Skip to content
Veras logo

Privacy Policy

Last updated May 14, 2026

This Privacy Policy describes how JobWise Ventures, Inc., doing business as Veras ("Company," "we," "us," or "our"), collects, uses, discloses, and protects personal information when you:

  • Visit our website at https://veras.com, or any website of ours that links to this Privacy Policy
  • Use the Veras platform, including our web application and mobile applications (iOS and Android)
  • Interact with us as an employer customer, community administrator, or workforce member using our Services
  • Engage with us in other related ways, including sales, marketing, support, or events

Throughout this Privacy Policy, we refer to our websites, platform, and mobile applications collectively as the "Services." Our Services are available in the United States and Canada.

Our Role: When Veras Controls Data vs. When Veras Processes Data on Behalf of Employers

Veras as controller. When you visit our website, request a demo, sign up for marketing communications, or otherwise interact with Veras directly, we are the controller of your personal information. This Privacy Policy governs how we collect and use that data.

Veras as service provider / processor. Veras provides workforce management services to employer customers in the long-term care, senior living, and related industries. When we process personal information about workforce members (employees, contractors, or applicants) on behalf of an employer customer through the platform, we act as a service provider (under U.S. state privacy laws) or processor (under Canadian privacy laws). In those cases, the employer customer is the controller and their own privacy policy, employment policies, and data processing agreements govern how that data is used. If you are a workforce member and have questions about how your employer uses your data through Veras, please contact your employer directly.

This distinction is noted throughout this Privacy Policy where relevant.

Questions or concerns? Please contact us at [email protected] or see Section 16 below.

1. Information We Collect

1.1 Information You Provide Directly (Veras as Controller)

We collect personal information that you voluntarily provide when you register for an account, request a demo, contact us, or otherwise interact with Veras directly. This may include:

  • Names, email addresses, phone numbers, and mailing addresses
  • Job titles, employer or organization name, and professional credentials
  • Usernames, passwords, and account preferences
  • Content of messages, support requests, or feedback you send us
  • Information you provide when applying for employment with Veras

1.2 Workforce Data Processed on Behalf of Employers (Veras as Service Provider)

When employer customers and their workforce members use the Veras platform, we process personal information as a service provider on the employer's behalf and at their direction. The types and scope of data processed depend on how the employer configures the platform and may include:

  • Employee and contractor profiles (name, contact information, job title, department, hire date, employee ID)
  • Scheduling data (shift assignments, availability, time-off requests, swap requests)
  • Time and attendance records (clock-in/clock-out times, hours worked, overtime)
  • Payroll-related data (wage rates, pay periods) as needed for scheduling and labor cost calculations
  • Compliance and certification data (licenses, training records, credential expiration dates)
  • Communication data (in-app messages, shift notifications, announcements)
  • Performance and staffing metrics used for reporting and analytics

Veras processes this data solely to provide the Services to the employer customer in accordance with our agreements. The employer customer determines the purposes and means of processing this data and is responsible for providing any required notices to, and obtaining any required consents from, their workforce members.

1.3 Biometric Information (Veras as Service Provider)

Where an employer customer enables biometric time and attendance features, Veras may collect and process biometric identifiers and biometric information on the employer's behalf, including fingerprint scans and facial recognition data (collectively, "Biometric Data"). This data is used solely for the purpose of verifying workforce member identity during clock-in and clock-out, as directed by the employer customer.

Regarding Biometric Data:

  • Biometric Data is collected only with the knowledge and, where required by law, the written consent of the individual (obtained by or on behalf of the employer customer)
  • We do not sell, lease, trade, or otherwise profit from Biometric Data
  • Biometric Data is stored using industry-standard encryption and security measures
  • Biometric Data is retained only for as long as the workforce member is actively employed by the employer customer or as required for the purpose for which it was collected, and is permanently destroyed within three (3) years of the individual's last interaction with the Services or as otherwise required by applicable law, whichever is shorter
  • Biometric Data may be disclosed only as required by law, pursuant to a valid warrant or subpoena, or with the individual's consent

For workforce members located in Illinois, please see Section 12 for additional information regarding the Illinois Biometric Information Privacy Act (BIPA).

