1. Introduction
Veilo, Inc. ("Veilo", "we", "our", or "us") operates the Veilo VPN service, including our iOS app, macOS app, and the website at veilo.dev (collectively, the "Service").
We are committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have over your data. Please read it carefully.
Core promise: We do not log your VPN traffic, DNS queries, browsing history, IP addresses, or connection timestamps. Your online activity remains entirely private.
2. Information We Collect
2.1 Account Information
When you create a Veilo account, we collect:
- Email address
- Account creation date
- Subscription status and plan type
We do not collect your name, phone number, or physical address.
2.2 Payment Information
All payments are processed through Apple's App Store. We never receive, store, or process your credit card details, bank information, or any payment credentials. Your payment information is governed by Apple's privacy policy.
2.3 App Diagnostics (Anonymous)
To maintain service quality, our apps may collect:
- Crash reports (no personal data, no traffic content)
- Aggregate performance metrics (connection success rates, latency averages)
- App version and operating system version
This diagnostic data is anonymized before collection and cannot be linked to any individual user or VPN session. You can opt out of diagnostics in the app settings.
2.4 What We Do NOT Collect
We explicitly do not collect, store, or share:
- Your VPN traffic or its contents
- DNS queries made through our servers
- Websites you visit or services you use while connected
- Your real IP address or the IP addresses you connect to
- Connection timestamps or session duration
- Bandwidth usage per user
- Any data that could identify your online activities
3. How We Use Your Information
We use the limited information we collect solely to:
- Authenticate your account and validate your subscription
- Provide customer support when you contact us
- Send transactional emails (account creation, subscription changes)
- Improve app stability and server performance using anonymous diagnostics
- Comply with legal obligations
We do not use your data for advertising, behavioral profiling, or any purpose beyond operating the Service.
4. Data Sharing and Third Parties
We do not sell, rent, or trade your personal information. We may share limited data only with:
- Service providers: Infrastructure providers (servers, email delivery) who are contractually required to protect your data and cannot use it for other purposes.
- Legal requirements: We may disclose information if required by law, subpoena, or government order — but only account-level data (email, subscription status), never VPN activity logs, because we do not have them.
- Business transfers: In the event of a merger or acquisition, your data would be transferred subject to the same privacy protections.
5. Server Infrastructure
Our VPN servers use RAM-only (diskless) architecture. No data is ever written to persistent storage on our servers. Upon reboot, all server memory is wiped automatically. This design makes it technically impossible to retain any user activity logs.
Veilo has undergone independent third-party security audits to verify our no-log policy and server infrastructure. Audit reports are available upon request.
6. Data Retention
Account information is retained while your account is active. If you delete your account, we permanently delete your email and account data within 30 days, except where retention is required by law.
Anonymous diagnostic data is retained for up to 12 months for performance analysis, then automatically purged.
7. Your Rights
7.1 All Users
Regardless of your location, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Opt out of non-essential data collection (diagnostics)
7.2 European Union (GDPR)
If you are in the EU/EEA, you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, restriction of processing, and to lodge a complaint with your national data protection authority.
Our legal basis for processing your data is: contract performance (to provide the Service), legitimate interests (improving service quality), and legal obligation.
7.3 California Residents (CCPA)
California residents may exercise rights under the California Consumer Privacy Act (CCPA), including the right to know, right to delete, and right to opt out of the sale of personal information. We do not sell personal information.
To exercise any of these rights, contact us at privacy@veilo.dev. We will respond within 30 days.
8. Cookies and Tracking
The veilo.dev website uses only essential, functional cookies — no advertising trackers, no third-party analytics scripts that profile visitors. We do not use Google Analytics, Facebook Pixel, or similar tracking technologies.
9. Security
We implement industry-standard security measures including TLS encryption for all data in transit, bcrypt hashing for passwords, and regular security reviews. Our VPN protocols (VLESS+REALITY, WireGuard, Hysteria2) use state-of-the-art cryptography.
No system is 100% secure. In the unlikely event of a data breach, we will notify affected users within 72 hours as required by applicable law.
10. Children's Privacy
The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at privacy@veilo.dev.
11. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related inquiries: