Privacy Policy

Last updated: 29.08.2025

1. Information We Collect

1.1 Account Information

• Account preferences and settings
• Payment information (processed securely through our payment provider)
• Optional: Email address (for account creation and communication)

1.2 Waitlist Information

• Email addresses collected for our waitlist are only used for sending invite codes to waiting users
• Email addresses are stored on our own servers and never sold or passed on to any third parties, except our email service provider Mailjet for the purpose of sending emails
• Users who choose to join our newsletter additionally agree to receive informative emails with updates about Veila at most once a month

1.3 Chat Data

• Encrypted chat messages (although stored on our server, we cannot decrypt or read these)
• Metadata such as timestamp, model used, and token count
• Usage statistics for billing purposes
• Transient Processing: When you request a chat completion, we temporarily process your message in plaintext to anonymize it and forward it to AI providers. This plaintext processing is transient only - we do not store, log, or retain any message content during this process. Messages are immediately discarded after forwarding to the AI provider and receiving the response.

1.4 Technical Information

• Browser information
• Device type and operating system
• Usage analytics and error logs
• Device fingerprinting data for abuse prevention (see section 1.5)

1.5 Abuse Prevention Data

To ensure fair usage of our free tier and prevent abuse, we collect and process three key signals:

• Device fingerprints: Browser characteristics, screen resolution, timezone, and other device-specific information to identify unique devices
• Device IDs: A unique identifier stored in your browser's local storage
• IP addresses: Network location data to detect multiple accounts from the same source

Privacy Protection: All signals are stored as one-way cryptographic hashes only. We cannot reverse these to obtain the original data. Historical signal data is automatically deleted after 90 days.

2. How We Use Your Information

2.1 Service Provision

• Facilitating your conversations with AI models
• Managing your account and credits
• Processing payments and billing
• Providing customer support

2.2 Service Improvement

• Analyzing usage patterns (without accessing chat content)
• Improving our service performance and reliability
• Developing new features

2.3 Legal and Security

• Complying with legal obligations
• Protecting against fraud and abuse
• Enforcing our Terms of Service

2.4 Abuse Prevention and Fair Usage

We use the signals collected in section 1.5 to:

• Prevent abuse: Detecting when multiple accounts share the same signals to circumvent free tier limits
• Block creation: Preventing new account creation when signal thresholds are exceeded
• Restrict credits: Removing free tier credits when multiple accounts share the same signals

Your Rights: If you believe your account has been incorrectly restricted, you can contact support@veila.ai with your account details. Include information about shared networks (workplace, cafe, etc.) if applicable.

Legal Basis: This processing is based on our legitimate interest in preventing abuse, ensuring fair service access, and maintaining system security.

3. End-to-End Encryption

4. Information Sharing

4.1 Third-Party AI Providers

• We share your prompts with AI providers (OpenAI, Anthropic, and others) to generate responses
• These providers process your data according to their own privacy policies:
  • OpenAI Privacy Policy
• We do not share your account information with AI providers
• Unless noted otherwise, AI providers we work with do not use your prompts and replies you get to improve their services (train models)
• You are responsible for ensuring your prompts comply with all third-party provider policies
• OpenAI Usage Policies

4.2 Payment Processing

• Payment information is processed by ...
• We do not store payment card details
• ...'s privacy policy applies to payment processing

4.3 Email Services

• We use Mailjet as our email service provider for sending waitlist invites and newsletter emails
• Email addresses provided for our waitlist are shared with Mailjet solely for the purpose of sending invite codes and optional newsletter communications
• Mailjet's privacy policy applies to their processing of this data

4.4 Legal Requirements

We may disclose information when required by law, but due to our encryption model, we cannot provide readable chat content.

4.5 No Sale of Data

We do not (and never will) sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Retention

• Encrypted chat messages are retained while your account is active to provide conversation history
• Account information is retained while your account is active
• Payment records are retained as required by law and tax regulations
• Abuse prevention data: Hashed signals (fingerprints, device IDs, IPs) are retained for fraud prevention and automatically deleted after 90 days
• You may request deletion of your data (see Your Rights section)

6. Data Security

• End-to-end encryption for all chat content at rest
• Secure transmission using TLS encryption
• Regular security audits and updates
• Access controls and authentication measures
• Secure data centers with physical security measures

7. International Data Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place for international transfers, including:

• End-to-end encryption protecting data in transit and at rest
• Contractual protections with service providers
• Compliance with applicable data protection laws

8. Your Rights

8.1 Access and Portability

• Request a copy of your personal data
• Export your encrypted chat data (you will need your decryption key)

8.2 Correction and Deletion

• Correct inaccurate personal information
• Request deletion of your account and associated data
• Note: Due to encryption, we cannot edit individual messages

8.3 Opt-Out Rights

• Unsubscribe from marketing communications
• Disable certain analytics and tracking

8.4 Exercising Your Rights

To exercise any of these rights, contact us at hey@veila.ai. We will respond within 30 days.

9. Cookies and Tracking

• Essential cookies for service functionality (login and authentication)
• No advertising or tracking cookies

10. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by:

• Posting the new policy on our website
• Sending you an email notification (if you provided an email address)
• Providing notice through our service

12. Legal Basis for Processing (GDPR)

For users in the European Union, our legal basis for processing includes:

• Contract: Processing necessary to provide our service
• Legitimate Interest: Service improvement and fraud prevention
• Consent: Marketing communications (where required)
• Legal Obligation: Compliance with applicable laws

← Back to Home