1.4 Information Collected Automatically

When you access or use our Services, we automatically collect certain technical and usage information, including:

  • IP address, browser type and version, operating system, and device identifiers
  • Log and usage data (pages viewed, features used, clicks, date/time stamps, referring URLs)
  • Location data (precise or approximate, depending on device settings and employer configuration; GPS-based location may be collected for mobile clock-in/clock-out where enabled by the employer)
  • Device information (hardware model, operating system version, unique device identifiers, mobile network information)
  • Information collected via cookies, web beacons, pixels, and similar tracking technologies (see Section 5)

1.5 Information from the Mobile Application

When you use our mobile applications, we may additionally collect:

  • Push notification tokens (to deliver shift reminders, schedule updates, and messages)
  • Camera access (for profile photos or biometric verification, only when explicitly permitted)
  • Device storage access (for caching schedules and enabling offline functionality)
  • Geolocation data (for location-verified clock-in/clock-out, when enabled by the employer)

You can manage mobile permissions through your device settings at any time.

1.6 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Employer customers who upload workforce data to configure the platform
  • Payroll, HRIS, or other workforce management systems integrated with Veras at the employer's direction
  • Public databases and marketing partners (for Veras's own business development purposes, where Veras acts as controller)
  • Identity verification and background check providers (where authorized by the employer)

2. How We Use Your Information

2.1 As Controller (Website, Marketing, and Direct Interactions)

When Veras acts as the controller of your personal information, we use it for the following purposes:

  • Account management: Creating and managing your Veras account, authenticating logins, and maintaining account security
  • Communications: Responding to inquiries, providing customer support, sending transactional messages, and, with your consent, sending marketing and promotional communications
  • Improvement and development: Analyzing usage patterns to improve our website, Services, and user experience, and to develop new features
  • Security and fraud prevention: Detecting, investigating, and preventing unauthorized access, security incidents, and fraudulent activity
  • Legal compliance: Complying with applicable laws, regulations, legal processes, or enforceable government requests
  • Business operations: Managing billing, invoicing, and contractual obligations with employer customers

2.2 As Service Provider (Workforce Data on Behalf of Employers)

When Veras acts as a service provider processing workforce data on behalf of an employer customer, we use that data only as directed by the employer and as necessary to provide the Services, including:

  • Workforce management: Processing scheduling data, time and attendance records, credential tracking, and staffing assignments
  • Identity verification: Using Biometric Data for time-clock authentication where enabled by the employer
  • Analytics and reporting: Generating workforce analytics, staffing reports, and compliance reporting (including PBJ and similar regulatory reports) as configured by the employer
  • Notifications: Delivering shift notifications, schedule changes, and in-app messages as configured by the employer
  • Integrations: Transmitting data to third-party systems (payroll, HRIS) as directed by the employer

Veras does not use workforce data processed on behalf of employers for Veras's own marketing, advertising, or other independent purposes.

3. When and With Whom We Share Personal Information

We may share personal information in the following circumstances:

  • With employer customers: Workforce data processed by Veras as a service provider is accessible to the employer customer who controls the account, including their authorized administrators and managers. Veras shares this data as directed by the employer.
  • Service providers and subprocessors: We share information with third-party vendors who perform services on our behalf, including cloud hosting (Amazon Web Services), payment processing (Stripe), analytics, email delivery, and customer support tools. These providers are contractually obligated to use personal information only as directed by us and in accordance with this Privacy Policy and applicable data processing agreements.
  • Integrations: Where an employer enables third-party integrations (e.g., payroll systems, HRIS platforms), workforce data may be shared with those integrated services as configured and directed by the employer.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Veras, our users, or the public.
  • Business transfers: In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, personal information may be transferred as part of that transaction. We will notify affected users of any change in ownership or control of their personal information.
  • With your consent: We may share information with third parties when you direct us to do so or provide explicit consent.

We do not sell personal information, including Biometric Data, to third parties.

4. HIPAA and Healthcare Data

Veras provides workforce management services to operators in the long-term care, skilled nursing, and senior living industries. Some of these operators are "covered entities" under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").

