How Vern handles your data

We collect only what we need to run the service:

• ·Account data: your email address and encrypted password, provided when you sign up.
• ·Insurance policy details: the policy information you add — type, provider, cost, coverage, renewal dates, and any notes. This is the core of what Vern stores.
• ·Profile data: your name and family members, if you choose to add them in Settings.
• ·Usage data: which features you use (e.g. marketplace quote clicks), stored to help us improve the product.
• ·Email content: if you forward insurance emails to inbox@policies.getvern.com, we process the email body to extract policy details. We do not store the raw email.

We do not collect payment information, national ID numbers, or any health data beyond what you choose to write in the notes field of a policy.

We collect your data for one reason: to provide the Vern service. Specifically:

• ·To show you your insurance overview and identify overlaps, gaps, and saving opportunities.
• ·To power the AI chat and analysis features.
• ·To send you transactional emails (policy confirmations, renewal reminders).
• ·To improve the product based on how it is used.

We do not use your data for advertising. We do not sell your data. Ever.

Your data is stored in a PostgreSQL database hosted by Supabase, with servers located in the European Union (Frankfurt, Germany). Access is protected by row-level security — each user can only access their own data.

Passwords are never stored in plain text. Authentication is handled by Supabase Auth, which hashes passwords using bcrypt.

Data is transmitted over HTTPS at all times. We do not store policy documents — uploaded files are sent to our AI for analysis and then immediately discarded.

We share the minimum necessary data with two third-party services to operate Vern:

• ·Anthropic (anthropic.com) — your insurance policy details are sent to Anthropic's Claude API to power analysis, chat, and document scanning. Anthropic processes this data as a data processor on our behalf. Anthropic's privacy policy is at anthropic.com/privacy.
• ·Postmark (postmarkapp.com) — we use Postmark to send and receive transactional emails. Your email address is shared with Postmark for this purpose.

We do not share your data with insurers, brokers, or any other third parties. Marketplace and quote features are informational only — clicking "Get quote" does not share your data with any insurer.

Vern uses cookies only for authentication — to keep you logged in between sessions. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

If you clear your cookies, you will be logged out. That is the only effect.

We keep your data for as long as your account is active. If you delete your account, all your data — policies, profile, family members, and usage history — is permanently deleted within 30 days.

You can request deletion at any time by emailing elias@getvern.com. We will confirm deletion within 72 hours.

You are based in Norway or Sweden, which means the GDPR applies. You have the right to:

• ·Access: request a copy of all data we hold about you.
• ·Rectification: ask us to correct inaccurate data.
• ·Erasure: ask us to delete your data ("right to be forgotten").
• ·Portability: receive your data in a structured, machine-readable format (JSON).
• ·Restriction: ask us to stop processing your data while a dispute is resolved.
• ·Objection: object to processing based on legitimate interests.

To exercise any of these rights, email elias@getvern.com. We will respond within 30 days.

If you believe we have handled your data unlawfully, you have the right to lodge a complaint with Datatilsynet (the Norwegian Data Protection Authority) at datatilsynet.no.

If we make material changes to this policy, we will notify you by email before the changes take effect. The "last updated" date at the top of this page will always reflect the current version.

Questions, requests, or concerns about your data: