VeilVeil

Privacy Policy

Last updated: April 2026

What we collect

  • Account: email address (for login via magic link).
  • Billing: name, address, payment details handled by Stripe (we never see card numbers).
  • License & device binding: license key, hashed hardware UUID, OS platform, last-seen timestamp.
  • Usage aggregates: per-month token counts, request volume, API cost (for your own tracking + our capacity planning).
  • Error events: crash reports and 5xx errors (via Sentry), with PII scrubbed.

What we DO NOT collect

  • Raw screen contents or screenshots.
  • Raw microphone audio.
  • Voice transcripts or AI prompt text.
  • AI response content (Pro/Pro+ users: we proxy LLM calls, but do not persist prompts or responses beyond transient request processing).
  • Browser history, file contents, keystrokes, clipboard data.

Third parties (subprocessors)

See our Subprocessors page for the full list. In short: Stripe (billing), Resend (transactional email), Anthropic/OpenAI/Google/Deepgram (AI services, only for Pro/Pro+ managed users), Railway + Neon (hosting + database), Upstash (rate limiting), Sentry (error tracking).

BYOK (Bring Your Own Keys) users

If you use your own API keys (free tier, lifetime tier), Veil talks directly from your machine to Anthropic/OpenAI/Google/Deepgram. Your prompts and responses never pass through our servers. Your API keys are stored in your OS keychain (macOS Keychain, Windows Credential Manager), never transmitted to us.

Your rights (GDPR / CCPA)

  • Access: export all your data via /api/me/export (authenticated).
  • Erasure: delete your account + all associated data via /api/me/delete.
  • Correction: email support@veilfox.com.
  • Portability: your data export is in JSON for easy migration.

Data retention

  • Account & subscription: retained while your account is active; deleted within 30 days of account deletion.
  • Usage aggregates: 24 months.
  • Error events: 90 days.
  • Server logs: 30 days.
  • Database backups: 30 days.

Data residency

Primary region: US (Railway + Neon). We do not transfer data to non-adequate regions under GDPR.

Children

Veil is not intended for users under 16. We do not knowingly collect data from minors.

Contact

Privacy questions: privacy@veilfox.com