Privacy Policy

Privacy terms built for confidentiality-first work.

Effective April 8, 2026. Veil AI is designed for professionals who handle sensitive information. In the standard product workflow, PII redaction happens in your browser before sanitized prompts leave your device.

Data Flow

How Veil AI handles sensitive text

Veil AI is built so the primary redaction step runs on-device. In the standard browser workflow, names, contact details, dates, account numbers, medical terms, and similar sensitive inputs are replaced locally with placeholders before the sanitized prompt is sent to model providers or server-side infrastructure.

That means the working goal of the product is simple: the original prompt should stay in your browser, and only the redacted prompt should move across the network in the normal flow. If we later offer an explicitly server-hosted or fallback experience, we will describe that flow separately.

Collection

What we collect

What stays on your device

In the standard Veil AI product flow, personally identifiable information (PII) redaction happens client-side in your browser before a sanitized prompt is sent onward. The original prompt text and placeholder mapping stay local to your device unless we clearly present a separate server-hosted workflow.

Usage metrics

We collect limited product and website usage metrics, such as page views and service health signals, to understand adoption, monitor reliability, and improve the product. We do not use those metrics to reconstruct the sensitive source text you redact locally.

Waitlist and contact details

If you join a waitlist or ask us to contact you, we collect the email address you submit and any optional context tied to that request, such as which signup flow you used.

Payments and billing

Paid subscriptions use Stripe-hosted checkout. Veil AI does not collect or store your full payment card number. We do receive billing metadata needed to activate and support your plan, such as your email address, plan, amount, currency, payment status, and Stripe session identifiers.

Compliance

GDPR and CCPA/CPRA rights

Depending on where you live, you may have rights under the GDPR, UK GDPR, CCPA, or CPRA. Veil AI aims to honor applicable privacy laws and respond to verified privacy requests within the time periods required by law.

  • Access, correct, delete, or export the personal data we hold about you, subject to legal exceptions.
  • Object to or restrict certain processing, including direct marketing communications.
  • Opt out of the sale or sharing of personal information where applicable. Veil AI does not sell your personal information for money.
  • Receive equal service and pricing even if you exercise your privacy rights, except where a data use is required to provide the service itself.

Retention

How long we keep data

  • Redacted prompts and raw PII handled in the standard client-side workflow are designed to remain in your browser and are not retained by Veil AI servers as part of normal processing.
  • Waitlist records are retained until we no longer need them for launch communications, relationship management, or legal compliance, or until you ask us to delete them where applicable.
  • Subscription and billing records may be retained for longer periods when needed for accounting, fraud prevention, contractual enforcement, or tax and regulatory obligations.
  • Usage metrics are retained in provider-managed or aggregated form for as long as reasonably needed to operate, secure, and improve the service.

Security

Safeguards and third parties

We use technical and organizational measures intended to protect the limited data we do process, including transport encryption, access controls, hosted payment processing through Stripe, and a browser-first privacy architecture for standard prompt handling.

Veil AI may rely on service providers that help us operate the product, such as infrastructure, analytics, database hosting, and payment processing partners. Those providers only receive the data needed for their role, subject to contractual and legal controls.

Contact

Privacy inquiries

Email privacy@veilai.com for privacy requests, data access or deletion requests, or questions about this policy. If you contact us to exercise a legal privacy right, we may need to verify your identity before acting on the request.