Last updated: April 7, 2026
Veroxa ("Veroxa," "we," "us") operates the Veroxa family law case management platform. This Privacy Policy explains how we collect, use, store, and protect your personal information. We understand that the data you entrust to us is highly sensitive legal, financial, and family information, and we take its protection seriously.
Account Information: Name, email address, phone number, state, county, password (hashed), account type (self-represented, represented, attorney).
Case Information: Case titles, docket numbers, case types, county, state, opposing party names, judge names, attorney names, filed dates, case notes.
Family Information: Children's first names, dates of birth, gender, school names, special needs designations. Parent/guardian names, contact information, relationship types, addresses.
Medical Information: Children's medications (names, dosages, prescribing doctors), allergies (substances, severity), medical conditions, healthcare provider contact information, insurance details (carrier, policy numbers, coverage type, premium amounts), immunization records, therapy details, dental and dermatology records, emergency contacts.
Financial Information: Income sources and amounts, assets, debts, monthly expenses, child support and alimony obligations, payment methods. Uploaded financial documents including tax returns, W-2s, 1099s, and bank statements.
Incident Records: Incident descriptions, dates, locations, severity, witnesses, incident types, associated evidence.
Communications: Messages sent through the platform, communication logs (summaries of texts, emails, calls, in-person interactions), uploaded screenshots and evidence files.
Visitation Records: Parenting schedules, visit dates and times, completion status, late arrival details, incident reports from visits.
Journal Entries: Personal letters and messages written by parents for their children, including emotional content, dates, and child names.
Documents: Uploaded files including legal filings, court orders, evidence, photos, and other case-related documents.
Calendar Events: Hearing dates, deadlines, mediation appointments, pickup/dropoff schedules, Zoom meeting links.
Attorney Interactions: Attorney inquiries, messages, urgency levels, subject lines.
Usage Data: Pages visited, features used, timestamps, device type, browser type, IP address (for security and audit logging).
We use your information to:
(a) Provide and operate the Service, including storing your case data, generating visitation schedules, calculating child support estimates, and connecting you with attorneys.
(b) Process your requests, including attorney inquiries, co-parent invitations, and expense approval workflows.
(c) Send transactional emails including reminders, expense approvals, and invitation notifications (via Resend).
(d) Provide the Service, including storing your case data, generating reports, and connecting you with attorneys.
(e) Maintain security through audit logging, which records who accessed what data and when.
(f) Improve the Service through aggregated, anonymized usage analytics.
Data Protection:
• Your individual case data, documents, names, and personal details are never shared with or sold to third parties.
• We store conversation metadata (question categories, timestamps, feedback signals) for service improvement purposes only.
• We may analyze anonymized, aggregated patterns - such as the most common question types across all users - to improve suggested questions and response quality. This aggregated data contains no personally identifiable information.
• Feedback you provide on responses (such as thumbs up/down ratings) may be used in anonymized, aggregated form to improve the quality of future responses.
• All third-party service providers are bound by data processing agreements that protect your information.
We do not sell, rent, or trade your personal information to third parties. Ever.
We use the following third-party services to operate Veroxa:
Supabase (database, authentication, file storage) - Your data is stored in Supabase's infrastructure in the US East region. Supabase provides encryption at rest and in transit.
Vercel (hosting, deployment) - Our application is hosted on Vercel's global edge network. Vercel processes HTTP requests but does not store your application data.
Resend (email delivery) - Sends transactional emails (reminders, invitations, expense approvals). Resend processes recipient email addresses and message content.
Stripe (payment processing) - Processes subscription payments. Stripe handles all payment card data; we never store your credit card information.
Google (optional OAuth login, Calendar sync, Drive integration) - If you connect Google services, we store OAuth tokens to maintain the connection. We access only the Google services you explicitly authorize.
Each third-party service processes data under their own privacy policy and our data processing agreements with them.
We implement multiple layers of security:
Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS. HSTS headers enforce secure connections.
Encryption at Rest: Database storage is encrypted at rest by our infrastructure provider (Supabase).
Field-Level Encryption: Sensitive fields (OAuth tokens, optionally medical data) can be encrypted using AES-256-GCM before database storage.
Row-Level Security: Every database table has row-level security (RLS) policies ensuring users can only access their own data. No user can see another user's cases, documents, or records.
Authentication: Passwords are hashed using bcrypt. Two-factor authentication (TOTP) is available for additional account security. Sessions are validated server-side on every request.
Security Headers: We implement Content Security Policy (CSP), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and X-XSS-Protection headers.
Audit Logging: Security-sensitive actions (data access, modifications, login events) are logged with timestamps, IP addresses, and user agents for forensic purposes.
Access Controls: API endpoints require authentication. Rate limiting protects against abuse. Input validation prevents injection attacks.
Veroxa is designed for use by parents and legal guardians, not by children. We do not knowingly collect information directly from children under 13. All children's information (names, dates of birth, medical records, school information) is entered by their parents or legal guardians who represent they have authority to provide this information.
If you believe a child has provided us with personal information without parental consent, please contact us immediately at will@getveroxa.com and we will delete the information.
Veroxa allows parents to store children's medical information for case management purposes. Veroxa is not a HIPAA-covered entity or business associate. While we implement strong security measures (row-level security, audit logging, access controls), the Service does not meet the full requirements of HIPAA compliance. If you require HIPAA-level protection for medical records, consult with your healthcare provider about appropriate storage solutions.
Medical information stored on Veroxa is protected by the same security measures as all other user data, with additional audit logging for medical record access.
We retain your data for as long as your account is active. If you delete your account:
- You may request a data export before deletion (available for 30 days after account closure)
- Active case data is deleted within 30 days of account closure
- Audit logs are retained for 7 years for legal compliance
- Anonymized, aggregated analytics data may be retained indefinitely
- Backup copies are purged within 90 days
Court-ordered preservation requests or legal holds may extend retention periods.
Depending on your location, you may have the following rights:
Access: Request a copy of all personal data we hold about you.
Correction: Update or correct inaccurate personal information through your profile settings or by contacting us.
Deletion: Request deletion of your account and associated data, subject to legal retention requirements.
Export: Download your data in a portable format.
Opt-Out: You may opt out of non-essential communications at any time.
California Residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.
To exercise any of these rights, contact us at will@getveroxa.com.
Veroxa uses essential cookies for authentication and session management. We do not use advertising cookies or third-party tracking pixels. We do not sell data to advertisers. Analytics, if implemented, use privacy-respecting, first-party methods only.
If you have an active restraining order or protection order, please be aware that:
- Veroxa provides warnings when you attempt to share contact information or send messages to a party subject to a protection order
- These warnings are informational and do not constitute legal advice
- You are solely responsible for compliance with all court orders
- Communication logs stored in Veroxa may be subject to court discovery
- Consult your attorney about what information is appropriate to share through any platform
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of discovering the breach
- Provide details about what data was affected
- Describe the steps we are taking to address the breach
- Offer guidance on protective measures you can take
- Report the breach to relevant authorities as required by law
Veroxa is operated from and data is stored in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer.
We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.
For privacy-related questions, security concerns, or to exercise your rights:
Vantage Mode
Email: will@getveroxa.com