Privacy Policy

1. Scope: Cloud vs Self-Hosted

This Privacy Policy applies when you use Velane's hosted cloud service, including app.velane.sh and related Velane-operated infrastructure.

If you self-host Velane on your own infrastructure, you control and own your tenant data — including snippets, logs, integration connections, and secrets. We do not collect or process that data unless you voluntarily share it with us (for example, through support requests). Your internal handling of self-hosted data is governed by your own policies and deployment choices. This website may still collect limited technical data when you visit it, as described below.

2. Information We Collect

On Velane Cloud, we collect the following types of information:

• Account Information: When you create an account or tenant, we collect your email address and name (if provided). Passwords are stored as one-way hashes — we never store plaintext passwords. We also issue session tokens to keep you signed in.
• Usage Data: We collect information about how you and your AI agents interact with the Service, including API calls, snippet invocations, logs, and performance metrics.
• Integration Data: When you connect third-party services (via Nango or direct OAuth), we store connection metadata and tokens securely on your behalf. We never store or access the underlying data from those services unless explicitly invoked by your code.
• Technical Data: IP addresses, browser type, device information, and cookies for authentication and analytics.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process and fulfill your requests and transactions
• Improve and personalize the Service
• Detect and prevent fraud, abuse, and security issues
• Communicate with you about updates, security alerts, and support
• Comply with legal obligations

4. Sharing of Information

We do not sell your personal information. We may share information in the following limited cases:

• With service providers who help us operate the Service (hosting, analytics, error monitoring) under strict confidentiality obligations.
• When required by law, regulation, or valid legal process.
• In connection with a merger, acquisition, or sale of assets (we will notify you if this happens).

5. Data Security

We use industry-standard security practices, including encryption in transit (TLS), encryption at rest for secrets, and strict access controls. However, no method of transmission over the Internet is 100% secure.

6. Your Rights

Depending on your location, you may have the right to:

• Access, correct, or delete your personal information
• Object to or restrict certain processing
• Request a copy of your data (data portability)
• Withdraw consent at any time (where processing is based on consent)

To exercise these rights, please contact us at the email below.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time.

8. Third-Party Services

The Service integrates with third-party providers (via Nango and direct OAuth). Those providers have their own privacy policies. We are not responsible for the practices of third parties you choose to connect.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

abhi@velane.sh