/ Documentation

Why Veila is More Secure Than Other AI Chat Services

Understanding our proven security architecture and why you can trust Veila with your most sensitive conversations.

Why Trust Veila Over Other AI Providers?

Veila provides stronger privacy protections than other AI services by combining encryption at rest, anonymous proxying, and a strict no-logging policy. While we must handle decrypted messages in transit to send them to AI providers, we've designed our system to minimize data exposure and maximize your privacy.

The Bottom Line: We process your messages only when necessary for AI requests, never log or store them in plaintext, and the AI providers can't identify you. This is privacy by design, not just policy.

End-to-End Encryption

What It Means

End-to-end encryption means your messages are encrypted on your device before they're sent to our servers, and only you have the keys to decrypt them. Not even Veila staff can read your conversations.

Our Security Architecture in Action

How Veila Protects Your Privacy:

  1. Encryption at Rest

    • Your conversations are encrypted when stored in our database
    • Uses AES-256-GCM with keys derived from your password
    • Each chat has unique encryption keys for isolation
    • Only you can decrypt your stored conversation history

  2. Anonymous Proxying

    • We handle decrypted messages only to send them to AI providers (OpenAI, Anthropic, etc.)
    • AI providers see your message content but cannot identify you
    • Your IP address, browser fingerprint, and identity are stripped
    • Requests appear to come from Veila servers, not you

  3. No Logging Policy

    • We do not log, store, or analyze the plaintext content of your conversations
    • Messages are decrypted in memory only for the AI request
    • No conversation content is written to log files
    • Transient processing with immediate cleanup

What This Protects Against

Server breaches: Your stored conversation history remains encrypted even if servers are compromised
Data mining: We don't log plaintext conversations for analysis or training
Identity correlation: AI providers cannot link your requests to build profiles
Persistent surveillance: No conversation content stored in log files or analytics systems

What We Can Access (Transparency)

⚠️ During AI requests: We temporarily decrypt messages in memory to send to AI providers
⚠️ Error debugging: We can see technical error logs (but not message content)
⚠️ Usage analytics: We track general usage patterns (models used, message counts) but not content

Anonymous Proxying

How We Anonymize Your Requests

When you send a message to an AI model, we strip all identifying information:

  1. Your IP address is replaced with our server's IP
  2. Browser fingerprints are not forwarded
  3. Account identifiers are removed from the request
  4. Timing patterns are obscured through batching

What AI Providers See

From the AI provider's perspective:

  • ❌ They don't know who you are
  • ❌ They can't see your IP address
  • ❌ They can't link requests to build a profile
  • ✅ They only see the message content and basic API parameters

Benefits of Anonymous Usage

  • No profile building: AI companies can't create behavioral profiles
  • No targeted advertising: Your conversations won't influence ads elsewhere
  • No data correlation: Your questions can't be linked across sessions
  • Enhanced privacy: Even we can't correlate your usage patterns

Encryption Implementation Details

Our Advanced Key System

Authentication Flow (What Other Services Don't Do):

Your Password → PBKDF2 → Master Key → SHA-256 → Login Hash
                              ↓                       ↓
                     Encryption Root Key       (sent to server)
                      (stays on device)                ↓
                                             Server hashes again
                                                      ↓
                                                 Stored Hash

Per-Chat Encryption (Unique to Veila):

Encryption Root Key + Chat Salt → HKDF → Unique Chat Key → AES-256-GCM

What This Means for You:

  • Storage privacy: Your conversation history is encrypted and only you can access it
  • Identity privacy: AI providers cannot link your requests to build profiles
  • Processing privacy: We don't log, analyze, or train on your conversation content
  • Strong authentication: Advanced Argon2id password hashing with multiple salts

Metadata Protection

While message content is fully encrypted, some metadata is necessary for functionality:

Data Type Encrypted Purpose
Message content ✅ Yes Complete privacy
Chat title ✅ Yes Organization privacy
Folder names ✅ Yes Structure privacy
Timestamp ❌ No Sorting and sync
Model used ❌ No Billing and stats
Token count ❌ No Cost calculation

Password Security

What Happens When You Create a Password

  1. Client-side hashing: Your password is hashed in your browser
  2. Server storage: We store only the hashed version
  3. Key derivation: Your actual password creates your encryption key
  4. Zero knowledge: We never see your plain text password

Password Change Process

When you change your password:

  1. Re-encryption: All your messages are re-encrypted with the new key
  2. Gradual process: This happens in the background over time
  3. Dual access: Both old and new keys work during transition
  4. Complete migration: Old keys are discarded when process completes

Important: If you forget your password, we cannot recover your encrypted messages. This is by design—true privacy means even we can't access your data.

