// privacy
Privacy Policy
Last updated: May 11, 2026
1. Who we are
Veyra is a desktop application and accompanying website (veyra.sh) that lets you run AI coding CLIs like Claude Code and Codex in tiled panes. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our website, sign up for an account, install the desktop app, or contact us.
Veyra is operated by the Veyra Team ("we", "us", or "Veyra"). You can reach us at support@veyra.sh.
2. Information we collect
We collect the following categories of information:
- Account information. When you sign up, we receive your email address and (optionally) name from our authentication provider, Clerk. If you sign in with Google, we receive your Google account's email and basic profile information per the OAuth scopes you approve.
- License and device information. We generate a license key for your account and record which machines have activated it. For each activated device, we store a one-way hash of the machine's hardware identifiers (CPU brand, MAC address, OS version, hostname) — we do not store these identifiers in plaintext — together with a user-set device label and the time of last contact.
- Payment information. When you subscribe, your card details are entered directly into Stripe Checkout and are never received or stored by Veyra. We receive only a non-sensitive Stripe customer id, subscription id, and the amount, currency, and status of each payment.
- Communications. If you email us at
support@veyra.sh, we receive the contents of that email and any attachments. - Server logs. Our hosting provider records IP address, user-agent, request URL, and timestamp for each request to our website and APIs, retained for security and debugging.
- Cookies. Our authentication provider sets session cookies under
clerk.veyra.sh. Stripe sets a small number of cookies during the checkout flow. We do not use third-party advertising or tracking cookies.
3. How we use information
- Provide the Service: authenticate you, issue and validate your license, run your subscription billing, and deliver the desktop app and updates.
- Communicate with you about your account, including license key delivery, payment receipts, payment failures, and other transactional emails. We do not send marketing emails without your consent.
- Detect and prevent abuse, including license sharing in excess of permitted device counts, automated abuse of public APIs, and fraud.
- Comply with legal obligations and enforce our Terms.
4. Subprocessors and disclosures
We share information with the following third-party service providers who process it on our behalf:
| Subprocessor | Purpose | Region |
|---|---|---|
| Vercel | Website + API hosting | Global edge |
| Neon | PostgreSQL database | us-east-1 |
| Clerk | Authentication and user management | Global |
| Stripe | Payments and subscription billing | Global |
| Resend | Transactional email delivery | Global (AWS SES) |
| Cloudflare | CDN for Clerk's frontend API | Global |
We do not sell your personal information. We do not share it with advertisers or data brokers. We may disclose information when required by law, valid legal process, or to protect the rights, property, or safety of Veyra, our users, or the public.
5. Your rights
Depending on where you live, you may have rights under the GDPR (EU/UK), CCPA (California), PDPA (Malaysia / Singapore), or equivalent regulations:
- Access: request a copy of the information we hold about you.
- Correction: ask us to correct inaccurate information.
- Deletion: ask us to delete your account and associated personal information. Note that some records (such as payment history) may be retained where required by tax or fraud-prevention obligations.
- Portability: receive your information in a portable format.
- Objection / restriction: object to certain uses of your information.
- Withdraw consent: where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, email support@veyra.sh. We will respond within 30 days.
6. Data retention
We retain account, license, and billing information for as long as your account is active and for a reasonable period afterwards for legal and fraud-prevention purposes (typically 7 years for billing records). When you request deletion, we remove personal information from our active systems and retain only minimal records required by law.
7. Security
We use industry-standard practices to protect your information: TLS in transit, encryption at rest, scoped database credentials, short-lived authentication tokens, signed webhook verification, and the principle of least privilege. License credentials on the desktop are stored with mode 0600 permissions in the per-user application config directory.
No method of transmission or storage is 100% secure. If we ever learn of a breach affecting your information, we will notify you and the relevant authorities as required by law.
8. International data transfers
Veyra's subprocessors operate globally. By using the Service you consent to your information being processed in jurisdictions that may have different data-protection laws than your own. Where required, we rely on standard contractual clauses or equivalent safeguards.
9. Children
Veyra is not directed to children under 16 and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact support@veyra.sh and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date above shows when it was last revised. For material changes affecting how we use your information, we will notify you by email or in-app notice before the change takes effect.
11. Contact us
Questions, requests, or complaints? Email support@veyra.sh.