VeroGet Vero for Chrome

Privacy Policy

Last updated: June 20, 2026

The short version: we never read your email, we don’t sell data, recipient IPs are deleted within 90 days, and any recipient can opt out of all Vero tracking with one email.

What we collect from you (the sender)

When you sign in, Google shares your basic profile with us: your email address and name. That is the entire scope we request — openid, email, and profile. Vero never asks for Gmail read/write permissions, which means we technically cannot access your inbox or the contents of your messages.

When you send a tracked email, the extension stores that email’s subject line and recipient addresses so we can show them back to you in your dashboard and notifications. Message bodies are never sent to or stored by Vero.

What we collect about recipients

When a tracked email is opened or a tracked link is clicked, our servers log the event: timestamp, IP address, user-agent (from which we derive device and browser type), approximate location derived from IP, and network/ISP name. We classify each event (for example, as a verified human open, an Apple Mail Privacy prefetch, a mail provider’s image proxy, or a security scanner) and show the classified result to the sender.

Where a recipient’s IP address indicates the EU or UK, Vero does not log the IP address.

Recipient opt-out

Any recipient can opt out of Vero tracking entirely by emailing unsubscribe-from-tracking@veromail.xyz. We maintain a suppression registry; addresses on it are excluded from event logging across all Vero senders.

Retention

  • Recipient IP addresses: deleted within 90 days of the event.
  • Other event metadata (timestamps, device type, coarse location, classification): up to 18 months.
  • Your account data: kept while your account is active; deleted on request.

Service providers

Vero runs on a small set of infrastructure providers that process data on our behalf: Vercel (hosting and edge network), Turso (database), Resend (notification email delivery), Stripe (subscription payments), and Google (sign in). Each receives only what is necessary to run the service.

Payments

Paid subscriptions are processed by Stripe. When you upgrade, Stripe collects and stores your payment details directly — Vero never sees or stores your full card number. We retain only your subscription status, billing interval, and a Stripe customer identifier so we can unlock Pro features for your account. Stripe’s handling of your payment data is governed by its own privacy policy.

What we never do

  • Sell or rent personal data.
  • Use tracking data for advertising.
  • Add visible branding or content to your emails.
  • Read, store, or analyze the bodies of your emails.

Your rights

You can request a copy of your data or deletion of your account and all associated events at any time by emailing privacy@veromail.xyz. If you are in a jurisdiction with statutory privacy rights (GDPR, UK GDPR, CCPA), those rights apply and the same address handles them.

Children

Vero is not directed at children and may not be used by anyone under 16. We do not knowingly collect data from minors.

Changes

If this policy changes materially we will note it here with a new “last updated” date and, for significant changes, notify active users by email.

Contact

privacy@veromail.xyz