Legal

Privacy Policy

Last updated: February 27, 2026

Zero Traffic Logs
1. Overview2. Data We Collect3. No Traffic Logs4. How We Use Your Data5. Data Sharing6. Data Security7. Data Retention8. Your Rights9. Cookies & Tracking10. Children's Privacy11. Changes to This Policy12. Contact

1. Overview

Veluce ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data. We operate on a minimal-data, zero-traffic-log principle: we collect only what is strictly necessary to provide the Service.

2. Data We Collect

2.1 Account Data

When you sign up, we collect your email address and a hashed password. We do not collect your real name, phone number, or physical address unless you voluntarily provide them for billing purposes.

2.2 Subscription & Billing Data

Payment processing is handled by Stripe. We store only the subscription tier, status, and billing cycle metadata. Full card details are never stored on our servers.

2.3 Bandwidth Usage Data

We record aggregate bandwidth consumed per billing cycle (in megabytes) to enforce plan limits and send threshold alerts. We do NOT log which websites or services you accessed, nor the content of your traffic.

2.4 Technical Metadata

We log server-side errors and API request timestamps for debugging purposes. These logs do not contain browsing content. Logs older than 30 days are automatically purged.

2.5 IP Addresses

We record your originating IP address when you log in to our dashboard for security purposes (detecting unauthorized access). This data is not shared with third parties and is purged within 90 days.

3. No Traffic Logs

We do not inspect, log, store, or analyze the content of your traffic passing through our Edge Nodes or Exit Points. Your browsing history, DNS queries, and accessed URLs are not recorded. The architecture deliberately separates Edge Nodes from Exit Points so that no single party can reconstruct your full traffic path.

4. How We Use Your Data

  • To create and manage your account and subscription.
  • To process payments and issue invoices via Stripe.
  • To send service-critical emails (bandwidth alerts, subscription renewals, security notifications).
  • To evaluate AI Shield Guarantee claims when submitted with required documentation.
  • To detect and prevent abuse, fraud, or violations of our Acceptable Use Policy.
  • To improve service quality based on aggregate, anonymized usage patterns.

5. Data Sharing

We do not sell your personal data. We do not share your data with advertisers or data brokers. We share data only with the following third-party services necessary to operate the Service:

  • Stripe — payment processing (subject to Stripe's own Privacy Policy).
  • Supabase — database hosting (EU-compliant infrastructure, data encrypted at rest).
  • Resend — transactional email delivery (email address only).
  • Law enforcement — only when legally required by a valid court order or equivalent legal process.

6. Data Security

We implement industry-standard security measures: all data is encrypted in transit (TLS 1.3) and encrypted at rest. Access to production databases is restricted to authorized personnel using multi-factor authentication. We conduct regular security reviews of our infrastructure.

7. Data Retention

Account data is retained for the duration of your account. If you delete your account, personal data is purged within 30 days, except where retention is required by law. Billing records are retained for 7 years for tax compliance. Log files that do not contain personal data may be retained for up to 12 months.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate data.
  • Deletion: request deletion of your personal data (subject to legal retention obligations).
  • Portability: request your data in a machine-readable format.
  • Objection: object to processing based on legitimate interest.
  • Restriction: request that we limit processing of your data in certain circumstances.

To exercise these rights, contact us at legal@veluce.io. We will respond within 30 days.

9. Cookies & Tracking

We use only essential session cookies required for authentication and security. We do not use advertising cookies, cross-site tracking pixels, or analytics tools that share data with third parties. No third-party cookie banners are required because we don't use tracking cookies.

10. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email to registered users at least 14 days before the change takes effect. Continued use of the Service after updates constitutes your acceptance of the revised policy.

12. Contact

For privacy-related inquiries or data rights requests, contact us at legal@veluce.io.

Terms of ServiceAcceptable Use PolicyRefund Policylegal@veluce.io