Skip to content
← Back to home

Privacy Policy

This policy explains, in plain English, what information Veytrio handles and how. Veytrio is in a pilot phase, and this policy will evolve as the product matures.

Who we are

Veytrio provides AI governance and prompt-risk monitoring software that helps organisations make AI usage visible and reviewable. If you have any questions about this policy, contact us at contact@veytrio.com.

Information we handle

Website enquiries. When you submit our contact form, we handle the details you provide — your name, company, work email, role, company size, and message — solely to respond to pilot, demo, or early-access enquiries.

Within the Veytrio product (pilot customers). Veytrio handles governance-relevant metadata about AI tool usage — such as which AI tool was used, timestamps, risk signals, and review status — captured primarily from supported browser-based AI tools — such as ChatGPT, Claude, Gemini, and Microsoft Copilot — via a lightweight browser extension, and, where an organisation enables them, from an early VS Code integration or a push connector for internal AI tools. This metadata also supports governance reporting and review workflows.

Sensitive content and redaction

Veytrio is designed to detect and redact sensitive fields — such as names, email addresses, account numbers, and credentials — before storage or review, to reduce unnecessary exposure. Redaction and retention behaviour is governed by configurable settings.

Why we handle it

The purpose is AI governance: giving organisations visibility and review evidence around how AI tools are being used. We do not sell personal data, and we do not use enquiry details for advertising.

Retention

Retention of product data is configurable by the customer organisation and agreed during onboarding. Enquiry details are kept only as long as needed to respond to and follow up on your enquiry.

Who can access it

Within the product, access is role-based and tenant-scoped, and administrative actions are recorded in an audit trail. Only authorised users within a customer organisation can review that organisation’s activity.

Where data is handled

Hosting and data residency are confirmed during customer onboarding, based on the deployment configuration agreed with each organisation. A Data Processing Agreement (DPA) is available on request for pilot customers.

Sub-processors

Veytrio relies on third-party infrastructure and service providers to operate (for example, hosting and email delivery). Current sub-processors are confirmed as part of onboarding and any applicable Data Processing Agreement.

Your choices and data requests

If you have questions or wish to make a data request, contact contact@veytrio.com. For pilot customers, data handling may also be governed by a separate pilot agreement or DPA, available on request.

Changes to this policy

As Veytrio is in a pilot phase, we will update this policy as the product develops. Please check back for the latest version.