VEEB.AI | Omni-Header System

⚡ SYSTEM STATUS: 20 Free Credits allocated to your IP address. 🎁 20 Free Credits Waiting Claim Access Now Get It

Privacy Policy

Last Updated: January 7, 2026 | Effective Date: January 7, 2026

1. Executive Preamble: The Veeb.ai Privacy Architecture

1.1 The “Privacy-by-Orchestration” Paradigm

This document constitutes the definitive privacy standard and legal framework for Veeb.ai, a Software-as-a-Service (SaaS) platform domiciled in Lausanne, Switzerland.

Traditional interaction models in the generative AI sector typically involve a direct user-to-provider relationship, wherein the user exposes their metadata, network identity, and prompt semantics directly to the entity training the model. Veeb.ai disrupts this dynamic by interposing a secure, privacy-preserving orchestration layer. We function as a sovereign proxy—a “Sanitization Gateway”—that decouples the intent of the user (the prompt) from the identity of the user (the PII). By operating under the rigorous data protection standards of the Swiss nFADP, which is fully harmonized with the European General Data Protection Regulation (GDPR), we offer a fortress of neutrality in an age of surveillance capitalism.

This policy is structured to be exhaustive, transparent, and actionable. We have organized this document to allow users to navigate from high-level principles to granular technical implementations. We explicitly address the integration of third-party “Trusted Generative Partners”—our term for the visual and textual synthesis engines we orchestrate—and provide a binding covenant regarding the “No-Training” usage of your proprietary data. Furthermore, as a Swiss entity serving a global market, we articulate our strict adherence to the Swiss-U.S. Data Privacy Framework (DPF) to ensure lawful and secure transatlantic data flows.

1.2 Jurisdictional Context and Legal Basis

Veeb.ai is headquartered in the Canton of Vaud, Switzerland. Consequently, our primary regulatory framework is the New Federal Act on Data Protection (nFADP/nLPD), which entered into force on September 1, 2023. This legislation represents a modernization of Swiss privacy law, introducing stricter governance, enhanced data subject rights, and the concepts of “Privacy by Design” and “Privacy by Default”.

While Switzerland is outside the European Economic Area (EEA), the nFADP is designed to ensure “adequacy” with the EU GDPR, facilitating the free flow of data between Switzerland and the EU/EEA. Therefore, for our European users, Veeb.ai serves as a GDPR-compliant destination. For our United States users, we leverage the Swiss-U.S. Data Privacy Framework, recognized by the Swiss Federal Administration and the U.S. Department of Commerce, to bridge the regulatory gap.

Our processing of your data is grounded in specific legal bases:

Contractual Necessity (Art. 31 para. 2 lit. a nFADP): We process your prompts and account data to fulfill the service contract—specifically, to generate the AI assets you request.
Legitimate Interest (Art. 31 para. 1 nFADP): We process telemetry and security logs to protect the integrity of our platform and prevent fraud.
Consent (Art. 31 para. 1 nFADP): Where required (e.g., for optional marketing communications or sensitive data processing), we obtain your explicit, informed consent.
Legal Obligation (Art. 31 para. 1 nFADP): We retain financial records to comply with Swiss commercial and tax laws (Code of Obligations).

2. Comprehensive Definitions and Interpretations

To ensure absolute clarity and prevent the ambiguity often found in SaaS contracts, we provide precise definitions of the terminology used throughout this architecture.

2.1 Regulatory and Legal Definitions

“Controller” (The Architect): Veeb.ai (Legal Entity), which determines the purposes and means of the processing of personal data. We are the entity responsible for your privacy.
“Processor” (The Engine): Any natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller. In our architecture, this includes our cloud infrastructure providers and the Trusted Generative Partners.
“Personal Data”: Any information relating to an identified or identifiable natural person. Under the nFADP, this definition is strictly limited to natural persons (individuals) and does not extend to legal entities, although we protect corporate confidentiality through contract.
“Sensitive Personal Data”: Data requiring heightened protection, including genetic data, biometric data for unique identification, and data concerning religious or political views, health, or administrative/criminal proceedings.
“Data Subject” (The User): The identified or identifiable natural person to whom the personal data relates—specifically, you, the user of Veeb.ai.

