Data management

How we handle your relationship data.

When you connect VeraOps to HubSpot, Gmail, and Calendar, we touch real client data. This page explains exactly what we do with it, where it lives, and what we never do.

What we access.

  • HubSpot. Read-only access to contacts, companies, deals, and activity history. Read-only by default; write access enabled only on request for specific automation tasks.
  • Gmail. Read-only access to message metadata (sender, recipient, subject, date) and message bodies for relationship analysis. We do not retain raw email body content beyond the analysis window.
  • Google Calendar. Read-only access to event metadata (attendees, dates, durations). We do not access meeting notes or attached files.

What we store.

  • Stored. Contact records (name, email, role, company), relationship-state metadata (last touch date, frequency, recency), enrichment data from public sources (LinkedIn, company websites).
  • Not stored. Raw email body content, attachment files, meeting recordings, calendar event content beyond metadata.
  • Where. Supabase (PostgreSQL with row-level security), hosted on DigitalOcean, US region.

Who can access.

  • Your data is accessible only to: (a) the VeraOps team member assigned to your engagement, (b) automated systems running your agents.
  • VeraOps team members sign confidentiality agreements before access.
  • No third-party vendor has access to your raw data. Enrichment APIs receive only contact email/domain, never full records.

How long we keep it.

  • Active engagement. Data retained for the duration of the engagement plus 90 days for transition support.
  • After offboarding. Full data export delivered to you, then permanently deleted from VeraOps systems within 30 days.
  • You can request a data export or deletion at any time during the engagement.

Security practices.

  • All data encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Row-level security on all client tables — no cross-client data access possible.
  • OAuth 2.0 for HubSpot, Gmail, and Calendar connections. Tokens revocable by you at any time.
  • No passwords stored. No API keys shared between clients.

What we never do.

  • Train AI models on your data.
  • Sell or share your contact data with third parties.
  • Use your data to enrich any other client's records.
  • Send outreach from your accounts without your explicit approval.

Questions.

Have a question this page didn't answer? Email relationships@veraops.com or book a call.