Privacy Policy

Last updated: July 6, 2026

This Privacy Policy explains how Verse ("Verse", "we", "us", or "our"), operated from New Zealand, collects, uses, discloses, and protects your information when you use our website at useverse.ai, our web application, the Verse Desktop application, our command line tools, our APIs, and the AI employees, workflows, and related features we provide (collectively, the "Service").

Verse lets you create AI employees: autonomous software agents that can chat with you, remember context, connect to your other tools, and carry out work on your behalf. Because of what the Service does, the information we handle depends heavily on what you ask your AI employees to do and which features you turn on. This Policy describes the full range of data the Service can process so you can make informed choices.

By using Verse, you agree to the practices described in this Privacy Policy. If you do not agree with this Policy, you should not use the Service. This Policy should be read together with our Terms of Service.

In short:

  • We collect the information you give us, the content you and your AI employees create, technical usage data, and data from services you choose to connect.
  • Your content is processed by the AI model providers we use (principally Anthropic and OpenAI) to run your AI employees. We do not use your private content to train publicly available AI models, and our model providers are bound by API terms that prohibit them from training their models on it.
  • We do not sell your personal information.
  • Optional features (voice calls, browser and computer use, local desktop access, email and SMS sending, brokerage and other financial connections) involve additional data flows that only happen if you enable them. Each is described below.
  • You can export your data or delete your account at any time in Settings, and you can request access, correction, export, or deletion by emailing hello@useverse.ai.

1. Information We Collect

1.1 Information You Provide

  • Account information: your name, email address, password (stored in hashed form by our authentication provider), avatar, timezone, and sign in details if you use Google or Microsoft single sign on.
  • Onboarding and profile context: descriptions you give us about yourself, your business, your customers, your goals, and how you want AI employees to work for you.
  • Content you create or upload: messages and instructions to your AI employees, prompts, workflow and agent configurations, knowledge documents and files you upload, skills you install or write, and feedback you give on agent work.
  • Payment information: processed by our payment provider, Stripe. We store your subscription status, plan, and billing history. We never store your full card number or card security code.
  • Communications: support requests, feedback, and survey responses, including the email address you contact us from.
  • Waitlist signups: your email address, together with your IP address and browser information collected for abuse prevention.
  • Promotions: if you take part in a promotional campaign (for example a social sharing or token reward campaign), the information that campaign asks for, such as a social media username, post link, or digital wallet address.

Your inputs may contain personal or sensitive information about you or others. You are responsible for ensuring you have the right to share that information with us and with the AI employees you configure, and that you comply with applicable laws when doing so.

1.2 Information Collected Automatically

  • IP address, device identifiers, and approximate location
  • Browser type, operating system, and device details
  • Usage data such as pages viewed, features used, and time spent in the app
  • Log data, timestamps, error reports, and interaction events
  • Cookies, local storage, and similar technologies (see Section 9)
  • If you use Verse Desktop: a randomly generated device identifier, your operating system platform, app version, and connection status, so your AI employees know when your computer is available

1.3 Information from Services You Connect

You can connect third party services (for example Gmail, Slack, Notion, HubSpot, or your calendar) so your AI employees can work with them. When you do, we collect and process:

  • Authorization credentials: OAuth tokens and API keys. Most connections are brokered by our integration partner, Composio, which holds the tokens on our behalf, scoped to your Verse account. Where we store tokens or API keys ourselves, they are encrypted at rest with AES-256-GCM.
  • Connected service content: the data your AI employees read from or write to those services at your direction, such as emails, messages, documents, files, calendar events, contacts, and CRM records.
  • Connection metadata: which services you have connected and basic account identifiers from them.

We only access connected service data as needed to run the work you configure. You can disconnect a service at any time in Verse or by revoking access from the third party service.

Google user data: Verse's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google user data to provide the features you request, we do not transfer it except as necessary to provide those features or as required by law, and we do not use it for advertising.

