Vera

Vera Privacy Policy

This Privacy Policy applies to all personal information collected by Twilight Labs Pty Ltd (ACN 669 153 539) ("Vera", "we", "us" or "our") via the Vera AI companion platform at www.vera.guide(the "Platform" and "Services").

Effective Date: 1 December 2025

1. What information do we collect?

For this initial launch, Vera operates without user accounts or registration. We collect minimal information necessary to provide the Service:

Conversation Data:

  • The content of your conversations with Vera
  • Date and time of interactions
  • Topics discussed and resources recommended

Technical Information:

  • IP address, device type, browser type
  • Platform usage data (e.g., session duration, features accessed)
  • Session identifiers (temporary, non-personal)
  • Cookies to understand Platform use and customise your experience (these do not generally identify you personally)

Crisis Interaction Data:

  • When safety concerns are detected in conversations (such as mentions of self-harm, suicide, or abuse), these interactions are flagged and logged for clinical review to ensure safety
  • These flagged interactions may include contextual conversation history necessary for proper assessment

No Account Data: Version 1.0 does not require or collect:

  • Names or email addresses
  • Login credentials
  • Persistent user profiles
  • Payment information

We collect only the information reasonably necessary to deliver and improve our Services.

2. Types of information

Under the Privacy Act 1988 (Cth):

Personal Information is information about an identifiable individual, whether true or not, and whether recorded or not.

Sensitive Information includes information such as an individual's health, ethnicity, religious beliefs, or membership of professional bodies.

Through the course of conversation, you may choose to share Sensitive Information with Vera. This information is used only: (a) for the primary purpose for which it was shared (to provide you with appropriate support and resources); (b) for a directly related secondary purpose (such as improving our Services or ensuring your safety); or (c) with your consent or as required or authorised by law.

Important: If conversations indicate you may be in crisis or at risk of harm, we are required to review this information and may be legally obligated to take action to prevent serious harm.

We do not collect or use government-related identifiers.

3. How we collect your Personal Information

(a) We collect information when you:

  • Engage in conversation with Vera through the Platform
  • Browse publicly available resources on the Platform
  • Contact us directly via email or support channels

(b) AI Conversation Collection: Vera is an AI-powered conversational assistant. Conversations with Vera may be stored temporarily and reviewed to:

  • Ensure your safety (particularly when crisis keywords are detected)
  • Improve the quality and accuracy of Vera's responses
  • Develop and refine our Services
  • Comply with legal obligations

(c) Crisis Detection and Clinical Review: Vera uses automated systems to detect potential safety concerns in conversations (such as expressions of suicidal ideation, self-harm, violence, or abuse). When such concerns are detected:

  • The conversation is automatically flagged for review by Vera’s team and may be reviewed by trained clinical personnel
  • Immediate crisis interactions are reviewed within 4 hours
  • Other flagged interactions are reviewed within 24 hours
  • Clinical reviewers are bound by strict confidentiality and privacy obligations

(d) Anonymous Browsing: Users may browse publicly available resources, guides, and educational content on the Platform anonymously. However, engagement with the AI companion conversational features involves data collection as described in this policy.

(e) Minimum Age: Vera is designed for adults aged 18 and over. Users under 18 who express crisis concerns will be directed to youth-specific support services (Kids Helpline 1800 55 1800).

4. Purpose of collection and use

(a) Primary Purposes: We collect and use information to:

  • Provide you with personalised support and guidance through the Vera AI companion
  • Direct you to appropriate resources, guides, and support services
  • Ensure your safety and the safety of others
  • Improve and develop our AI technology and Services
  • Analyse usage patterns to enhance user experience
  • Comply with legal obligations

(b) Disclosure to Service Providers: We may disclose information to trusted third-party service providers who assist us in:

  • Hosting and operating the Platform
  • Processing AI conversations and providing AI infrastructure
  • Providing clinical review services for safety concerns
  • Maintaining our systems and security infrastructure
  • Delivering analytics and improving Services

All data is hosted and stored in Australia. All service providers engaged by Vera that handle personal information are:

  • Located in Australia, or
  • Bound by written agreements requiring compliance with Australian Privacy Principles and data protection standards equivalent to Australian law

No personal information is transferred or stored outside Australia without appropriate safeguards.

