Veritas

Privacy Policy

Effective April 21, 2026

This Privacy Policy explains how Optivus Corporation Private Limited (“we”, “us”) collects, uses, stores, and shares information when you use Veritas (the “Service”), available at getveritas.io. We have written this policy to be clear and specific, and updated it as our systems evolve; the latest version always lives at this URL.

1. Information we collect

1.1 Information you provide

  • Account details — name, email address, password (hashed), and profile image when you sign up through our authentication provider, Clerk.
  • Organization details — company name, website URL, industry, and the brand assets (logos, colors, descriptions) extracted during onboarding.
  • Uploaded content — documents (PDF, DOCX, PPTX, TXT, MD), images, and any text you submit to generate content or build your knowledge base.
  • Billing information — processed by Razorpay. We store invoice history, seat events, and payment references; we do not store full card numbers or CVV.

1.2 Information generated by your use of the Service

  • Chat messages, prompts, and AI-generated responses.
  • Knowledge graph nodes and relationships we extract from your content.
  • Learning path progress, assessment answers, certificates, and activity logs.
  • Audit logs of administrative actions (role changes, invitations, deletions).

1.3 Information collected automatically

  • Session cookies set by Clerk to keep you signed in.
  • Server logs (IP address, user agent, request URL, timestamp) retained for operational and security purposes.
  • Error telemetry if the Service encounters an unexpected failure.

2. How we use your information

We use the information we collect to:

  • Provide and operate the Service (authentication, content generation, knowledge graph construction, learning).
  • Process payments and send billing communications.
  • Send transactional emails (invitations, notifications, security alerts).
  • Monitor and improve reliability, performance, and security.
  • Comply with legal obligations (tax, audit, lawful requests).

We do not sell your data, use it to train third-party AI models beyond the per-call processing described below, or serve you advertising based on it.

3. AI processing — how your content is used with OpenAI

How we use AI

When you use chat, content generation, knowledge extraction, learning paths, or any other AI-backed feature, Veritas sends the relevant context from your account to OpenAI for processing. This includes your prompt, excerpts from your knowledge base, and your company profile.

  • OpenAI does not use your API inputs or outputs to train their models.
  • Data may be retained by OpenAI for up to 30 days for abuse monitoring.
  • Tenant data is isolated — your content is never mixed with another organization’s.
Privacy PolicyOpenAI API policy

Veritas uses OpenAI as its AI model provider. When you interact with features that involve AI (chat, content generation, knowledge extraction, learning path generation, role-play, SEO analysis), we send relevant context from your account to OpenAI’s API for processing. This includes, depending on the feature:

  • The prompt or question you submitted.
  • Relevant excerpts from your knowledge base or uploaded documents.
  • Your company profile and brand DNA.
  • Prior chat messages in the current conversation.

OpenAI processes this data according to their API data usage policy. OpenAI does not use API inputs or outputs to train their models. Data sent to the API may be retained by OpenAI for up to 30 days for abuse monitoring before being deleted.

If your organization requires zero-retention processing, please reach out through your Veritas account administrator to discuss enterprise arrangements.

4. Sub-processors

We rely on a short list of carefully selected service providers to operate Veritas. Each receives only the data necessary for their function and is bound by their own security and privacy commitments.

  • Clerk (clerk.com) — authentication, session management, and user/organization identity.
  • OpenAI (openai.com) — AI model inference and embedding generation. See Section 3.
  • MongoDB Atlas — primary database for user, organization, content, and billing data.
  • Neo4j — graph database for knowledge graph storage (for select tenants).
  • Amazon Web Services (S3) — object storage for uploaded documents and images.
  • Razorpay (razorpay.com) — payment processing for subscriptions and invoices.
  • SendGrid (sendgrid.com) — transactional email delivery.
  • Firecrawl (firecrawl.dev) — website crawling during company onboarding (accesses the website URL you provide).

A current list of sub-processors is maintained on our Data Processing Agreement page.

5. Cookies and tracking technologies

Veritas uses the cookies and similar technologies listed below. On your first visit we show a consent banner and load only the essential category until you choose otherwise. You can change your choice at any time with the button at the end of this section.

  • Essential — a session cookie set by Clerk to keep you signed in. Required for the Service to function; cannot be disabled.
  • Analytics (Microsoft Clarity) — when you opt in, Microsoft Clarity records anonymized session replays (mouse movement, clicks, scroll) and aggregate usage metrics so we can diagnose UX problems. Clarity is operated by Microsoft Corporation and is governed by the Microsoft Privacy Statement. Data is retained by Microsoft for up to 13 months.
  • Marketing (LinkedIn Insight Tag) — when you opt in, LinkedIn’s Insight Tag allows us to measure the effectiveness of our LinkedIn advertising and build retargeting audiences from visitors to our site. It is operated by LinkedIn Corporation and is governed by the LinkedIn Privacy Policy.

Analytics and marketing cookies are only loaded after you provide consent via the banner. Your choice is stored in your browser’s local storage on this device only.

6. Data retention

We retain data for the periods below, unless you request earlier deletion:

  • Account and organization data: for as long as your account is active.
  • Uploaded content and generated artifacts: for as long as your account is active, or until you delete them.
  • Billing records and invoices: 7 years (required by applicable tax law).
  • Server logs: 90 days.
  • AI prompts/responses forwarded to OpenAI: up to 30 days on OpenAI’s side (per their policy).

7. Your rights

Depending on your jurisdiction, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your account and associated data (subject to retention periods above).
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.

You can delete your account at any time from your account settings. Organization administrators can delete an entire organization from the admin panel, which purges all tenant data. For any other request, please contact your organization administrator, who can raise it with us on your behalf.

8. International data transfers

Veritas is operated from India. Our sub-processors are located in multiple regions, including the United States and the European Union. When you use the Service, your data may be transferred to, stored in, and processed in these regions. Where required by applicable law, we rely on appropriate safeguards (standard contractual clauses or equivalents) for cross-border transfers.

9. Security

We maintain technical and organizational measures to protect your data, including:

  • TLS encryption in transit.
  • Encryption at rest for databases and object storage.
  • Role-based access controls for administrative actions.
  • Per-tenant isolation (separate databases per organization).
  • Audit logging of privileged actions.

No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you in accordance with applicable law.

10. Children

Veritas is a B2B SaaS product intended for use by businesses and their employees. We do not knowingly collect data from anyone under 16. If you believe we have collected such data, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via email to account administrators at least 14 days before taking effect. The most recent version is always available at this URL with an updated effective date.

12. Contact us

Questions about this policy or our data practices? Optivus Corporation Private Limited is headquartered in New Delhi, India. For now, please route inquiries through your Veritas account administrator; a dedicated data-protection contact address will be published here in a future revision.