1.4 Content Your AI Employees Create and Handle

As your AI employees work, the Service generates and stores records of that work in your account, including:

  • Agent memories: information your AI employees save about you, your business, and their tasks so they can improve over time
  • Run and activity logs: what each AI employee did, which tools it used, and the results, including usage and cost metering
  • Communications your AI employees send and receive on your behalf, such as emails (including their full content), SMS messages, and Slack, Discord, or Telegram messages
  • Browser session artifacts from cloud browser tasks, such as screenshots and screen recordings of what the agent did
  • Cloud computer session artifacts, such as commands run, files produced, and screenshots
  • Deliverables and files your AI employees produce

1.5 Voice Calls and Screen Sharing

If you start a voice call with an AI employee, your live audio (and, if you enable screen sharing, periodic images of your screen) streams directly from your browser to our voice provider, OpenAI, to power the conversation. We do not record or store the raw audio or screen frames on our systems. To give the AI employee context, we send it relevant account information (such as your name, email, timezone, and the agent's memories) at the start of the call. Notes and memories derived from the call may be saved to your account so the agent remembers what you discussed.

Only share your screen when you are comfortable with the content visible on it being processed by the Service.

1.6 Local Computer Access (Verse Desktop)

Verse Desktop optionally lets your AI employees work directly on your own computer. This is off by default and enabled per agent by you. When enabled, an AI employee can run commands, read and write files, take screenshots, and control the mouse and keyboard on your machine, and the results of those actions (including command output, file contents the agent reads, and screenshots) are transmitted to our systems and stored in your account so the agent can see what happened. Certain risky commands require your explicit on-device approval before they run, and screen control requires you to grant operating system permissions.

Only enable local computer access for agents you trust with the data on that machine, and review what you allow them to do.

1.7 Financial Data (Optional Features)

If you enable financial features, we process additional data:

  • Brokerage connections: if you link a brokerage account through our partner SnapTrade, we store your institution name, masked account numbers, balances, positions, and order history. Your SnapTrade connection secret is encrypted at rest. We never receive your brokerage password.
  • Agent cards: if agent spending cards are available and you enable them, cards are issued through Stripe. We store only the card brand, last four digits, and expiry, plus spend controls and transaction records. Full card numbers are held by Stripe, never by us.
  • Digital asset features: where available and enabled, wallet addresses, balances, and transaction records. Wallet addresses and transactions may be screened through compliance providers to prevent financial crime.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including running the AI employees, workflows, and integrations you configure
  • Personalize the Service, such as maintaining agent memories and preferences
  • Process payments, manage subscriptions and credits, and prevent fraud and abuse
  • Monitor usage, meter costs, and enforce plan limits and spending controls
  • Improve the performance, reliability, and functionality of the Service, including through analytics
  • Communicate with you about the Service, including support, security notices, and important account information
  • Detect, investigate, and mitigate abuse, security incidents, and violations of our Terms of Service
  • Comply with legal obligations and enforce our agreements

Where the GDPR or similar laws apply, we rely on the following legal bases: performance of our contract with you (operating the Service you signed up for), our legitimate interests (such as securing and improving the Service and preventing abuse), compliance with legal obligations, and your consent where we ask for it (which you may withdraw at any time).

3. AI Processing and Model Providers

Verse is built on third party AI models. To run your AI employees, your content is sent to AI model providers for processing:

  • Anthropic (Claude): powers agent reasoning, chat, and work execution. Receives your messages, agent instructions and memories, documents and images you provide, tool results, and screenshots from browser and computer sessions.
  • OpenAI: powers voice calls (live audio and shared screen frames), transcription, text embeddings used for agent memory search, and image generation.
  • Certain browser automation steps may be processed by other model providers we configure for that purpose.
  • We access these providers through their business APIs, whose terms prohibit them from using your content to train their models.
  • We do not use your private content to train publicly available AI models.
  • Inputs and outputs may be retained briefly by providers (for example for abuse monitoring) under their policies, and may be analyzed by us or our providers for abuse detection, safety, and quality control.

AI outputs are generated by statistical models and can be wrong. You are responsible for reviewing AI generated output before relying on it, as described in our Terms of Service.

