Privacy Policy
Privacy at Veto
Last updated: March 2, 2026
This Privacy Policy explains how Plaw, Inc. ("Plaw," "we," "our," "us") collects, uses, stores, and shares information when you use veto.so and related services, including api.veto.so and auth.veto.so.
1. Roles and Scope
For account administration, service delivery, security operations, and billing, Plaw generally acts as a data controller. For tool-call payloads, policy content, and other customer-submitted operational data processed on your instructions, Plaw generally acts as a data processor and your organization acts as controller.
This policy covers current data flows and planned core product flows used for Veto Cloud operation.
2. Data We Collect and Process
| Category | Examples | Source | Purpose | Legal Basis | Retention |
|---|---|---|---|---|---|
| Account and profile data | Email, name fields, profile image URL, auth provider identifier | You or your identity provider | Account creation, authentication, organization membership, support | Contract; legitimate interests | Account lifetime, then deleted or de-identified within operational windows |
| Authentication and session data | JWT claims, auth cookies, refresh/device-code records, login metadata | Auth flows and CLI device flow | Sign-in, session continuity, fraud and abuse prevention | Contract; security legitimate interests | Short-lived tokens by design; refresh/device records until expiry, revocation, or cleanup |
| Organization and project data | Organization name/slug, project name, owner identifiers, plan tier | Workspace admins and system events | Multi-tenant isolation, permissions, billing and feature gating | Contract; legitimate interests | Until organization/project deletion and related operational retention periods |
| Policy and tool configuration | Tool names/descriptions/schemas, policy constraints, exceptions, mode settings | You, your SDK/CLI, or generated drafts reviewed by you | Policy enforcement and policy lifecycle management | Contract | Until deleted or replaced by you |
| Validation payload data | Tool arguments and optional context submitted for validation | Your agents, SDKs, CLI, and API requests | Authorize, deny, or require approval before tool execution | Contract; processor role for customer content | Stored in decision/approval records according to current and planned retention windows |
| Decision and approval logs | Decision outcome, reason, latency, matched checks, approval status/resolver | Validation and approval workflows | Auditability, analytics, debugging, security investigations, exports | Contract; legitimate interests | Current and planned policy targets by tier: 7d free, 30d team, 90d business, enterprise configurable |
| Session telemetry | Session IDs, call counts, cumulative argument values, agent ID metadata | Validation requests with session context | Session constraints and abuse/risk controls | Contract; legitimate interests | Operationally retained while needed for enforcement and audit |
| MCP gateway upstream data | Upstream URL/command/args, optional upstream headers (encrypted at rest) | Workspace configuration | Route and authorize MCP upstream calls | Contract | Until upstream is updated/deleted by workspace admins |
| Billing and commercial data | Customer/org IDs, email/name for billing profile, product/tier and usage events | You and billing provider interactions | Subscription management, entitlement checks, invoicing and portal flows | Contract; legal obligations | Contract term plus legally required financial record periods |
| Demo and contact submissions | Work email, company, message, submitted timestamp, IP, user agent, referer | Website forms and webhook endpoint | Respond to requests, sales operations, abuse control | Consent or pre-contract steps; legitimate interests | Sales lifecycle and operational log retention periods |
| Client-side storage data | LocalStorage auth/org/project selections, theme preference, local demo submission cache | Your browser | Session persistence and UX settings | Legitimate interests; contract | Until cleared by logout, browser settings, or local expiration behavior |
| Infrastructure and security logs | Request metadata, service logs, Cloud Logging records | Application and cloud infrastructure | Reliability, incident response, monitoring, abuse prevention | Legitimate interests; legal obligations | Cloud log bucket retention currently 30 days default and 400 days required logs |
3. Important Product-Specific Transparency Notes
- Validation requests include tool name, arguments, and optional context. These may contain personal data depending on what your systems send.
- Decision and approval records store payloads and outcome metadata to provide audit trails and exports.
- If LLM-based validation or policy generation is enabled, relevant prompt material may be transmitted to the configured LLM provider.
- MCP upstream headers are stored encrypted at rest when configured and may be decrypted for authorized runtime use.
- Demo request webhooks currently log contact fields plus request metadata (IP, user-agent, referer) for abuse prevention and follow-up.
4. How We Use Data
- Deliver and secure the Services.
- Authenticate users and manage organization/project access.
- Evaluate tool calls and produce allow/block/approval outcomes.
- Provide logs, analytics, and exports for customer audit needs.
- Operate billing, entitlements, and subscription lifecycle events.
- Prevent fraud, misuse, and abuse, and investigate incidents.
- Comply with legal obligations and enforce contractual rights.
5. Cookies and Local Storage
We use authentication cookies on auth.veto.so and local browser storage for app session and settings. Current keys include:
- veto_auth_token, veto_auth_user
- veto_current_org, veto_current_project
- veto_theme, veto_demo_requests
6. Sharing and Recipients
We share data only as needed to operate the Services, including with:
- Cloud infrastructure providers (hosting, networking, logging, storage).
- Managed database and cache providers used to run the platform.
- Identity/authentication providers and OAuth providers.
- Billing provider(s) and payment infrastructure.
- Transactional email providers for verification and account messages.
- Configured model providers for LLM-assisted features.
- Customer-configured outbound endpoints such as webhooks and external integrations.
We do not sell personal information and do not share personal information for cross-context behavioral advertising.
7. International Transfers
Data may be processed in the United States and other jurisdictions where we or our processors operate. Where required, we implement appropriate transfer safeguards such as contractual protections.
8. Security Measures
- Encryption in transit for service endpoints.
- Hashed API key storage and scoped access controls.
- Secret management for production credentials.
- Operational monitoring, logging, and abuse-rate controls.
- Optional encryption at rest for MCP upstream headers.
9. Data Retention and Deletion
We retain data only as long as needed for service delivery, security, legal obligations, and legitimate business needs. Current and planned product retention targets for decision logs by tier are 7 days (Free), 30 days (Team), 90 days (Business), and enterprise-configurable retention for Enterprise plans.
You may request deletion of account/workspace data, subject to legal retention obligations and backup-recovery constraints.
10. Your Privacy Rights
Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing.
- EEA/UK/Switzerland users may exercise GDPR-style rights.
- U.S. state residents may have rights under applicable state privacy laws, including rights to know, delete, and correct.
- You may designate an authorized agent where required by law and subject to verification.
Submit privacy requests at sales@veto.so.
11. Children's Privacy
The Services are not directed to children under 16, and we do not knowingly collect personal information from children under 16.
12. Changes to This Policy
We may update this Privacy Policy as our services and legal obligations evolve. We will post updates on this page and revise the "Last updated" date.
13. Contact and Complaints
Privacy, security, and data processing inquiries can be sent to sales@veto.so.
For service terms, see our Terms of Use.