Verrvy collects account data such as email address and profile settings, calendar metadata from connected Google, Outlook, or iPhone calendars, manually entered personal events, manually entered or device-imported sleep logs, device-imported exercise minutes, PTO logs, break logs, daily check-ins, risk scores, forecast outputs, recommendations, consent records, and basic in-app product analytics such as page views and feature actions.

Calendar metadata can include calendar provider, calendar connection status, event titles, event start and end times, event duration, event source, and event type. Verrvy does not access Gmail messages, email bodies, Google Drive files, Google Docs content, calendar attendee message text, or Google Contacts.

If a user connects Google Calendar, Verrvy requests permission to read calendar event metadata so the app can estimate workload patterns. The Google user data Verrvy may access includes calendar event titles, start and end times, duration, calendar source, and information needed to maintain the calendar connection such as OAuth access tokens, refresh tokens, granted scopes, token expiration time, and last sync time.

Verrvy uses Google Calendar data only to calculate burnout risk inputs such as meeting hours, number of meetings, back-to-back meetings, after-hours meetings, longest work streaks, seven-day forecasts, and recommendations such as moving meetings or blocking recovery time.

Verrvy does not use Google Calendar data for advertising, does not sell Google user data, and does not use Google user data to train generalized AI or machine learning models. If a user enables AI Smart Coach, Verrvy may send a compact workload and recovery summary, which can include calendar-derived signals, to the configured AI service provider only to generate the requested recommendation.

If a user syncs iPhone Calendar in the iOS app, Verrvy requests full calendar access from iOS because Apple requires full access for apps that read calendar events. Verrvy imports event metadata such as title, start and end time, all-day status, availability, and calendar name.

iPhone Calendar sync does not use OAuth tokens. Permission is managed on the device in iOS Settings. Users can stop future device calendar sync by removing calendar access in Settings or deleting their Verrvy account data.

Users can always enter sleep manually. If a user opts into Apple Health sleep import in the iOS app or Health Connect sleep import in the Android app, Verrvy requests read access to sleep data and imports sleep dates, sleep duration, and a quality estimate derived from duration.

Users may also opt into Apple Health or Health Connect exercise import. Verrvy reads workout data and stores only daily exercise minutes so recommendations can account for movement as a recovery signal.

Verrvy does not request heart rate, step count, medical records, or raw health samples for this feature. Apple Health permission is managed in iOS Settings. Health Connect permission is managed in Android settings.

Verrvy uses workload and recovery signals to estimate burnout risk, generate a seven-day forecast, build recommendations, sync calendars, operate account controls, prevent abuse, debug product issues, and improve reliability and product usability.

If a user enables notifications, Verrvy stores a device push token and notification preferences so it can send daily risk briefings, burnout-risk warnings, and recovery reminders. Users can disable notifications in Verrvy account settings or device settings.

Verrvy is a planning and wellness support tool. It is not a medical device, medical diagnosis, emergency service, or replacement for professional health care.

AI Smart Coach is optional. If a user opts in, Verrvy may send a compact workload and recovery summary to the configured AI provider to generate more specific recommendations. Local recommendations remain available without AI consent.

Users can revoke AI consent from Account & Privacy controls. Revoking AI consent clears cached AI recommendations and usage counters for the account.

Verrvy uses service providers to operate the product, including Supabase for authentication and database storage, Google and Microsoft when users connect calendars, Apple device calendar services when users sync iPhone Calendar, Apple Health when iOS users opt into health import, and OpenAI when users enable AI Smart Coach.

Google Calendar data is shared only with service providers that help Verrvy operate the requested product features: database hosting and authentication providers for secure storage, infrastructure providers for application hosting and logs, Google for Calendar API connectivity, and the configured AI provider only when the user enables AI Smart Coach. Verrvy does not share Google user data with data brokers or advertising networks.

Verrvy does not sell personal information or share personal information for cross-context behavioral advertising. If that changes, this policy must be updated before the change takes effect.

Verrvy keeps app data while an account is active or until the user deletes it. Users can export Verrvy app data, disconnect calendar providers, revoke AI consent, and delete their Verrvy account from the dashboard. Account deletion instructions are also available at Delete Account.

Data exports intentionally exclude long-lived OAuth tokens. Disconnecting a calendar provider removes imported provider metadata and stored OAuth tokens for that provider. iPhone Calendar sync stores imported metadata but does not store Apple Calendar OAuth tokens. Apple Health import stores only imported sleep and exercise log records in Verrvy, not Apple Health tokens.

When a user disconnects Google Calendar, Verrvy deletes imported Google Calendar event metadata and stored Google OAuth tokens for that account. When a user deletes their Verrvy account, Verrvy deletes account data, calendar metadata, OAuth tokens, recovery logs including manual and device-imported sleep and exercise logs, risk history, recommendations, consent records, and cached AI recommendation data associated with that account.

Verrvy scopes user data by authenticated account, uses Supabase row-level security, and encrypts third-party OAuth tokens before storage. No internet service can guarantee perfect security, but Verrvy is designed to limit access to account-scoped data.

Long-lived Google OAuth refresh tokens are encrypted before storage and are used server-side only to refresh calendar access for the user who connected the Google account. iPhone Calendar sync does not create or store long-lived Apple OAuth tokens. Verrvy does not expose OAuth tokens in account data exports, client-side app code, or public analytics events.

Depending on location, users may have rights to access, correct, delete, or receive a copy of personal information. Verrvy provides export and delete controls in the app, and users can contact privacy@verrvy.com for privacy questions.