All third-party providers are contractually required to:

  • Use information only for the specific purpose for which it is shared
  • Maintain privacy, confidentiality, and security standards compliant with Australian law
  • Implement appropriate safeguards to protect against unauthorised access, misuse, or disclosure

(c) De-identified and Aggregated Data: We may use and share de-identified or aggregated data for purposes such as:

  • Improving AI technology and conversation quality
  • Conducting research on caregiving challenges and life planning
  • Developing insights to enhance support services
  • Industry reporting and analysis

This information does not identify you personally and is managed in accordance with the Australian Privacy Principles.

(d) AI Training and Development: Conversation data may be used to train and improve Vera's AI models. When used for this purpose:

  • Data is de-identified wherever possible
  • Personal identifiers are removed or pseudonymised
  • Strict security and access controls are maintained
  • Data is used only to improve the quality and safety of the Service

5. Legal compliance

Vera and Twilight Labs Pty Ltd are committed to full compliance with all applicable Australian laws and regulations, including but not limited to:

  • Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
  • Online Safety Act 2021 (Cth), including compliance with Basic Online Safety Expectations and industry codes registered by the eSafety Commissioner
  • Australian Consumer Law under the Competition and Consumer Act 2010 (Cth)
  • Corporations Act 2001 (Cth)
  • Relevant state and territory legislation regarding:
    • Mandatory reporting of child abuse and neglect
    • Elder abuse reporting obligations
    • Guardianship and administration laws
    • Mental health legislation
  • Therapeutic Goods Act 1989 (Cth) (should Vera be classified as a medical device in future)

We maintain an ongoing review of our practices to ensure continued compliance with existing and emerging regulatory requirements, including guidance from:

  • Office of the Australian Information Commissioner (OAIC)
  • eSafety Commissioner
  • Australian Competition and Consumer Commission (ACCC)
  • Therapeutic Goods Administration (TGA)

6. Security and data retention

(a) Security Measures:

  • We store information securely and protect it from unauthorised access, misuse, modification, or disclosure through physical, electronic, and administrative safeguards
  • All conversations are encrypted in transit and at rest using industry-standard encryption protocols
  • All data is hosted on secure servers located in Australia
  • Access to information is restricted to authorised personnel only and governed by strict access controls
  • Clinical reviewers are bound by professional confidentiality obligations

(b) Data Retention:

  • Conversation data is retained only as long as necessary to fulfil the purposes for which it was collected
  • Crisis interaction data may be retained longer to comply with legal obligations and ensure continuity of safety monitoring
  • When we no longer require information, we will destroy, anonymise, or de-identify it, unless retention is required by law
  • You may request deletion of your conversation data by contacting us (see Section 9)

(c) Session Data:

  • Since Version 1.0 does not use accounts, conversation sessions are temporary
  • Session data expires after a period of inactivity
  • You may clear your session data at any time by closing your browser or clearing cookies

7. Your rights and choices

Under the Australian Privacy Principles, you have rights regarding your information:

(a) Access (APP 12): You may request access to information we hold about you. To make a request, contact us at privacy@vera.guide with sufficient details to identify your conversations (such as date, time, and general topics discussed).

(b) Correction (APP 13): You may request correction of any inaccurate or incomplete information we hold about you.

(c) Deletion: You may request deletion of your conversation data, subject to:

  • Legal retention requirements
  • Legitimate business purposes (such as ongoing safety monitoring)
  • Technical limitations

(d) Complaints: You have the right to make a complaint about our handling of your personal information (see Section 9).

We will respond to access, correction, or deletion requests within 30 days. In some circumstances, we may not be able to provide access, make corrections, or delete data (for example, where retention is required by law or where deletion would compromise safety monitoring). If we deny your request, we will provide written reasons.

