Privacy Policy
Effective 23 May 2026 · Version 2.0
This Privacy Policy explains how Vela collects, uses, discloses, and protects personal data. We act as a data controller for customer account data and as a data processor for traffic B2B customers route through the gateway.
1.Data we collect
| Category | Examples |
|---|---|
| Account identifiers | Email, hashed password (Argon2id), customer ID |
| Billing data | Stripe customer ID, last 4 of card, invoices |
| Service metadata | Byte counts, session country, anonymised flow events. We do not log destination URLs, hostnames, headers or payloads. |
2.What we explicitly do not collect
- The websites, URLs or page contents you visit through the tunnel
- DNS query logs
- Card numbers (handled by Stripe)
- Cross-site cookies — the marketing site uses no cookies at all
3.Retention, sharing & your rights
Per-flow records aggregate into daily ledgers within 30 days. We never sell personal data. UK/EU GDPR rights — access, rectification, erasure, portability, objection — exercised via privacy@vela.watch.