Privacy Policy
The short version. Veyl is built so that we cannot see your sensitive data. Detection, masking, and restoration run inside your browser. We operate no database and store none of your text. The only thing that ever leaves your browser is the masked version of your text, sent to the AI provider you choose. If you find anything in this policy inconsistent with that promise, tell us and we will fix the product, not the policy.
1. Who we are
Veyl ("we", "our") operates the website at projectveyl.com and the prototype application at app.projectveyl.com. Contact: hello@projectveyl.com.
2. What happens to text you enter in the app
- Detection and masking run locally. When you type or paste text, sensitive-data detection (patterns, your dictionary, and the optional in-browser AI model) executes entirely on your device. Your raw text is not transmitted to us or anyone else for detection.
- Only masked text is sent. When you click send, the masked version of your text (with placeholders substituted for detected items) is transmitted to the AI provider — either directly from your browser using your own API key, or through our relay when you use the free allowance. Our relay sees only the masked text, forwards it, returns the response, and retains nothing. We operate no database.
- Restoration is local. The mapping between placeholders and real values never leaves your browser. Real values are re-inserted into the AI's answer on your device.
3. What stays in your browser
The app stores the following in your browser's local storage, on your device only: your API keys (if you add any), your firm dictionary, your audit log (timestamps, categories, and cryptographic hashes — never raw values), and your settings. Clearing your browser data deletes all of it. We have no copy.
4. What we do collect
- Hosting logs. Our host (Vercel) generates standard, short-lived infrastructure logs (such as IP address, request time, and status codes) used for security and rate limiting of the free allowance. These logs do not include your text.
- Early-access requests. If you submit the request form or email us, we receive the contact details you choose to share and use them only to respond. We do not sell or share them.
We do not use advertising trackers or analytics cookies on the app.
5. Third-party services
- AI providers (Anthropic, OpenAI). Masked text is processed by the provider you select, under their API terms. Both providers state that API data is not used to train their models. If you use your own API key, your existing agreement with that provider governs.
- Vercel hosts the website and relay.
- Hugging Face CDN. If AI name detection is enabled, your browser downloads a detection model file from a public CDN. This is a one-way download; none of your text is sent there.
6. Prototype status and your responsibility
Veyl is an early-stage prototype provided for evaluation. It has not undergone independent security audits or compliance certifications (such as SOC 2 or HIPAA attestation). Do not enter real client, patient, or otherwise confidential production data. Use synthetic or sample data. See our Terms of Use.
7. Children
Veyl is a professional tool and is not directed at anyone under 18.
8. Changes
We will update this policy as the product evolves and change the effective date above. Material changes will be noted on the site.
9. Contact
Questions or concerns: hello@projectveyl.com.