2.2 Technical and Operational Definitions

“Input Data” (The Prompt): The text instructions, reference images, parameter settings, or code fragments you submit to the Veeb.ai interface to initiate a generative task.
“Output Assets” (The Generation): The resulting synthetic media—images, text blocks, code, or video—produced by the Trusted Generative Partners in response to the Input Data.
“Trusted Generative Partners”: The third-party API providers we orchestrate to perform the actual synthesis. This includes, but is not limited to, providers of diffusion models for image generation and large language models (LLMs) for text processing.
“Orchestration Metadata”: Technical data generated during the routing of a request, such as timestamps, token counts, latency metrics, and API response codes. This data describes the transaction, not the content.
“Sanitization Layer”: The proprietary Veeb.ai software module that strips Personal Data (PII) from Input Data before transmission to a Processor.

3. The “No-Training” Covenant: A Binding Guarantee

In the current generative AI landscape, the most pressing concern for professional users is the “cannibalization” of their intellectual property—the fear that their proprietary prompts and creative inputs will be used to train the next generation of models, effectively automating them out of existence using their own work. Veeb.ai addresses this strictly.

3.1 The Explicit Non-Training Guarantee

Guarantee: Veeb.ai unequivocally guarantees that it does not utilize your Input Data (Prompts) or Output Assets (Generations) to train, retrain, fine-tune, or reinforce the weights of our own proprietary artificial intelligence models.

Legal Consequence: This is not merely a policy statement; it is a binding contractual representation. Any deviation from this practice would constitute a material breach of our Terms of Service and this Privacy Policy. We acknowledge that your creative inputs are your trade secrets or proprietary context, provided solely for the purpose of executing a specific generative task.

Differentiation from Service Analytics: It is critical to distinguish between Generative Training and Service Improvement Analytics.

Prohibited (Generative Training): We do not feed your text prompts into a vector database to teach an LLM how to write better, nor do we feed your uploaded images into a diffusion model to teach it new styles.
Permitted (Service Analytics): We do analyze metadata to improve platform performance. For example, we might analyze that “requests with over 500 tokens have a higher latency,” or “image generation fails more often between 14:00 and 16:00 CET.” This analysis is structural, not semantic.

3.2 Downstream Protection and Vendor Management

Our “No-Training” guarantee extends to our selection of Trusted Generative Partners. Veeb.ai exclusively utilizes “Enterprise” or “Commercial” API tiers with our partners. Unlike free consumer tiers, these enterprise agreements contractually prohibit the provider from using data submitted via API for model training.

Zero-Retention Configuration: Where technically feasible, we configure our API connections to request “Zero-Retention” processing, ensuring that the Partner retains the data only for the fleeting moments required to process the inference, or for the minimum statutory period required to monitor for abuse (typically 30 days), after which it is permanently purged.
User Choice: In instances where a specific bleeding-edge model requires a data-sharing concession (e.g., a “Beta” model), this feature will be locked by default. You must explicitly opt-in to use such models, with a clear warning that the “No-Training” guarantee is suspended for that specific interaction.

4. Data Collection Architecture: The Layered Approach

Inspired by the transparency architecture of platforms like X.com, we categorize our data collection into three distinct operational layers. This allows you to understand the depth of data processing relative to the utility of the service.

4.1 Layer 1: Identity & Authentication Data (The “Who”)

To maintain a secure, banking-grade SaaS environment compliant with Swiss security standards, we collect the minimum viable data to establish your identity.

Account Credentials: We collect your email address and a salt-hashed password. If you utilize a Single Sign-On (SSO) provider (e.g., Google or GitHub), we collect the authentication token provided by that service but do not store your external password.
Billing Information: To comply with Swiss VAT (MWST) regulations and global tax laws, we must retain your billing address, country of residence, and VAT ID (if applicable). Note: Veeb.ai does not store raw credit card numbers. All payment processing is offloaded to a PCI-DSS Level 1 compliant payment processor (e.g., Stripe), which provides us with a tokenized reference to manage your subscription.
Professional Affiliation: For enterprise accounts, we act as a Controller of the employee contact data (business email, job title) provided during the provisioning of seat licenses.

