Privacy Policy
Last updated: May 10, 2026
We collect what we need to operate the service: your email if you sign up, the spend requests your agents send through us, and standard server logs. We don't sell anything to anyone. You can ask us to delete your data anytime — tomer@veto-ai.com.
1. What we collect
- Account info. Your email, an org name, and a password hash. We never see your plaintext password.
- Agent telemetry. Every spend request your agent sends through Veto: amount, currency, merchant or recipient address, timestamps, the verdict we returned, the receipt we signed, and the engine trace (which risk stages fired). We store this so you can audit it later and so we can improve the engine.
- Demo signups. When someone runs
npx @veto-protocol/pay, we record the wallet address they used, their IP, user agent, and the agent ID we provisioned. We use this to talk to early users. - Server logs. Standard request logs (IP, path, timestamp, user agent). No third-party trackers on our marketing site.
- Support email. If you email us, we keep the thread.
2. What we don't collect
- We don't custody crypto. The smart contract holds funds; we sign mandates that release them. Your wallet's private key never touches our servers.
- No third-party ad trackers. No Google Analytics, Facebook pixel, or similar on the marketing site.
- No session-replay tools. We don't watch you click around.
3. What we do with it
- Operate Veto — answer your authorize calls, sign your receipts, render your dashboard.
- Improve the engine. For example, when a typosquat attempt is caught, that signal helps us tighten the canonical-merchant registry. We don't train third-party models on your data.
- Send you product updates if you opted in via the email capture.
- Investigate abuse, fraud, or security incidents.
4. Who else sees it
- Hosting: AWS (US region). Postgres on RDS, application on EC2.
- Email delivery: a transactional-email provider (Postmark or similar) for verification, receipts, and newsletters.
- LLM intent verification: Anthropic's Claude API sees the merchant name, amount, and the agent's stated intent for spends that hit our intent-matching engine stage. We don't send your account info, API key, or anything outside the spend description.
- Chain data: anything that hits a public chain (Base, Solana, etc.) is by definition public.
- Veto-signed receipts are designed to be verifiable offline. The receipt itself reveals the merchant, amount, verdict, and timestamp. If you publish it, that's public.
5. Your rights
- See your data. Export from the dashboard or email us.
- Delete your account. Email us; we'll wipe your data within 30 days. Some signed receipts may persist on chain — we can't unilaterally delete on-chain data; nobody can.
- Stop emails. Every email we send has an unsubscribe link.
- Correct data. Edit it in the dashboard or email us.
6. International users
We're in the US (Delaware). If you're in the EU, UK, or elsewhere outside the US and you use Veto, you're transferring data to the US. We rely on standard contractual clauses for international transfers where applicable.
7. Children
Veto is for businesses and developers. If you're under 18, this isn't for you, and we don't knowingly collect data from anyone under 18. If you think we have data from a minor, email us and we'll delete it.
8. Security
We use TLS in transit, encryption at rest, and the principle of least privilege for internal access. We've not yet undergone a third-party SOC 2 audit; we'll publish the report when we do. If you find a security issue, please email tomer@veto-ai.com — we'll respond within one business day and credit you in the disclosure if you'd like.
9. Changes
We'll post a new "last updated" date and email registered users about material changes.
10. Contact
Questions, deletion requests, anything: tomer@veto-ai.com. We respond within one business day.