Verras Privacy Policy

Updated: May 2nd, 2026

Verras ("Company", "we", "our", or "us") provides a workforce operations platform for managing scheduling, time tracking, reporting, and billing. This Privacy Policy describes how we collect, use, and protect information about users of the Verras website, web application, and mobile applications (iOS and Android), collectively the "Service".

By using the Service you agree to the collection and use of information in accordance with this policy. We will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in our Terms of Service, accessible at www.verras.ai/terms, unless otherwise defined here.

Information We Collect

a. Account Information

Name
Email address
Phone number (if provided)
Account login credentials (passwords are stored hashed; we never see them in plaintext)
Role within your organization (Owner, Supervisor, Guard, Client Portal user)

b. Work & Operational Data

Time entries (clock-in and clock-out timestamps)
Shift schedules and assignments
Job site information (addresses, geofence boundaries)
Client records (managed by your organization's administrators)
Incident reports and daily reports submitted by guards
Documents uploaded for e-signature, training, or compliance

c. Location Data

When you use the mobile app to clock in or clock out, we collect precise GPS coordinates from your device to verify that you are within the geofence of the job site you are working. Location is collected:

At the moment you tap "Clock In" or "Clock Out"
While the app is in the foreground during a shift, if your employer has enabled live shift tracking

Location is not collected when you are off shift or when the app is closed. You can revoke location permission at any time through your device settings, but doing so will prevent you from clocking in.

d. Camera, Microphone, and Photos

The mobile app may request access to:

Camera — to take photos for incident reports, daily reports, or your profile picture
Photo library — to attach existing images to incident reports or document uploads
Microphone — only if you record an audio note as part of an incident report

These permissions are requested only when you initiate the action, and you can decline. Photos and audio you upload are stored as part of the associated record (incident, report, or document) and are visible to your organization's supervisors and administrators per their role permissions.

e. Device & Usage Data

Device type, operating system, and app version
IP address
Push notification tokens (used to deliver shift reminders and alerts)
Crash logs and error diagnostics

How We Use Information

We use the information we collect to:

Provide the Service (account access, scheduling, time tracking, reporting, billing)
Verify attendance and time-entry accuracy via geofence checks
Send transactional emails and push notifications (shift assignments, approvals, alerts)
Generate invoices for your organization's clients
Maintain audit logs required by labor and tax law
Diagnose technical problems and improve reliability

Service Providers We Share Data With

We do not sell personal data and we do not share data for advertising. We use the following third-party processors strictly to operate the Service:

Heroku (a Salesforce company) — application hosting
Supabase — database and file storage (Postgres, S3-compatible object storage)
Stripe — payment processing for invoices issued by your organization to its clients, and for Verras platform billing
Resend — transactional email delivery (invitations, password resets, notifications)
Sentry — error tracking and crash diagnostics
OpenRouter — language-model inference for the optional HR Assistant feature; only the text you submit to the assistant is sent

Each processor receives only the data necessary to perform its function and is contractually prohibited from using your data for any other purpose. We may also disclose information when required by law or to respond to a valid legal process.

We do not use advertising SDKs. We do not share data with advertising networks, data brokers, or analytics products that profile users for marketing.

Data Security

We implement reasonable safeguards including:

Encryption in transit (TLS 1.2+) for all connections between your device and our servers
Encryption at rest for the database and file storage
Tenant isolation — each customer organization's data is logically separated and queries are scoped to the requester's organization
Role-based access controls (Owner, Supervisor, Guard, Client Portal user)
Audit logging of approval and modification actions

No system is completely secure, and we cannot guarantee absolute security.

Data Retention

We retain different categories of data for different periods:

Account profile data — for the life of your account, then deleted within 30 days of account closure
Time entries and shift records — retained for at least 3 years to comply with U.S. labor recordkeeping requirements (Fair Labor Standards Act)
Audit log entries — append-only and retained for 3 years
Invoices and financial records — retained for 7 years for tax and accounting purposes
Crash logs and diagnostics — typically retained for 90 days

When records must be retained for legal reasons after an account is deleted, we anonymize personally identifying fields (name, email, phone) while preserving the underlying record.

Your Rights and How to Delete Your Account

You may at any time:

Access the personal information we hold about you
Request correction of inaccurate information
Request deletion of your account and associated personal data
Withdraw consent for optional features (such as live shift tracking)

To delete your account:

From the mobile app: Settings → Account → Delete Account
From the web: visit www.verras.ai/delete-account
By email: send a request from your account email address to privacy@verras.ai

After you confirm a deletion request, we will permanently remove your personal information within 30 days. Records that must be retained for legal reasons (time entries, audit log entries, invoices) will be anonymized rather than deleted, as described in the Data Retention section above.

International Data Transfers

The Service is operated from and primarily serves users in the United States. Data is stored in U.S.-based data centers. If you access the Service from outside the United States, you understand that your information will be transferred to and processed in the United States.

Cookies

Our website uses cookies to maintain your login session and to remember your preferences. You can configure your browser to refuse cookies, but some features of the Service may not work if you do.

Links to Other Sites

Our Service may contain links to other sites that we do not operate. We have no control over the content or privacy practices of those sites and recommend you review their privacy policies before providing any information.

Children's Privacy

The Verras Service is intended for use in connection with employment and is not directed at children. We do not knowingly collect information from anyone under the age of 16. If you believe a person under 16 has provided us with information, please contact us at privacy@verras.ai and we will promptly delete it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Updated" date at the top of this page reflects the most recent revision. Material changes will be communicated by email or in-app notice before they take effect.

Contact Us

For privacy questions or requests, contact us at privacy@verras.ai.

For general inquiries: info@verras.ai

Mailing address:
Verras
1712 Pioneer Ave Ste 779
Cheyenne, WY 82001