Veriva is built on a simple principle: your health data belongs to you. We collect only what we need to provide the service, we never sell your data, and we never share it without your explicit consent.
Veriva is a personal health and medication management application operated by Veriva LLC, a Virginia limited liability company ("Veriva," "we," "us," or "our"). You can reach us at privacy@veriva.health.
We collect information you provide directly to us, information we receive from connected health systems, and limited technical information about how you use the app.
Information you provide:
Information from connected health systems:
Technical information:
We use your information solely to provide and improve the Veriva service:
Veriva handles protected health information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA). We maintain a Business Associate Agreement (BAA) with our infrastructure providers. Your health data is encrypted in transit and at rest. We maintain audit logs of all access to PHI.
We will never sell, rent, or license your health data to third parties, including advertisers, data brokers, or pharmaceutical companies.
When you connect your Epic MyChart account, Veriva uses OAuth 2.0 with PKCE to request read-only access to your prescription data. Your Epic username and password are never transmitted to or stored by Veriva. You may revoke this access at any time through your MyChart account settings or within the Veriva app.
If you choose to share access with a caregiver, that person will be able to view your medication schedule, adherence history, and any information you have chosen to share. You control what caregivers can see and can revoke their access at any time.
The AI health companion feature is powered by Anthropic's Claude API. When you use this feature, your medication list and your messages are sent to Anthropic to generate responses. Anthropic's privacy policy governs their handling of this data. The AI companion is not a substitute for professional medical advice.
We retain your account data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting privacy@veriva.health. We will delete or de-identify your data within 30 days of a verified deletion request.
Depending on your location, you may have the right to:
To exercise any of these rights, contact us at privacy@veriva.health.
Veriva is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before the change takes effect. Your continued use of Veriva after the effective date constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or our data practices, please contact us at privacy@veriva.health or write to us at Veriva LLC, Herndon, Virginia.