4.2 Layer 2: Activity & Telemetry Data (The “How”)

This layer involves the technical exhaust generated by your interaction with our infrastructure. This data is processed primarily under the legal basis of Legitimate Interest (security and optimization).

Device Fingerprinting: We log your IP address, browser user-agent string, operating system, and screen resolution. This is essential for:
- Fraud Prevention: Detecting multiple login attempts from disparate geolocations.
- Session Security: Preventing session hijacking.
- Regional Compliance: Ensuring we serve the correct legal notices based on your jurisdiction.
Usage Telemetry: We track which features you use (e.g., “User clicked ‘Upscale Image’”). This data helps us prioritize development resources toward the most valuable tools.
API Logs: We maintain logs of API calls, including the size of the request and the response status code (e.g., 200 OK, 500 Error). These logs are crucial for debugging and for calculating usage quotas (e.g., “Credits Remaining”).

4.3 Layer 3: Synthesis & Content Data (The “What”)

This is the core payload of the Veeb.ai service—the creative content you entrust to us.

Input Prompts: We process the text and images you upload as context for generation.
Generated Assets: We store the images and text produced by the system.
Private Knowledge Base (RAG): If you use our “Retrieval Augmented Generation” features, you may upload documents (PDFs, text files) to create a private context window. These documents are vectorized (converted into mathematical representations) and stored in an encrypted vector database.
- Isolation: Your vector embeddings are logically isolated from all other users. They are never merged into a shared index.
Third-Party Keys (BYOK): If you utilize the “Bring Your Own Key” feature to connect your personal third-party AI provider accounts, we store your API key in an encrypted vault (AES-256). These keys are decrypted only in ephemeral memory at the moment of a request and are never logged in plain text.

4.4 Table of Data Categories and Retention

Data Category	Specific Elements	Purpose	Retention Period
Identity	Email, Hash, Name	Authentication	Duration of Account + 30 Days
Financial	Invoice History, Address	Tax Compliance (Swiss Code of Obligations)	10 Years (Statutory)
Telemetry	IP, User Agent, Clickstream	Security & Optimization	14 Months (Rolling)
Synthesis	Prompts, Images, Text	Service Delivery	Until Deleted by User
Vectors	PDF/Text Embeddings	RAG Functionality	Until Deleted by User
Keys	Third-Party API Keys	Integration	Until Deleted by User

5. The Orchestration Engine: Transparency in Transfer

Veeb.ai is an Orchestrator. We do not build the foundational models; we coordinate them to provide a superior, unified workflow. This necessitates the transfer of specific data segments to our Trusted Generative Partners.

5.1 The “Sanitized Transfer” Protocol

To resolve the tension between using third-party AI and maintaining privacy, Veeb.ai utilizes a proprietary Sanitized Transfer Protocol. When you submit a prompt, the following sequence occurs:

Ingestion: Your request hits Veeb.ai servers in Switzerland.
Sanitization: Our engine strips all User Identity metadata (IP address, Email, Account ID) from the payload.
Tokenization: The prompt is converted into the necessary format for the destination model.
Transmission: The request is sent to the Trusted Generative Partner (e.g., the image synthesis provider) originating from Veeb.ai’s enterprise IP block, effectively masking your location and identity.
Re-association: The Partner returns the asset to Veeb.ai. We re-associate the anonymous asset with your user session using an internal ephemeral ID and deliver it to your dashboard.

This architecture ensures that the Trusted Generative Partner sees Veeb.ai as the customer, not you. They cannot build a behavioral profile of your specific usage patterns across different sessions.

5.2 Categories of Trusted Generative Partners

We are transparent about the categories of vendors we engage. While the specific list of vendors is available in our Sub-processor List (available upon request), the categories include:

Visual Synthesis Providers: Entities providing diffusion-based image generation services. These partners receive text prompts and return image files.
Semantic Logic Providers: Entities providing Large Language Models (LLMs) for text generation, code completion, and reasoning tasks.
Vector Database Providers: Cloud infrastructure specialized in high-speed retrieval of vector embeddings for RAG workflows.
Infrastructure Hosts: We utilize hyper-scale cloud providers (e.g., AWS, Google Cloud, or Swiss-specific clouds like Exoscale) to host our orchestration code. We prioritize Swiss or EU regions for data residency whenever possible.