8. Important safety and legal disclosures

(a) Crisis Situations: If your conversation with Vera indicates that you or someone else may be at risk of serious harm (such as suicide, self-harm, violence, or abuse), we:

  • Will review your conversation data as part of our duty of care
  • May be legally required to disclose information to emergency services, police, or relevant authorities to prevent serious harm
  • Will make reasonable efforts to inform you of any such disclosure where it is safe and lawful to do so

(b) Mandatory Reporting: Australian law requires reporting of certain information to authorities, including:

  • Child protection: Suspected child abuse or risk of harm to a child under relevant state/territory legislation
  • Elder abuse: In jurisdictions where mandatory reporting applies
  • Serious threats: Threats to public safety or serious violence

Mandatory reporting obligations vary by state and territory. Where we are required to make a report, we will do so in accordance with applicable laws.

(c) Legal Compliance and Law Enforcement: We may disclose information where required or authorised by law, including:

  • In response to a court order, subpoena, warrant, or other lawful legal process
  • To comply with regulatory requirements or requests from government authorities
  • To protect the rights, property, or safety of Vera, our users, or the public
  • To prevent, detect, or investigate criminal activity, fraud, or breaches of law

(d) No Guarantee of Anonymity: While Version 1.0 does not require account creation, complete anonymity cannot be guaranteed. Technical information (such as IP addresses) may allow identification in combination with other data, particularly if:

  • Legal processes require disclosure
  • Safety concerns necessitate action
  • Criminal activity is suspected

9. Complaint procedure

If you have a complaint about how we handle your information:

Step 1: Contact Us Email Twilight Labs' Privacy Officer at: privacy@vera.guide

Please provide:

  • A clear description of your complaint
  • Relevant details (dates, circumstances)
  • Your preferred contact method
  • Any specific outcome you are seeking

Step 2: Our Response

  • We will acknowledge your complaint within 7 business days
  • We may request further information to clarify your concerns
  • We will investigate and respond substantively within 30 days
  • If your complaint is well-founded, we will work with you to resolve it

Step 3: External Review If you remain dissatisfied with our response, you may lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)

🌐 www.oaic.gov.au

📧 enquiries@oaic.gov.au

📞 1300 363 992

The OAIC can investigate complaints about alleged breaches of the Australian Privacy Principles.

10. Cookies and tracking technologies

(a) What We Use: Vera uses cookies and similar technologies to:

  • Maintain conversation sessions
  • Remember your preferences during your visit
  • Analyse Platform usage and improve functionality
  • Detect and prevent security threats

(b) Types of Cookies:

  • Essential cookies: Required for the Platform to function
  • Analytics cookies: Help us understand how users interact with Vera
  • Preference cookies: Remember your settings during a session

(c) Your Choices: You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of the Platform.

(d) Third-Party Analytics: We may use third-party analytics services (such as Google Analytics) to understand Platform usage. These services may use cookies and are subject to their own privacy policies.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices or Services
  • New technologies or features
  • Legal or regulatory requirements
  • Industry best practices

We will notify you of material changes by:

  • Posting the updated Privacy Policy on the Platform with a new "Last Updated" date
  • Displaying a prominent notice on the Platform
  • Where practicable, providing other forms of notice

Your continued use of the Platform after changes are posted constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

12. Contact us

For all privacy enquiries, access or correction requests, complaints, or general questions:

Twilight Labs Pty Ltd

ACN 669 153 539

privacy@vera.guide

For complaints not resolved to your satisfaction:

Office of the Australian Information Commissioner

🌐 www.oaic.gov.au

📧 enquiries@oaic.gov.au

📞 1300 363 992

13. Our commitment to privacy management

Twilight Labs Pty Ltd:

  • Maintains internal privacy governance systems aligned with the Australian Privacy Principles
  • Provides regular staff training on privacy obligations
  • Conducts periodic privacy impact assessments
  • Reviews and updates this Privacy Policy to reflect current practices and legal obligations
  • Monitors developments in Australian privacy law and eSafety regulations
  • Engages with clinical and legal advisors to ensure best-practice safeguarding

We are committed to protecting your privacy while providing a safe, effective, and compliant service.