Privacy Policy

Overview

Veilo is designed as a static-first, browser-local transfer interface. The central server does not relay transfer payloads, fetch magnet links, fetch torrent metadata, preview user URLs, or operate a default remote node.

Browser Storage

The transfer library, route preferences, bridge token, remote node token, and local shortlinks may be stored in your browser using IndexedDB or localStorage. This data stays in your browser unless you export it, submit it in a form, configure a node, or otherwise choose to transmit it.

You can clear browser-local Veilo data from the app controls or through your browser settings.

WebTorrent and Browser Transfers

Web Mode uses WebTorrent and WebRTC-compatible swarms. Peer, tracker, browser, and network behavior may expose information to peers, trackers, and network operators. Classic TCP/UDP BitTorrent is not performed by the browser mode and requires a user-owned Local Bridge or Remote Node.

Veilo does not send magnet links, torrent files, torrent metadata, payloads, tracker lists, or node tokens to the Veilo server unless you explicitly include that information in a contact or compliance form.

Contact and Compliance Forms

If you submit a contact or compliance form, Veilo may process the email address, subject, message, request type, reference URL, consent flag, truncated IP range, HMAC-hashed IP range, and HMAC-hashed user agent. Forms do not accept attachments in v1.

Messages may be stored in the configured database and may also be sent by email to the appropriate operator mailbox.

Audit and Security Logs

Veilo supports transparent audit events for compliance workflows. These events are not covert tracking pixels. They require explicit POST requests and are rate-limited. By default, IP addresses are truncated before hashing: IPv4 to /24 and IPv6 to /48. The truncated range and HMAC-SHA256 hashes are stored; raw full IP addresses are not stored by default.

Audit retention defaults to 30 days where the database table is available. Operational fallback files may exist for rate limiting if the database is unavailable.

Shortlinks

Local shortlinks are stored in your browser. Optional PHP-backed shortlinks store target URL, target host, optional title, expiration time, disabled state, click count, and an HMAC-hashed IP bucket for creation abuse controls. Redirects use an interstitial page and do not blindly forward users.

Analytics and Sale of Data

Veilo does not include third-party analytics, remote tracking pixels, external fonts, external icon packs, or advertising tags. Veilo does not sell personal data.

GDPR Rights

Where applicable, you may request access, correction, deletion, restriction, objection, or export of personal data processed through hosted forms or server-side records. Send requests to compliance@veilo.quest. Veilo may need to verify your request before acting on it.

Contact

Privacy and GDPR requests: compliance@veilo.quest. General contact: contact@veilo.quest.