Legal

Privacy Policy

Last updated: May 12, 2026

The short version

We collect what we need to operate the service: your email if you sign up, the spend requests your agents send through us, and standard server logs. We don't sell anything to anyone. You can ask us to delete your data anytime — tomer@veto-ai.com.

1. What we collect

Account info. Your email, an org name, and a password hash. We never see your plaintext password.
Agent telemetry. Every spend request your agent sends through Veto: amount, currency, merchant or recipient address, timestamps, the verdict we returned, the receipt we signed, and the engine trace (which risk stages fired). We store this so you can audit it later and so we can improve the engine.
Demo signups. When someone runs npx @veto-protocol/pay, we record the wallet address they used, their IP, user agent, and the agent ID we provisioned. We use this to talk to early users.
Server logs. Standard request logs (IP, path, timestamp, user agent). No third-party trackers on our marketing site.
Support email. If you email us, we keep the thread.

2. What we don't collect

We don't custody crypto. The smart contract holds funds; we sign mandates that release them. Your wallet's private key never touches our servers.
No ad networks. No Google Ads, Facebook pixel, AdRoll, or similar. We don't sell, share, or retarget.
No data brokers. We don't feed data to enrichment or attribution vendors.

3. What we do with it

Operate Veto — answer your authorize calls, sign your receipts, render your dashboard.
Improve the engine. For example, when a typosquat attempt is caught, that signal helps us tighten the canonical-merchant registry. We don't train third-party models on your data.
Send you product updates if you opted in via the email capture.
Investigate abuse, fraud, or security incidents.

4. Who else sees it

Hosting: AWS (US region). Postgres on RDS, application on EC2.
Email delivery: a transactional-email provider (Postmark or similar) for verification, receipts, and newsletters.
LLM intent verification: Anthropic's Claude API sees the merchant name, amount, and the agent's stated intent for spends that hit our intent-matching engine stage. We don't send your account info, API key, or anything outside the spend description.
Chain data: anything that hits a public chain (Base, Solana, etc.) is by definition public.
Veto-signed receipts are designed to be verifiable offline. The receipt itself reveals the merchant, amount, verdict, and timestamp. If you publish it, that's public.

5. Your rights

See your data. Export from the dashboard or email us.
Delete your account. Email us; we'll wipe your data within 30 days. Some signed receipts may persist on chain — we can't unilaterally delete on-chain data; nobody can.
Stop emails. Every email we send has an unsubscribe link.
Correct data. Edit it in the dashboard or email us.

6. International users

We're in the US (Delaware). If you're in the EU, UK, or elsewhere outside the US and you use Veto, you're transferring data to the US. We rely on standard contractual clauses for international transfers where applicable.

7. Children

Veto is for businesses and developers. If you're under 18, this isn't for you, and we don't knowingly collect data from anyone under 18. If you think we have data from a minor, email us and we'll delete it.

8. Security

We use TLS in transit, encryption at rest, and the principle of least privilege for internal access. We've not yet undergone a third-party SOC 2 audit; we'll publish the report when we do. If you find a security issue, please email tomer@veto-ai.com — we'll respond within one business day and credit you in the disclosure if you'd like.

9. Cookies & analytics

Two buckets:

Essential cookies — set by Django so we can keep you signed in (sessionid) and protect the API from cross-site request forgery (csrftoken). Without these the service doesn't work, so we don't ask permission for them.
Optional — Microsoft Clarity. If you accept the cookie banner, we load Clarity, which records aggregate page heatmaps and anonymized session replays so we can see which parts of the site work and which don't. No keystrokes inside form fields are captured. Decline the banner and Clarity never loads. You can change your mind anytime at this page using the "Reset cookie consent" link below.

We don't run ad networks, retargeting pixels, or third-party trackers beyond Clarity. Reset cookie consent.

10. Changes

We'll post a new "last updated" date and email registered users about material changes.

11. Contact

Questions, deletion requests, anything: tomer@veto-ai.com. We respond within one business day.