Privacy Policy

Effective date: 11 May 2026 · Last updated: 11 May 2026

This Privacy Policy describes how VeraWatch ("VeraWatch", "we", "our", or "us") collects, uses, and shares information when you use our mobile application and related services (the "Service"). By using the Service, you agree to the practices described in this Policy.

1. Who we are

The Service is operated by Shaked Nimrod, an individual developer based in Israel. You can reach us at support@verawatch.app.

2. Information we collect

2.1 Information you provide

• Account information. When you create an account, we collect your email address and a hashed password. If you sign in with a third-party identity provider (Apple, Google), we receive a unique identifier and your email address from that provider.
• Watch photographs. When you submit a watch for authentication, you upload up to four photographs (dial, case back, side & crown, clasp & bracelet) and optional metadata you enter (brand, reference number, notes).
• Communications. If you contact us by email, we retain your message and contact details to respond.

2.2 Information collected automatically

• Device and usage data. Device model, operating system version, app version, language settings, crash reports, and anonymous usage events (for example, screens viewed, features used).
• Identifiers. A randomly generated user identifier and, where applicable, an Apple Sign-In identifier.

2.3 Information from purchases

Payments are processed by Apple through the App Store. We do not receive or store your payment-card details. We do receive a purchase token and the status of your subscription or one-time purchase, which we use to grant access to features.

3. How we use information

We use the information we collect to:

• Provide, operate, and improve the Service, including performing AI-based authentication of submitted photographs;
• Generate your digital certificate (PDF) and store your verification history;
• Authenticate your account and prevent fraudulent or abusive use;
• Process subscriptions and one-time purchases (via Apple);
• Respond to your inquiries and provide customer support;
• Comply with legal obligations and enforce our Terms of Service.

4. AI processing and third-party services

To deliver authentication results, your submitted photographs are transmitted to Anthropic's Claude Vision API. Anthropic processes the images solely to return an analysis to our servers and, in accordance with Anthropic's terms, does not use your images to train its models. Photographs are not retained by Anthropic beyond the immediate request.

We use the following third-party services as data processors:

• Supabase — authentication, database, and encrypted file storage.
• Anthropic — AI inference on submitted photographs (transient processing only).
• Apple App Store — payment processing, app distribution, and Apple Sign-In.
• Cloudflare — domain hosting and email routing for support inquiries.

5. How we store and protect data

Account information and verification records are stored in Supabase databases hosted in EU regions. Photographs and PDF certificates are stored in private, access-controlled storage buckets and are accessible only to your account through authenticated requests.

We apply industry-standard technical and organisational safeguards, including encryption in transit (TLS) and at rest. No security measure is perfect; we cannot guarantee absolute protection against unauthorised access.

6. Data retention

We retain your account and verification history for as long as your account is active. You may delete individual verifications at any time from within the app. If you delete your account, we will delete your account information, verification history, photographs, and certificates within 30 days, except where retention is required by law (for example, financial records of past transactions).

7. Sharing your information

We do not sell your personal information. We share information only:

• With the third-party processors listed in Section 4, strictly to operate the Service;
• If required by law, court order, or to protect rights, safety, or property;
• In connection with a merger, acquisition, or sale of assets, in which case you will be notified.

8. Your rights

Depending on your jurisdiction (including the EU/EEA, United Kingdom, and California), you may have the right to:

• Access the personal information we hold about you;
• Correct inaccurate information;
• Delete your account and associated data;
• Object to or restrict certain processing;
• Receive a copy of your data in a portable format;
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact support@verawatch.app. We will respond within 30 days.

9. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. International transfers

Information we process may be transferred to, and processed in, countries other than your own, including the United States (Anthropic) and the European Union (Supabase). Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.

11. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the app or by email.

12. Contact

For any privacy-related questions or requests, contact us at support@verawatch.app.