5.3 User Responsibility in Prompting

While Veeb.ai sanitizes metadata, we cannot sanitize the content of your prompt without breaking the generation. Therefore, you acknowledge that if you type PII (e.g., a real person’s phone number or home address) inside the text of a prompt, that text must be sent to the AI provider to generate the result. We strongly advise against inputting Sensitive Personal Data into prompt fields.

6. International Data Transfers and the Swiss-U.S. Data Privacy Framework

As a Swiss company with a global footprint, managing cross-border data flows is central to our compliance strategy. We adhere to the strictest mechanisms for international transfer to ensure your rights travel with your data.

6.1 Compliance with the Swiss-U.S. Data Privacy Framework (DPF)

Veeb.ai complies with the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce and recognized by the Swiss Federal Administration. This framework provides a robust legal basis for transferring personal data from Switzerland to participating organizations in the United States.

Certification Statement: Veeb.ai has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
Supremacy Clause: If there is any conflict between the terms in this privacy policy and the Swiss-U.S. DPF Principles, the Principles shall govern.

6.2 The DPF Principles in Practice

We apply the core DPF Principles to all relevant transfers:

Notice: This policy fulfills our obligation to inform you about the purposes of processing and the entities to whom we disclose data.
Choice: We offer you the opportunity to opt-out of disclosures to third parties (other than our agents) or use of data for purposes incompatible with the original purpose of collection.
Accountability for Onward Transfer: Veeb.ai remains liable for the processing of personal data by our third-party agents (Trusted Partners). If a partner processes data in a manner inconsistent with the DPF Principles, Veeb.ai is responsible unless we can prove we were not responsible for the event giving rise to the damage.
Security: We employ reasonable and appropriate measures to protect data from loss, misuse, and unauthorized access.
Data Integrity and Purpose Limitation: We limit the collection of personal data to what is relevant for processing and ensure it is reliable, accurate, and current.
Access: You have the right to access your personal data and to correct, amend, or delete it if it is inaccurate or processed in violation of the Principles.
Recourse, Enforcement, and Liability: We provide robust independent recourse mechanisms (detailed in Section 10).

6.3 Transfers to Other Jurisdictions

For transfers to countries outside Switzerland, the EU/EEA, or the US DPF list, we rely on the Swiss Standard Contractual Clauses (SCCs), recognized by the FDPIC, ensuring that the recipient provides an adequate level of data protection comparable to Swiss law.

7. Data Security and Retention: The “Swiss Vault”

We treat your data with the confidentiality expected of a Swiss entity. Our security posture is designed to defend against both external threats and internal misuse.

7.1 The “Vault” Architecture (Security Measures)

Encryption at Rest: All sensitive data (prompts, user profiles, API keys) is encrypted on disk using AES-256 (Advanced Encryption Standard).
Encryption in Transit: All data moving between your client, our servers, and our Trusted Partners is encrypted via TLS 1.3 (Transport Layer Security), ensuring forward secrecy.
Access Control: We adhere to the Principle of Least Privilege. Direct access to production databases is restricted to a small subset of cleared engineering staff, protected by multi-factor authentication (MFA) and hardware security keys. Access logs are auditable and immutable.
Vulnerability Management: We conduct automated vulnerability scanning of our code and infrastructure. We also maintain a “Bug Bounty” program to encourage responsible disclosure of security issues by the research community.

7.2 Data Retention and Minimization

We practice Data Minimization—we do not hoard data we do not need.

User-Controlled Deletion: You have the absolute right to delete individual generation assets or your entire account history at any time. When you click “Delete,” the asset is removed from our active databases immediately.
Backup Cycle: Deleted data may persist in encrypted, offline backups for a maximum of 30 days to ensure business continuity in the event of a catastrophic failure (Disaster Recovery). After 30 days, these backups are overwritten.
Telemetry Expiry: Operational logs and telemetry data are aggregated and anonymized after 14 months, severing the link to your user ID.

