Privacy

Last updated: 2026-04-01 · Version: 1.0

This Privacy Notice explains what personal data Veln processes, why we process it, how long we retain it, and what rights are available to users and customers.

1. Data categories

Veln may process:

• Account and identity data (name, email, org role, auth identifiers).
• Operational event data (policy decisions, package metadata, audit logs).
• Support and contact data (messages sent through support or contact flows).
• Security and abuse-prevention signals (request metadata, rate-limit events).

2. Lawful bases

Veln processes data under one or more lawful bases: contract performance, legitimate interests (security and abuse prevention), legal obligations, and consent where required (for optional analytics cookies).

3. Retention

Data is retained only as long as needed for service delivery, legal compliance, fraud/security prevention, and support operations. Retention periods vary by data category and contractual requirements.

4. Processors and transfers

Veln uses infrastructure and service providers for hosting, identity, analytics (when consented), and operational delivery. Cross-border transfers are handled under applicable transfer mechanisms.

5. Rights and requests

You may request access, correction, deletion, restriction, or export of your personal data. Submit requests to privacy@veln.sh. We verify requests before processing.

6. Security

Veln applies role-based access, encryption controls where applicable, and operational monitoring to protect personal data.

Related documents: Terms, Cookie policy, GDPR.