Privacy Policy¶
Version: February 2026 Effective: Upon use of https://vell.ai
1. Introduction¶
Vell LLC ("we", "us", or "our") is committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the California Consumer Privacy Act ("CCPA"). This Privacy Policy explains how we collect, use, share, and protect your personal data when you use the services offered through https://vell.ai (the "Platform").
We act as a Data Controller with respect to the personal information you submit during account creation or usage of the Platform. We may also act as a Processor for AI-generated inputs and listing data submitted by our users.
2. Types of Personal Data We Collect¶
We collect and process the following categories of personal data:
2.1 Account Information¶
- Full name and surname
- Business email address
- Password (hashed and encrypted)
- Phone number (optional)
- Organization/company name (optional)
- Company website (optional)
- Physical address and postal code (optional)
- Country
2.2 Social Login Data¶
If you choose to authenticate via social login, we collect:
| Provider | Data Collected |
|---|---|
| Name, surname, email, profile photo, Google ID, authentication tokens | |
| GitHub | Name, email, avatar, GitHub ID, authentication tokens |
| Name, surname, email, avatar, Facebook ID, authentication token |
Social login tokens (including refresh tokens) are stored to maintain your session and are encrypted at rest.
2.3 Usage & Activity Data¶
- IP address
- Browser type and version
- Device information and user agent
- Time zone and locale
- Pages visited and features used
- Login timestamps and session activity
- Referral source
2.4 Listing & AI Content¶
- Input data used for AI content generation
- Metadata and product descriptions
- Media prompts and specifications
- AI-generated suggestions, content, and summaries (stored in tenant-isolated format)
2.5 Session & Technical Data¶
- Session cookies and tokens
- Redis cache identifiers
- CSRF tokens for security
- reCAPTCHA verification data
2.6 Payment & Billing Data¶
- Subscription status and plan details
- Transaction history (payment processing handled by third parties)
- Affiliate referral codes and earnings
2.7 Enterprise SSO Data (AWS Marketplace Users)¶
- AWS Cognito subject identifier
- Identity provider information
- Encrypted authentication tokens
- Organization and domain identifiers
3. Legal Basis for Processing¶
We rely on the following lawful bases under Article 6 of the GDPR:
| Purpose | Legal Basis |
|---|---|
| Providing services to registered users | Contractual necessity (Art. 6(1)(b)) |
| AI-generated listing content | Legitimate interest (Art. 6(1)(f)) |
| Analytics and system performance | Legitimate interest (with opt-in for cross-tenant analytics) |
| Sending transactional communications | Contractual necessity |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Security and fraud prevention | Legitimate interest |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. How We Use Your Data¶
We use personal data to:
- Create and manage your user account
- Authenticate your identity, including via social login providers
- Generate cloud marketplace listing content using AI
- Support Retrieval-Augmented Generation (RAG) features within tenant boundaries
- Process payments and manage subscriptions
- Improve product experience through system analytics and feature usage
- Send transactional emails (account notifications, password resets, etc.)
- Provide customer support
- Detect and prevent fraud or abuse
- Fulfill legal obligations and respond to lawful requests
4.1 AI Model Training¶
Important: By default, anonymized usage patterns may be used to improve our AI models. You can opt out of training data usage at any time through your account settings. Opt-out options include: - All training data - Agent executions only - Knowledge base content only - Brand voice data only
5. Data Retention & Storage¶
We store your data on AWS infrastructure (including Aurora, EC2, Redis, and Bedrock) and Cloudflare R2, primarily in the United States.
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion request |
| Input/output AI content | Duration of account, or upon deletion request |
| Data export files | 7 days after generation |
| Session data | 120 minutes (rolling) |
| Activity logs | 180 days |
| Soft-deleted records | 90 days before permanent deletion |
You may request deletion or export at any time by: - Using the self-service data export feature in your account settings - Contacting privacy@vell.ai
5.1 Data Export¶
You can request export of your data in the following formats: - Full data export - Knowledge base content - Agent execution history - Brand voice data - Product listings - Agent configurations
Exports are available for download for 7 days after generation. A cooldown period of 7 days applies between export requests.
6. Data Sharing & Third-Party Processors¶
We do not sell your personal data. We use trusted third-party processors to support the Platform:
6.1 Infrastructure & AI Processing¶
| Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, databases (Aurora, EC2, Redis) | Account data, content, usage data |
| Amazon Bedrock / Claude | AI content generation | User prompts, listing content |
| Cloudflare R2 | Object and file storage | Uploaded files, exports |
| Amazon SES | Transactional email delivery | Email addresses, message content |
6.2 Payment Processing¶
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing, subscriptions | Payment method, billing info (handled by Stripe) |
| PayPal | Alternative payment processing | Payment details (handled by PayPal) |
6.3 Analytics & Marketing¶
| Provider | Purpose | Data Shared | Opt-Out |
|---|---|---|---|
| Google Analytics | Usage analytics | Anonymized usage data, page views | Browser settings or opt-out extension |
| Google reCAPTCHA | Bot protection | IP address, browser data | Required for security |
| HubSpot | Customer relationship management | Name, email, company info | Contact support |
| Mailchimp | Email marketing | Email, name (on registration) | Unsubscribe link in emails |
6.4 User-Enabled Integrations¶
| Provider | Purpose | Data Shared |
|---|---|---|
| Slack | Workspace integration | Credentials stored encrypted |
| OpenAI | Alternative AI provider (user-supplied keys) | Prompts sent to OpenAI if configured |
| Anthropic | Alternative AI provider (user-supplied keys) | Prompts sent to Anthropic if configured |
Each provider is bound by data processing agreements (DPAs) and complies with applicable privacy regulations.
