Verings
Start a diagnostic
Privacy

Your data, and your people’s candor, protected.

Verings handles two kinds of people’s data: managers who run diagnostics and team pulses, and the people who answer them. This statement explains what we collect, why, and how it’s protected.

Working draft · last updated 2026-06-11

Note. This is a working draft of our privacy approach intended to describe how the product handles data. It is not legal advice and will be reviewed with counsel before launch.

Who this covers

Two groups: managers, who create an account and run a diagnostic or a recurring team pulse, and respondents, who are invited to take a confidential interview or answer a pulse check-in. Respondents do not create an account; they enter through a single-use link.

What we collect

  • Manager account data: email address and the objectives, strategy context, and hypotheses you provide to scope a diagnostic.
  • Roster data: the email addresses and optional segment metadata (role, level, tenure, sub-function, relationship to the function) you upload to invite respondents, and the team-member emails you add to a pulse.
  • Respondent answers: the interview responses and ratings a respondent provides, and the scores and comments a team member submits in a pulse cycle. These are sensitive personal data and are treated accordingly.
  • Operational data: minimal logs and AI-usage metering needed to run, secure, and bill the service.

How we use it

  • To design and run the diagnostic you configure.
  • To deliver invitations and the respondent interview experience.
  • To synthesise responses into a segmented readout and a drafted intervention plan.
  • To run the recurring pulse cycles you configure and synthesise check-ins into trends and themes.
  • To secure the service, prevent abuse, and meter usage.

Confidentiality of respondent answers

This is the heart of the product. A manager never sees an individual’s answers. Responses are aggregated into segments, and any segment too small to protect a person is suppressed or merged before anything is shown. Roster identity is used only to deliver invitations and is never joined to response content in any manager-facing view. The same model applies to team pulses: leadership sees trends, themes, and counts, never who said what, and a cycle’s content is only shown once enough people have responded. Urgent flags are passed on anonymised.

Legal basis

We process personal data on the bases permitted under the GDPR, typically the performance of a contract (running the diagnostic) and legitimate interests (securing and improving the service), with consent captured from respondents before an interview begins. The manager’s organisation is generally the data controller for respondent data; we act as a processor on their instructions.

Where your data lives

All data stores and sub-processors operate in the EU region. Data is encrypted in transit and at rest.

Sub-processors

  • Supabase (EU): managed database, authentication, and storage.
  • Anthropic: AI models under zero-retention, no-training terms.
  • Resend (EU): transactional email delivery.

Retention

We keep personal data for as long as needed to run an engagement and meet legal obligations, then delete or anonymise it. You can request deletion of an engagement’s data at any time (see your rights below).

Your rights

Subject to applicable law, you may request access to, correction of, or deletion of your personal data, and you may object to or restrict certain processing. To exercise any of these, email privacy@verings.com and we’ll respond within the timeframes the GDPR requires.

Cookies

We use only the cookies strictly necessary to keep you signed in and to keep the service secure. We do not use advertising cookies.

Changes

We’ll update this statement as the product matures and post the revised date at the top. Material changes will be communicated to account holders.

Contact

Questions about privacy? Email privacy@verings.com.