Veylan

title: "Privacy Policy" description: "How Veylan handles personal data — written to be readable, not impressive." updated: "2026-05-31"

Privacy Policy

Last updated: 2026-05-31.

This page describes how Veylan ("Veylan", "we", "us") collects, uses, and protects personal data when you visit veylan.com, join the waitlist, or contact us. Veylan is currently in early-access stage.

We've written this to be readable. If anything is unclear, email privacy@veylan.com and we'll explain.

Who's responsible

Veylan (early access). Operator and contact details are on the Impressum.

For all privacy questions: privacy@veylan.com.

What we collect

  • When you visit the marketing site: nothing personal beyond standard server logs (IP address, user agent, referrer) kept for 30 days for security purposes.
  • When you sign up: email address, password (hashed, never stored in plain text), and the company-profile fields you fill in during onboarding.
  • When you contact us or join the waitlist: the information you give us in the form (name, email, message), plus an SHA-256 hash of your IP for rate-limiting (we never store raw IPs).
  • When you use the product: the cloud-account configuration data Veylan scans on your behalf, plus the policies and evidence you generate.

We don't use marketing trackers, advertising pixels, or cross-site analytics.

How we use it

  • To run the product you signed up for.
  • To send you product-related email (account, billing, security).
  • To respond when you contact us.
  • To improve the product through aggregated, de-identified usage analysis.

We do not sell your data. We do not share it with advertisers. We will never use your evidence library to train models for other customers.

Where it lives

EU only. Specifically: the Frankfurt region of Supabase (Postgres + auth). We do not use US-hosted sub-processors for primary data storage.

Your rights (GDPR)

  • Access: ask for a copy of everything we hold on you.
  • Rectification: ask us to correct anything that's wrong.
  • Erasure: ask us to delete your account and associated data; we comply within 30 days.
  • Portability: ask for your data in machine-readable form.
  • Object: tell us to stop processing your data for any purpose we use it for.

Email privacy@veylan.com to exercise any of these.

Cookies

Strictly necessary cookies only: session cookies that keep you signed in, and a preference cookie for your selected locale. We don't set any non-essential cookies and therefore don't display a cookie banner.

Changes

When we change this policy materially, we'll notify signed-up users by email at least 14 days before the change takes effect.