7. Your Rights Under GDPR¶
As a data subject under the GDPR, you have the following rights:
| Right | Description | How to Exercise |
|---|---|---|
| Right of Access | Request a copy of your personal data (Art. 15) | Account settings or privacy@vell.ai |
| Right to Rectification | Correct incomplete or inaccurate data (Art. 16) | Account settings or privacy@vell.ai |
| Right to Erasure | Request deletion of your personal data (Art. 17) | Account settings or privacy@vell.ai |
| Right to Restrict Processing | Limit how your data is used (Art. 18) | privacy@vell.ai |
| Right to Data Portability | Export your data in machine-readable format (Art. 20) | Self-service export in account settings |
| Right to Object | Object to certain processing, including marketing (Art. 21) | Account settings or privacy@vell.ai |
| Right to Withdraw Consent | Withdraw consent at any time | Account settings |
| Right to Lodge a Complaint | File a complaint with supervisory authority | Your local data protection authority |
7.1 Account Deletion¶
You may delete your account through: - Self-service deletion in your dashboard settings - Email request to support@vell.ai - Mobile app deletion option
Note: Account deletion is permanent and takes up to 30 days to complete across all systems. All chat history, preferences, settings, and generated content will be permanently deleted. Access to premium features and subscriptions will be terminated.
8. Your Rights Under CCPA (California Residents)¶
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
| Right | Description |
|---|---|
| Right to Know | Request disclosure of personal information collected, used, and shared |
| Right to Delete | Request deletion of your personal information |
| Right to Opt-Out | Opt out of the sale of personal information |
| Right to Non-Discrimination | Not receive discriminatory treatment for exercising your rights |
8.1 Do Not Sell My Personal Information¶
We do not sell your personal information. However, you may opt out of: - Cross-tenant analytics (anonymized benchmarking) - AI model training data usage - Marketing communications
To exercise your CCPA rights, contact privacy@vell.ai or use the controls in your account settings.
9. Security Measures¶
We implement technical and organizational measures to protect your data:
- Encryption in transit: TLS 1.2+ for all connections
- Encryption at rest: AES-256 for stored data
- Access control: Role-based permissions with tenant isolation
- Authentication: Secure password hashing, optional two-factor authentication
- Session security: CSRF protection, secure cookies, session timeout
- Infrastructure: AWS security best practices, VPC isolation
- Monitoring: Periodic security audits and vulnerability patching
User Responsibility: You are responsible for securing your own credentials, API keys, and managing authorized access within your teams.
10. Cookies & Tracking Technologies¶
10.1 Essential Cookies¶
| Cookie | Purpose | Duration |
|---|---|---|
| Session cookie | Maintain login state | 120 minutes |
| CSRF token | Request validation and security | Session |
| GDPR consent | Remember cookie preferences | 365 days |
10.2 Analytics Cookies¶
Google Analytics cookies are used to understand how visitors interact with the Platform. These are loaded based on: - Your cookie consent preferences - Your browser's Do Not Track settings
10.3 Managing Cookies¶
You can manage cookie preferences via: - The cookie consent banner on first visit - Your browser settings - Google Analytics opt-out browser add-on
11. International Transfers¶
Our infrastructure is primarily based in the United States. For transfers of personal data from the EEA, UK, or Switzerland, we rely on:
- Standard Contractual Clauses (SCCs)
- AWS's compliance with EU-US Data Privacy Framework
- Appropriate technical safeguards
12. Automated Decision-Making¶
We use AI tools (including Amazon Bedrock and Claude) to:
- Suggest marketplace listing content
- Rank and score generated outputs
- Provide auto-refresh listing recommendations
- Analyze content quality
No automated decisions are made that have legal or similarly significant effects on users without human review. You may request human review of any AI-generated decision by contacting support@vell.ai.
13. Data Roles & Responsibilities¶
| Entity | Role Under GDPR | Description |
|---|---|---|
| Vell LLC | Data Controller | Determines purpose and means of processing personal and listing-related data |
| Amazon Web Services | Data Processor | Provides cloud infrastructure for data storage and AI processing |
| Amazon Bedrock / Claude | Sub-Processor | Processes user inputs and generates content via APIs |
| Cloudflare R2 | Data Processor | Handles file and object storage |
| Stripe / PayPal | Data Processor | Handles payment processing |
| HubSpot / Mailchimp | Data Processor | Handles CRM and email marketing |
| User | Data Subject | Provides content and inputs; controls access to tenant data |
14. Children's Privacy¶
The Platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact privacy@vell.ai immediately.
15. Changes to This Policy¶
We may update this Privacy Policy from time to time. The latest version will always be available at https://vell.ai/privacy.
For material changes, we will notify you via: - Email to your registered address - Platform notification banner - Update to the "Version" date at the top of this policy
Your continued use of the Platform after changes constitutes acceptance of the updated policy.
16. Contact Information¶
Data Controller: Vell LLC 1525 US Highway 380 STE 209 Frisco, TX 75033, USA
Privacy Inquiries: privacy@vell.ai General Support: support@vell.ai
For EU residents, you may also contact your local supervisory authority if you have concerns about our data practices.
17. Consent Records¶
When you create an account, we record: - The version of terms and privacy policy you accepted - Timestamp of your consent - IP address at the time of consent
This ensures we maintain accurate records of your agreement to our policies.
Last updated: February 2026