Verification and Auditing

How to Verify Our Claims

Browser Developer Tools:

  1. Open Network tab in browser dev tools
  2. Send a message and watch the network requests
  3. See that only encrypted data leaves your browser

Open Source Components:

  • Encryption libraries are well-established open source tools
  • Implementation follows industry best practices
  • Code will (hopefully) be audited by security researchers

Common Questions

"Can you see my messages during a bug report?"

For stored conversations: No, these remain encrypted and we cannot access the content.

For active AI requests: If you're experiencing issues during a live conversation, we could theoretically see the message content as it's being processed, but:

  • We don't log this content
  • Support staff don't monitor live conversations
  • We only see technical error logs (timestamps, model used, error codes)

"What about AI training data?"

  • Our policy: Your messages are never used for training anything
  • AI provider policies: Vary by provider, but they can't identify you
  • Anonymous requests: Providers can't link your conversations to you

Why Choose Veila Over Popular Alternatives?

The Trust Problem with Other AI Services

ChatGPT, Claude.ai, Gemini, and others:

  • ❌ Can read every message you send
  • ❌ Store your conversations in plaintext
  • ❌ Link your identity to your requests
  • ❌ Use conversations for AI training (unless you opt out)
  • ❌ Can be forced to hand over your data to governments
  • ❌ Build behavioral profiles for advertising

Veila's Privacy Protections:

  • Encrypted storage: Your conversation history is encrypted at rest
  • Anonymous requests: AI providers cannot identify you
  • No conversation logging: We don't store plaintext message content
  • No profile building: We don't analyze or correlate your usage patterns
  • Limited AI training exposure: Providers can't link anonymous requests to you
  • Swiss privacy laws: Strong legal protections for your data

Security Comparison Table

Feature Veila ChatGPT Claude.ai Gemini Perplexity
Data encrypted at rest ✅ AES-256-GCM ❌ Plaintext ❌ Plaintext ❌ Plaintext ❌ Plaintext
Anonymous to AI ✅ Proxy ❌ Direct ❌ Direct ❌ Direct ❌ Direct
No conversation logging ✅ Policy + Tech ❌ Can read all ❌ Can read all ❌ Can read all ❌ Can read all
Independent audit Planned ❌ No public audit ❌ No public audit ❌ No public audit ❌ No public audit
Data location 🇨🇭 Switzerland 🇺🇸 USA 🇺🇸 USA 🇺🇸 USA 🇺🇸 USA
Open about security ✅ Full transparency ⚠️ Limited ⚠️ Limited ⚠️ Limited ⚠️ Limited

The Bottom Line: Why Security Matters for AI

Your AI Conversations Could Reveal A Lot

AI chats contain your:

  • Work secrets and business strategies
  • Personal thoughts and private questions
  • Creative ideas and intellectual property
  • Health concerns and sensitive topics
  • Research interests and competitive intelligence

Other Services = Permanent Surveillance

When you use ChatGPT, Claude.ai, or Gemini:

  • Every conversation can build a profile of who you are
  • Your data can be subpoenaed by governments
  • Your ideas could influence competitor strategies
  • Your questions reveal your business plans
  • Your conversations may train future AI models

Veila = Privacy by Design

With Veila's architecture:

  • Minimal data exposure: Messages decrypted only for AI requests, not stored
  • Anonymous AI access: Providers can't build profiles or link conversations
  • Encrypted storage: Your conversation history is protected at rest
  • No surveillance infrastructure: We don't log or analyze conversation content
  • Strong legal protection: Swiss privacy laws limit government data access

Ready to try AI without surveillance? Your conversations deserve the same privacy as your messages, emails, and documents.

Account Security Setup | Get Started with Secure AI

← Back to Home Need Help? Contact Support →