8. User Rights: Sovereignty and Control

Under the Swiss nFADP (and the GDPR where applicable), you are not merely a “user”; you are a “Data Subject” with enforceable rights. Veeb.ai is built to facilitate these rights effortlessly.

8.1 The Right to Access (Art. 25 nFADP)

You have the right to request a complete copy of the personal data Veeb.ai holds about you. This includes your profile data, login history, and generation logs. We provide a self-service “Export Data” tool in your dashboard to fulfill this request instantly in a machine-readable format (JSON/CSV).

8.2 The Right to Rectification (Art. 32 nFADP)

If your data is inaccurate (e.g., an outdated email or billing address), you have the right to correct it. You can manage most of this data directly in your account settings. For complex rectifications, our support team is available to assist.

8.3 The Right to Erasure (“Right to be Forgotten”) (Art. 32 nFADP)

You may request the permanent deletion of your account. Upon this request:

Your profile and credentials are purged.
Your generation history and uploaded assets are deleted.
Your API keys are destroyed.

Exception: We must retain specific financial transaction records for 10 years to comply with the Swiss Code of Obligations (accounting records).

8.4 The Right to Data Portability (Art. 28 nFADP)

A new feature of the nFADP, this right allows you to receive your data in a commonly used electronic format or request its transfer to another provider. Veeb.ai supports this by ensuring our data exports are standardized, allowing you to take your prompt history and move to another platform if you choose.

8.5 Rights Regarding Automated Decision Making (Art. 21 nFADP)

Veeb.ai does not currently employ fully automated individual decision-making (profiling) that produces legal effects concerning you (e.g., automated credit denial). If we introduce such systems in the future, we will notify you and provide the option to request human intervention.

9. Cookie Policy and Tracking Technologies

9.1 Philosophy of Use

We use cookies strictly to ensure the functionality of the platform and to understand usage patterns to improve the service. We do not sell your clickstream data to data brokers or advertising networks.

9.2 Categories of Cookies

Essential Cookies: Necessary for the website to function (e.g., maintaining your login session, CSRF protection). You cannot opt-out of these.
Functionality Cookies: Store your preferences (e.g., “Dark Mode” setting, language preference).
Analytical Cookies: (e.g., Plausible or Google Analytics 4). These help us understand which pages are visited most. We configure these tools to anonymize IP addresses. You can opt-out of these via our Cookie Consent Banner.

10. Dispute Resolution, Recourse, and Contact

Veeb.ai is committed to resolving complaints about your privacy and our collection or use of your personal information efficiently and fairly.

10.1 Primary Contact

Any inquiries, complaints, or requests regarding this policy should be directed to our Data Protection Office:

Veeb.ai Privacy Office
Chem. Mont-Tendre 8
1007 Lausanne, Switzerland
Email: support@veeb.ai

We commit to acknowledging your inquiry within 7 days and providing a substantive response within 30 days.

10.2 Independent Recourse Mechanism (Swiss-U.S. DPF)

In compliance with the Swiss-U.S. DPF, Veeb.ai commits to refer unresolved complaints concerning our handling of personal data received in reliance on the Swiss-U.S. DPF to an independent dispute resolution mechanism based in the United States.

Arbitration Model: We adhere to the arbitral model set forth in Annex I of the DPF Principles.
Competent Authorities: Veeb.ai is subject to the investigatory and enforcement powers of the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland and the Federal Trade Commission (FTC) in the United States (regarding DPF compliance).

10.3 Binding Arbitration

Under certain conditions, more fully described on the Data Privacy Framework website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. This ensures you always have a path to justice.

11. Changes to This Policy

The digital landscape is fluid. We may update this Privacy Policy to reflect changes in our technology, legal obligations, or operational practices.

Notification: If we make material changes (e.g., changing our data retention periods or adding new categories of processors), we will notify you by email and by a prominent notice on the Veeb.ai dashboard prior to the change becoming effective.
Review: We encourage you to review this page periodically for the latest information on our privacy practices.