4. How We Share Information

4.1 Service Providers (Subprocessors)

We share information with service providers who process it on our behalf to run the Service. Our core providers are:

  • Infrastructure: Supabase (database, authentication, file storage), Vercel (web hosting and analytics), Railway (background job processing), Cloudflare (scheduled triggers), Upstash (rate limiting)
  • AI models: Anthropic, OpenAI (see Section 3)
  • Integrations: Composio (connects and holds credentials for third party tools you link)
  • Communications: Resend (email sending and receiving for the platform and for agent email addresses), Twilio (SMS where enabled), Slack, Discord, and Telegram (where you connect agents to those platforms)
  • Payments and billing: Stripe (payments, subscriptions, and, where enabled, card issuing)
  • Agent work surfaces: Steel and Browserbase (cloud browsers), Daytona and E2B (cloud computers), GitHub (skill installation and desktop app updates)
  • Search: Serper (web search queries made by agents)
  • Financial features (only if you enable them): SnapTrade (brokerage connections), Alpaca (equities), Circle, Coinbase, and related wallet infrastructure (digital assets), Chainalysis (compliance screening)
  • Analytics and advertising: Google Analytics, TikTok (advertising pixel), Vercel Analytics (see Section 9)

These providers only receive the information needed to perform their function and are bound by their own contractual and legal obligations to protect it. The list above may change as the Service evolves; material changes will be reflected in updates to this Policy.

4.2 At Your Direction

When your AI employees act on your instructions, they necessarily share information with others: sending an email shares its content with the recipient, posting to Slack shares it with that workspace, placing a trade shares order details with your brokerage, and browsing a website shares the visit with that site. You control these flows through what you ask agents to do, the integrations you connect, and the approval settings you configure.

4.3 Legal Requirements and Safety

We may disclose information if required by law or valid legal process, or where reasonably necessary to protect the rights, property, or safety of Verse, our users, or the public, including to detect and prevent fraud, security incidents, or illegal activity.

4.4 Business Transfers

If Verse is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction, subject to protections consistent with this Policy.

4.5 No Sale of Personal Information

We do not sell your personal information for money. Our website uses advertising and analytics tools (Section 9) that may be treated as "sharing" for targeted advertising under some US state laws; you can opt out as described in Sections 8 and 9.

5. International Data Transfers

Verse is operated from New Zealand and our service providers process data in other countries, primarily the United States. Your information may therefore be processed and stored in jurisdictions with different data protection laws than your home country.

Where we disclose personal information across borders, we take steps designed to ensure it remains protected to a comparable standard, including using providers that commit to appropriate contractual safeguards (such as data processing agreements incorporating standard contractual clauses where required by European law) and, where those safeguards are unavailable, relying on your authorization to make the transfer under applicable law, including the New Zealand Privacy Act 2020.

6. Data Retention

We retain your information for as long as your account is active, because your AI employees rely on history and memory to work. Specifics:

  • Account data, agent content, memories, activity records, and communications are kept while your account exists, unless you ask us to delete them sooner
  • Voice call audio and shared screen frames are not stored by us at all (Section 1.5)
  • Cloud browser and computer sessions are shut down after use; short lived operational records (such as job queue entries and tool execution ledgers) are purged automatically on cycles of roughly three to thirty days
  • Security, billing, and audit records may be kept longer where we have a legitimate or legal need, such as fraud prevention, tax, and accounting

You can delete your account and associated data at any time from Settings (Privacy, then Delete Account), or by emailing hello@useverse.ai. We will delete or de-identify your personal information within a reasonable period, except where we must retain specific records to comply with law, resolve disputes, or enforce agreements. Residual copies may persist in encrypted backups for a limited period before being overwritten.

7. Data Security

We implement technical and organizational safeguards designed to protect your information, including:

  • Encryption in transit (HTTPS) across the Service
  • AES-256-GCM encryption at rest for integration tokens, API keys, brokerage connection secrets, and other stored credentials
  • Database row level security so accounts can only access their own data, with billing records writable only by our servers
  • Sandboxed execution of agent generated code in isolated environments
  • Human approval gates for sensitive agent actions, plus spend limits, kill switches, and anomaly detection for financial activity
  • Signature verification on incoming webhooks and an append only audit log for sensitive operations

No system is completely secure, and we cannot guarantee absolute security. Please use a strong, unique password, keep your credentials confidential, and configure agent permissions and approval settings thoughtfully. Notify us immediately at hello@useverse.ai if you suspect unauthorized access to your account. If a privacy breach occurs that is likely to cause serious harm, we will notify affected users and the Office of the New Zealand Privacy Commissioner as required by the Privacy Act 2020, and any other regulators required by applicable law.

