Privacy & Security Policy
Effective date: 6 February 2026
Your privacy matters to us. This Privacy & Security Policy explains how VeilDoc Ltd (“VeilDoc”, “we”, “us”, “our”) collects, uses, protects, and shares your personal information when you use the VeilDoc service available at https://veildoc.com (the “Service”).
1. Information We Collect
We collect the following categories of information to provide and improve the Service:
| Category | What We Collect | Retention |
|---|---|---|
| Account Information | Name, email address, and profile details provided during registration | Retained while your account is active, deleted within 30 days of account deletion |
| Uploaded Documents | PDF files uploaded for redaction processing | Processed in memory and not stored after redaction is complete |
| Usage Data | Pages processed, features used, and interaction patterns | Retained in anonymised form for up to 12 months |
| Payment Information | Billing details and transaction history | Managed and stored by Stripe; VeilDoc does not store card numbers |
| Device and Browser Data | IP address, browser type, operating system, and device identifiers | Retained for up to 12 months for security and analytics |
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Process your uploaded documents for AI-powered redaction
- Manage your account, authentication, and subscription
- Process payments and billing through Stripe
- Analyse usage patterns to improve our product and user experience
- Communicate with you about your account, updates, and support requests
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
3. Document Processing & AI
VeilDoc uses AI to detect sensitive information in your PDF documents. Here is how we handle your documents:
- No storage after processing: Documents are processed in memory and are not persisted to disk after processing is complete
- No AI training: AI detection runs server-side; your documents are never used to train AI models
- Encryption: AES-256 encryption for data at rest, TLS 1.2+ for data in transit
- Your control: You always have final say over what gets redacted. AI suggestions are recommendations that you review and approve before export.
4. Third-Party Services
We use the following third-party services to operate VeilDoc. Each service has its own privacy policy governing how it handles your data:
- Clerk – User authentication and account management. Privacy Policy
- Stripe – Payment processing and subscription billing. Privacy Policy
- PostHog – Product analytics and usage insights. Privacy Policy
5. Cookies
We use cookies to operate and improve the Service. For full details on the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.
6. Payment Information
All payment processing is handled by Stripe. We do not store your credit card number, CVV, or full billing details on our servers. Stripe is a PCI DSS Level 1 certified payment processor, which is the highest level of certification available. When you make a payment, your financial information is transmitted directly to Stripe via an encrypted connection. For more information, see the Stripe Privacy Policy.
7. Data Security
We take the security of your data seriously and implement appropriate technical and organisational measures to protect it:
- AES-256 encryption for data at rest, TLS 1.2+ for data in transit
- Documents are processed in memory and are not persisted to disk after processing is complete
- Payment processing is PCI DSS compliant via Stripe
- Regular security reviews and monitoring
- Access controls and authentication via Clerk
While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any breaches in accordance with applicable law.
8. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as resolving disputes or enforcing our agreements).
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete personal data
- Deletion: Request deletion of your personal data
- Portability: Request a machine-readable copy of your data
- Objection: Object to the processing of your personal data for certain purposes
- Restriction: Request that we restrict the processing of your personal data
To exercise any of these rights, please contact us at privacy@veildoc.com. We will respond to your request within 30 days.
10. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal data from a person under 18, we will take steps to delete that information promptly.
11. Changes to This Policy
We may update this Privacy & Security Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the “Effective date” at the top. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.
12. Contact Us
If you have any questions or concerns about this Privacy & Security Policy or our data practices, please contact us:
- Privacy enquiries: privacy@veildoc.com
- General support: support@veildoc.com
- Address: 27 Old Gloucester Street, London, WC1N 3AX, UK