Does Veras process Protected Health Information (PHI)? Veras's core Services—scheduling, time and attendance, messaging, and workforce analytics—are designed to manage workforce operations, not patient or resident health records. In the ordinary course of providing the Services, Veras does not access, store, or process PHI.

When Veras may act as a Business Associate. In limited circumstances, an employer customer who is a HIPAA-covered entity (or business associate) may configure the Services in a way that causes Veras to create, receive, maintain, or transmit PHI—for example, if workforce credential records include health-related certifications that constitute PHI, or if an integration with the employer's systems involves PHI. In those cases, Veras will enter into a Business Associate Agreement (BAA) with the employer customer as required by HIPAA.

Where a BAA is in place:

  • Veras will use and disclose PHI only as permitted or required by the BAA and applicable law
  • Veras will implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI
  • Veras will promptly report any breach of unsecured PHI to the employer customer in accordance with the BAA and HIPAA Breach Notification Rule
  • The handling of PHI is governed by the BAA and the employer customer's HIPAA obligations, not solely by this Privacy Policy

If you are a workforce member and have questions about whether your employer shares PHI with Veras, or about your rights under HIPAA, please contact your employer's privacy officer.

5. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar technologies to collect information and improve our Services. These technologies help us:

  • Remember your preferences and login sessions
  • Understand how you use our Services and which features are most popular
  • Deliver and measure the effectiveness of marketing campaigns
  • Provide security features and detect misuse

You can manage cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of our Services.

For interest-based advertising opt-outs, visit www.aboutads.info/choices or www.networkadvertising.org/choices.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention practices include:

  • Account and marketing data (Veras as controller): Retained for the duration of the account relationship plus a reasonable period thereafter for legal, tax, and audit purposes. Marketing data is retained until you opt out or request deletion.
  • Workforce data (Veras as service provider): Retained in accordance with our agreements with the employer customer and applicable labor, employment, and regulatory requirements. Upon termination of the service agreement, workforce data is deleted or returned to the employer as specified in the agreement.
  • Biometric Data: Retained only while the workforce member is actively using biometric features, and permanently destroyed within three (3) years of the individual's last interaction or as otherwise required by applicable law, whichever is shorter.
  • Log and usage data: Retained for a limited period for security, analytics, and troubleshooting purposes.

When personal information is no longer needed, we securely delete or anonymize it.

7. Data Security

We implement commercially reasonable technical and organizational security measures designed to protect personal information, including:

  • Encryption of data in transit (TLS) and at rest
  • Access controls and role-based permissions
  • Regular security assessments and vulnerability testing
  • Employee security awareness training
  • Incident response and breach notification procedures
  • Infrastructure hosted on Amazon Web Services (AWS) with AWS-managed security controls supporting availability, monitoring, and operational reliability. For more information, visit trust.veras.com

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You should access the Services within a secure environment and promptly notify us of any suspected unauthorized access.

8. Data Storage and Location

Our Services are hosted and operated in the United States. All personal information collected through the Services is stored on servers located in the United States. If you access the Services from Canada, your personal information will be transferred to and processed in the United States. By using the Services, you acknowledge this transfer.

We process personal information from Canada in compliance with applicable Canadian federal and provincial privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial legislation where applicable.

9. Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information, including the right to:

  • Access: Request confirmation of whether we hold your personal information and obtain a copy of it
  • Correction: Request that we correct inaccurate or incomplete personal information
  • Deletion: Request that we delete your personal information, subject to certain legal exceptions
  • Portability: Request a copy of your information in a structured, commonly used, machine-readable format
  • Opt-out: Opt out of the sale of personal information, targeted advertising, or certain profiling, where applicable (note: Veras does not sell personal information)
  • Withdraw consent: Where processing is based on consent, withdraw that consent at any time

To exercise your rights, contact us at [email protected]. We will respond within the timeframe required by applicable law. We may need to verify your identity before processing your request.

Workforce members: If you are a workforce member using Veras through your employer, your employer is the controller of your workforce data. Please direct privacy requests to your employer. We will assist the employer in responding to verified requests as required by our agreements and applicable law.

Marketing opt-out: You can unsubscribe from marketing emails at any time by clicking "unsubscribe" in any marketing email or by contacting us. You may also reply "STOP" to any SMS marketing message.

10. U.S. State Privacy Rights

Several U.S. states have enacted comprehensive privacy laws that grant residents specific rights regarding their personal information. These include, but are not limited to, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Texas Data Privacy and Security Act (TDPSA), the Oregon Consumer Privacy Act (OCPA), and similar laws in other states. Veras complies with all applicable state privacy laws.

If you are a resident of a state with a comprehensive privacy law, you generally have the following rights (subject to certain exceptions under applicable law):

  • Right to know / access: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions (such as data needed to complete a transaction or comply with a legal obligation).
  • Right to correct: You may request that we correct inaccurate personal information.
  • Right to data portability: You may request a copy of your personal information in a portable, readily usable format.
  • Right to opt out: You may opt out of the sale of personal information, the sharing of personal information for cross-context behavioral advertising, and certain profiling. Note: Veras does not sell personal information and does not share personal information for cross-context behavioral advertising.
  • Right to limit use of sensitive personal information: To the extent we process sensitive personal information (such as Biometric Data), we use it only for purposes authorized under applicable law.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

Exercising your rights: You or your authorized agent may submit a privacy request by emailing [email protected]. We will verify your identity and respond within the timeframe required by the applicable state law.

Appeals: If we decline to take action on your privacy request, you may appeal our decision by contacting us at [email protected]. We will respond to your appeal within the timeframe required by applicable law. If your appeal is denied, you may contact your state's attorney general or the applicable regulatory authority.

Global Privacy Control (GPC): Where required by applicable state law, we honor Global Privacy Control (GPC) signals as valid opt-out requests.

11. Canadian Privacy Rights

If you are located in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, including the right to:

  • Access and request correction of your personal information held by Veras
  • Withdraw consent to the collection, use, or disclosure of your personal information (subject to legal or contractual restrictions)
  • File a complaint with the Office of the Privacy Commissioner of Canada or the applicable provincial privacy commissioner

To exercise your rights, contact us at [email protected].

12. Illinois Biometric Information (BIPA)

If you are a workforce member located in Illinois whose employer has enabled biometric time and attendance features, the following applies pursuant to the Illinois Biometric Information Privacy Act (740 ILCS 14):

  • Veras collects Biometric Data (fingerprint scans and/or facial recognition data) on behalf of the employer customer for the purpose of workforce member identification and time-clock authentication
  • Biometric Data is collected only with the informed, written consent of the individual (obtained by or on behalf of the employer customer in compliance with BIPA)
  • Biometric Data will be permanently destroyed when the first of the following occurs: (a) the initial purpose for collecting the data has been satisfied, or (b) within three (3) years of the individual's last interaction with the Services
  • Biometric Data is stored, transmitted, and protected using reasonable security measures, including encryption, at least as protective as those used for other confidential and sensitive information
  • Veras does not sell, lease, trade, or otherwise profit from Biometric Data
  • Veras does not disclose Biometric Data to third parties except as required by law, pursuant to a valid warrant or subpoena, or with the individual's consent

The employer customer is responsible for providing the required BIPA disclosures and obtaining written consent from workforce members before biometric collection begins. Veras provides tools and templates to assist employers with BIPA compliance.

13. Children's Privacy

Our Services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at the information provided in Section 16.

14. Do-Not-Track Signals

Some browsers transmit Do-Not-Track (DNT) signals. Because there is no universally accepted standard for how to respond to DNT signals, we do not currently respond to them. Where required by applicable state law, we honor Global Privacy Control (GPC) signals as valid opt-out requests (see Section 10).

15. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The updated version will be indicated by an updated "Last Updated" date at the top of this page. If we make material changes, we will provide notice through our Services or by other means as required by law. We encourage you to review this Privacy Policy periodically.

16. How to Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Mail:

JobWise Ventures, Inc. (DBA Veras)
Attn: Privacy
3401 N Thanksgiving Way, Suite 250
Lehi, UT 84043
United States

Phone: (385) 304-4470