the user on our platform. We will take all reasonable measures to protect the information and remedy any situation that compromises the security of your data.
International data transfer
By using our platform, you agree that your personal data may be transferred and processed outside the UK, where data protection laws may differ. Verba is committed to taking the necessary steps to ensure that your data is treated in accordance with applicable privacy protection rules and is adequately protected during any international transfer.
Protection of your information
We grant access to your personal information only to those outside persons or services that have a legitimate need to know it and in accordance with our privacy policy. We adhere to industry-recognised security standards to protect your personal information, both during transmission and in storage. However, it is important to note that no method of transmission over the Internet or electronic storage is foolproof and 100% secure. Therefore, while we at Verba strive to implement commercially viable data protection methods, we cannot ensure absolute security of your personal information. We undertake not to sell, distribute or transfer your personal data to unauthorised third parties, unless we have your explicit consent or are required by law to do so.
Rights
Users who provide information through our platform, as data subjects, have the right to access, rectify, download or delete their information, as well as to restrict and oppose certain processing of their information. While some of these rights apply generally, others only apply in certain limited circumstances. These rights are described below:
Access and portability: to access and know what information is stored on our servers, you can send us your request through our contact information.
Rectification, restriction, limitation and deletion: You may also rectify, restrict, limit or delete much of your information.
Right to be informed: Users of our platform will be informed, upon request, about what data we collect, how it is used, how long it is kept and whether it is shared with third parties.
Object: Where we process your data based on our legitimate interests, as explained above, or in the public interest, you may object to this processing in certain circumstances. In such cases, we will stop processing your information unless we have legitimate grounds to continue processing it or where necessary for legal reasons.
Withdraw consent: Where you have previously given your consent, for example to allow us to process and store your personal information, you have the right to withdraw your consent to the processing and storage of your information at any time. For example, you can withdraw your consent by updating your settings. In certain cases, we may continue to process your information after you have withdrawn your consent if we have a lawful basis for doing so or if your withdrawal of consent was limited to certain processing activities.
Complaint: If you wish to lodge a complaint about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority. Users may exercise all of these rights by contacting us via the contact information or contact page.
Rights related to automated decision-making, including profiling: Users may request that we provide them with a copy of the automated processing activities we conduct if they believe that data is being unlawfully processed.
Users or holders of personal data provided through the platform may exercise these rights over their personal data at any time and without limitation by sending their request through our contact information. The request to exercise their rights will be attended and answered within a maximum period of 10 working days.
Right of editing and deletion
We are committed to ensuring that our users maintain full control over their data. Therefore, we grant users the explicit right to modify or delete any information they have provided to the platform.
Users can exercise this right directly through their user account by facilitating the editing or deletion of their data. In the event that certain requests cannot be handled through the user account, users may contact us through our contact information to make the necessary edits or deletions.
Our approach is designed to ensure that users have constant and effective control over their data, allowing them to manage their information in a way that protects their privacy and autonomy.
Protection of children's online privacy
We comply with the requirements of national and international data protection regulations regarding the protection of personal data of minors. We do not collect any information from children under the age of 16. If we become aware that a child under the age of 16 has provided us with personal information, we will take immediate steps to delete that information.
Third parties
Except as expressly included in this privacy policy, this document addresses only the use and disclosure of information Verba collects from you. If you disclose information to third parties, either through links available on the platform, different rules may apply to the use and processing of the data you provide to those third parties. Verba does not control the privacy policies of third parties, and you are subject to the privacy policies of such third parties where applicable. Verba is not responsible for the privacy or security practices of other third party platforms, products or services, including those linked to or from the Verba platform. Please review the privacy policies of any third party services or products you access through the Verba platform.
Changes to Privacy Policy
We reserve the right to change our privacy policy at any time. Changes will be promptly notified to our users and posted on the platform. Your continued use of the platform and our services following these changes implies your acceptance of the changes.
Changes to Privacy Policy
If you have questions or concerns about this privacy policy and the treatment and security of your data, please contact us through our contact forms or by using the following contact information:
Verba Technology Ltd.
Email: hello@myverba.com