Veable

Privacy notice

Effective 9 July 2026. This notice explains how Veable handles personal data.

Controller and contact

Veable is operated by Vecti Tech Ltd, company number 16941866, registered in England and Wales. Registered office: Unit A, 82 James Carter Road, Mildenhall, United Kingdom, IP28 7DE. We are controller for account and product-operation data. Contact support@veable.app for privacy requests.

Data we handle

  • Account data, including email address, display name, authentication identifier, and account timestamps.
  • Billing data, including plan status, Stripe customer and subscription references, checkout status, and transaction metadata. Veable does not receive full payment-card details.
  • Usage and service data, including quota, job status, source URL and host, timestamps, error summaries, and safe operational events.
  • Device and connection data, including desktop-agent type, pairing state, device identifiers, connector version, platform, last-seen time, IP address, and security logs.
  • Support messages and any information you choose to include in them.

Local project work and conversation

Clone, build, and edit work runs through an approved desktop connector on your computer. Generated code, captures, screenshots, assets, and build folders stay on your computer unless you choose a future upload, share, host, or deploy action. Workspace instructions and assistant replies pass through the control plane only to relay the live turn. They are kept in browser-local transcript storage and temporary server memory, but are not written to persistent Veable control-plane state or Supabase. Operational event type, status, timing, and text length may be retained without message text.

Why we use data

  • To provide accounts, pairing, jobs, quota, billing, support, security, and fraud prevention under our contract with you.
  • To operate, diagnose, and protect Veable where this is necessary for our legitimate interests and does not override your rights.
  • To keep tax, accounting, payment, and legal records where law requires it.
  • To send optional marketing only with consent or another lawful basis, with an unsubscribe option.

Service providers and transfers

We use Supabase for authentication and database services, Railway for hosting, Stripe for subscriptions and payments, and the desktop-agent provider you approve for local agent work. These providers process data under their own terms and our applicable agreements. Some providers may process data outside the UK. Where required, we use an adequacy decision, the UK International Data Transfer Agreement or Addendum, or another lawful transfer safeguard.

Browser storage

Veable uses browser storage and necessary authentication or preview cookies to keep you signed in, bind a browser to an approved connector, resume a requested job, remember the local workspace transcript, and protect local previews. We do not use advertising cookies in the current product.

Retention

Account and job metadata is kept while your account or job remains active, then deleted or anonymised when no longer needed for service, security, dispute, tax, or legal obligations. Billing and accounting records may be kept for the period required by UK law. Pairing and artifact credentials expire or are revoked. Deleting a completed job removes its mirrored job events and artifact tokens. You may request account deletion through the contact above.

Your rights

Depending on the circumstances, UK data protection law gives you rights to access, correct, erase, restrict, or object to processing, receive portable data, and withdraw consent. You may complain to the UK Information Commissioner's Office at ico.org.uk. Contact us first if you would like us to investigate.

Security, children, and changes

We use access controls, scoped credentials, encryption in transit, signed or expiring tokens, and data minimisation. No service is risk-free. Veable is not directed to children under 18. We will post material notice changes here and update the effective date.