8. Your Rights and Choices

You can exercise any of the rights below by emailing hello@useverse.ai. We may need to verify your identity first, and we will respond within the timeframes required by applicable law.

8.1 Everyone

  • Request access to the personal information we hold about you
  • Request correction of inaccurate information
  • Delete your account and data in Settings, or by request (Section 6)
  • Download a copy of your data in a portable format from Settings (Privacy, then Export My Data)
  • Opt out of marketing emails at any time in Settings, via the unsubscribe link, or by contacting us
  • Turn off analytics and advertising tracking in Settings (Privacy, then Analytics & advertising)

8.2 New Zealand

The New Zealand Privacy Act 2020 gives you rights to access and correct your personal information. If you are not satisfied with our response to a privacy concern, you may complain to the Office of the Privacy Commissioner (privacy.org.nz).

8.3 European Economic Area and United Kingdom

Where the GDPR or UK GDPR applies, you also have rights to restrict or object to processing, to withdraw consent, and to data portability, and you may lodge a complaint with your local supervisory authority. Section 2 describes our legal bases and Section 5 describes transfer safeguards.

8.4 United States

Depending on your state, you may have rights to access, correct, delete, and obtain a copy of your personal information, and to opt out of targeted advertising. We do not sell personal information for money. To opt out of the advertising pixels on our website, use the cookie and browser controls described in Section 9 or contact us. We do not discriminate against you for exercising your rights.

9. Cookies, Analytics, and Advertising

We use cookies and similar technologies for:

  • Essential functions: authentication, sessions, security, and remembering your preferences. The Service does not work without these.
  • Analytics: Google Analytics and Vercel Analytics help us understand feature usage and performance.
  • Advertising measurement: our marketing site uses the TikTok Pixel to measure ad performance. When you sign up or subscribe, a hashed (unreadable) version of your email may be shared with TikTok to attribute conversions.

When you first visit, a cookie banner asks whether to allow analytics and advertising cookies, and nothing optional runs until you choose. You can change your choice at any time using the Cookie preferences link in the page footer, and signed in users can also manage it in Settings (Privacy, then Analytics & advertising), which applies the choice to their account. You can additionally control cookies through your browser settings, opt out of Google Analytics with Google's browser add-on, and manage ad preferences in your TikTok settings. Blocking essential cookies may prevent parts of the Service from working.

We do not currently respond to "Do Not Track" browser signals.

10. Children's Privacy

The Service is not directed to, and may not be used by, anyone under 18 years of age, and we do not knowingly collect personal information from anyone under 18. If you believe a person under 18 has provided us with personal information, please contact us and we will delete it as soon as reasonably practicable.

11. Third Party Services

Services you connect to Verse, websites your AI employees visit, and third party services linked from the Service are governed by those parties' own privacy policies. We are not responsible for their practices. In particular, when you connect a brokerage, card program, or other financial service, that provider's privacy policy (for example SnapTrade's or Stripe's) applies to their handling of your information alongside this Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page, provide a prominent notice within the Service where appropriate, and notify you by email where required.

Continued use of Verse after changes become effective constitutes your acceptance of the updated Policy.

13. Contact Us

For questions, requests, or complaints about this Privacy Policy or our data practices, contact our privacy officer at:

Verse (Attn: Privacy Officer)

Email: hello@useverse.ai

New Zealand

If we cannot resolve your concern, you may contact the Office of the New Zealand Privacy Commissioner (privacy.org.nz), or your local data protection authority.

By using Verse, you acknowledge that you have read, understood, and agree to this Privacy Policy.

© 2026 Verse. All rights reserved.

Privacy Policy, Terms of Service, and