Legal

Privacy Policy

Last updated: March 26, 2026

Zero Traffic Logs
1. Overview2. Data Controller & Scope3. Data We Collect4. No Traffic Logs5. How We Use Your Data6. Legal Bases for Processing7. Data Sharing & Processors8. International Data Transfers9. Data Retention10. Data Security11. Your Rights & Complaints12. Cookies & Tracking13. Children's Privacy14. Changes to This Policy15. Contact

1. Overview

Veluce ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data. We follow a minimal-data, zero-traffic-log principle for network traffic content while still processing account, billing, and service-delivery data required to operate our products.

2. Data Controller & Scope

Veluce acts as the data controller (or equivalent role under applicable law) for the processing described in this Policy. The operating entity is established in Wyoming, United States. This Policy applies to Secure Access subscriptions available on this site, management of previously obtained AI Plans and Phone products (this site does not offer purchasing or inventory for these products), waitlist enrollment, and related support/security operations.

3. Data We Collect

We collect the following categories of data, depending on which products and features you use:

3.1 Account Data

When you sign up, we collect your email address and a hashed password. We do not collect your real name, phone number, or physical address unless you voluntarily provide them for billing purposes.

3.2 Secure Access Subscription & Billing Data

We process plan tier, subscription status, billing cycle metadata, and aggregated bandwidth usage for plan enforcement and service operations. Payments may be processed by one or more third-party payment processors (for example, Stripe when enabled). Full card details are not stored on our servers.

3.3 AI Plans Delivery Data (High Sensitivity)

For users who have obtained AI Plans products, we may process account delivery records including login email, encrypted password, encrypted 2FA seed (when applicable), recovery email, order metadata, and delivery timestamps. Sensitive credential fields are stored encrypted at rest.

3.4 Phone Service Data

For users who have obtained Phone products, we process assigned number details, service validity data, and provider SMS retrieval links (such as tokenized SMS URLs). When you use the dashboard viewer, message content is fetched on demand from the provider endpoint to display to you.

3.5 Waitlist Data

If you join a waitlist, we collect your email address, product interest, and signup source/page metadata.

3.6 Technical & Security Metadata

We process server-side errors, API request timestamps, and security-relevant authentication signals (including login source IP) to detect abuse and protect accounts.

3.7 Country/Region Compliance Metadata

We may process inferred country/region metadata (for example, request country code headers) where necessary to comply with applicable sanctions, export, or other legal restrictions.

4. No Traffic Logs

We do not inspect, log, store, or analyze the content of your traffic passing through our Edge Nodes or Exit Points. Your browsing history, DNS queries, and accessed URLs are not recorded. The architecture deliberately separates Edge Nodes from Exit Points so that no single party can reconstruct your full traffic path.

5. How We Use Your Data

  • โ€บTo create and manage your account and subscription.
  • โ€บTo process payments and issue invoices via configured third-party payment processors.
  • โ€บTo deliver AI Plans and Phone services, including order fulfillment and post-delivery support.
  • โ€บTo send service-critical emails (bandwidth alerts, subscription renewals, security notifications).
  • โ€บTo evaluate AI Shield Guarantee claims when submitted with required documentation.
  • โ€บTo detect and prevent abuse, fraud, or violations of our Acceptable Use Policy.
  • โ€บTo enforce sanctions and other legal restrictions where applicable, including restricted-jurisdiction gating.
  • โ€บTo improve service quality based on aggregate, anonymized usage patterns.

7. Data Sharing & Processors

We do not sell your personal data. We do not share your data with advertisers or data brokers. We share data only with the following third-party services necessary to operate the Service:

  • โ€บThird-party payment processors (for example, Stripe when enabled) โ€” payment processing and payment lifecycle events, subject to each provider's own privacy terms.
  • โ€บSupabase โ€” database hosting (EU-compliant infrastructure, data encrypted at rest).
  • โ€บResend โ€” transactional email delivery (email address only).
  • โ€บRisk and abuse tooling (such as IP reputation services) โ€” for anti-abuse and service quality decisions.
  • โ€บPhone/SMS infrastructure partners โ€” to provide phone inventory and message retrieval endpoints.
  • โ€บLaw enforcement โ€” only when legally required by a valid court order or equivalent legal process.

8. International Data Transfers

Our infrastructure and service providers may process data in multiple jurisdictions. Where required by applicable law, we implement reasonable contractual, organizational, and technical safeguards for cross-border transfers.

9. Data Retention

We retain data only as long as needed for the purposes described in this Policy, unless a longer period is required by law.

  • โ€บAccount data: retained while your account is active; deletion requests are processed subject to identity verification and legal obligations.
  • โ€บBilling and order records: retained for up to 7 years for tax/accounting and dispute resolution purposes.
  • โ€บAI Plans and Phone delivery records: retained while service/support obligations remain and then minimized or deleted where legally and operationally feasible.
  • โ€บWaitlist records: retained until launch cycle completion or earlier removal upon request.
  • โ€บSecurity and operational logs: retained for limited periods (for example, authentication source IP typically up to 90 days; operational logs typically up to 12 months).

10. Data Security

We implement industry-standard security measures, including encryption in transit, encryption at rest, access controls, and least-privilege operational practices. Sensitive AI Plans credential fields are stored encrypted at rest. We also conduct periodic security reviews of critical infrastructure.

11. Your Rights & Complaints

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • โ€บAccess: request a copy of the personal data we hold about you.
  • โ€บCorrection: request correction of inaccurate data.
  • โ€บDeletion: request deletion of your personal data (subject to legal retention obligations).
  • โ€บPortability: request your data in a machine-readable format.
  • โ€บObjection: object to processing based on legitimate interest.
  • โ€บRestriction: request that we limit processing of your data in certain circumstances.

To exercise these rights, contact us at legal@veluce.io. We may request reasonable identity verification before processing sensitive requests. If you are in a jurisdiction with a supervisory authority, you may also lodge a complaint with your local data protection regulator.

12. Cookies & Tracking

We use only essential session cookies required for authentication and security. We do not use advertising cookies, cross-site tracking pixels, or analytics tools that share data with third parties. No third-party cookie banners are required because we don't use tracking cookies.

13. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email to registered users at least 14 days before the change takes effect. Continued use of the Service after updates constitutes your acceptance of the revised policy.

15. Contact

For privacy-related inquiries or data rights requests, contact us at legal@veluce.io.

Terms of ServiceAcceptable Use PolicyBilling Policylegal@veluce.io