Legal

Privacy Policy

How dsaveil.io collects, processes, transfers, and retains personal data.

Controller

Declade UG (in Gründung), [email protected]. This policy covers the dsaveil.io marketing website, the Solo Free account flow, and server-side endpoints reachable from the website.

1. Data We Collect

Contact and lead submissions. Five surfaces with distinct storage: (1) the main contact form (POST /api/contact-inquiry) is delivered to our contact inbox via Resend email and is not persisted in any database of ours; (2) the public lead-capture form and the Solo Pro public waitlist form (mounted on /compliance/checklist, /scanner, /evidence-layer, /platform, and /pricing; POST /api/leads/capture) write to our Supabase database (leads table); (3) the demo lead gate on /try (POST /api/demo/register) stores the email as an entry in .demo-leads.json on the server filesystem (Hetzner VPS); (4) the use-case analyzer lead gate (POST /api/use-case/register) appends a structured record to .usecase-leads.json on the Hetzner VPS filesystem. The record contains your email, the analyzer mode selected, industry, data sensitivity classification, a free-text description you provide (up to 500 characters), the analysis mode, and a timestamp; (5) the in-account Solo Pro feature-interest expression from the account billing and license pages (POST /api/account/waitlist) is held in volatile server memory only and triggers a confirmation email via Resend. Each surface collects only the information you provide — typically your email. For the main contact form, we collect your email address (required), optional company name, an optional free-text use-case description (up to 2000 characters), and an optional indicator of whether you operate in a regulated industry. Note: /api/demo/process and /api/use-case/analyze are separate inference endpoints (covered in §3 Anthropic), not lead-storage routes.

Account data. Account creation is email-only; no password is collected at any stage. When you submit your email, we generate a single-use verification token (valid 24 hours, stored in volatile server memory) and email it to you via Resend. When you click the verification link, we create a Supabase Auth user record, provision your customer record in our Supabase database, and our gateway generates your DSA API key. The raw API key is emailed to you once via Resend; our database stores only a SHA-256 hash of the key and a 12-character prefix for identification. The raw key is not retained after the email is sent and is never displayed in the web interface. Subsequent logins use Supabase Auth to issue session cookies (duration per Supabase defaults).

Web analytics. Plausible (cookieless, EU-hosted) records page-level aggregate usage. No cookies are set, no cross-site tracking is performed, and no personally identifying information is captured by Plausible.

Server-level access logs. Server-level request logs (IP address, user-agent, request URL, timestamp) are captured at the infrastructure level by our hosting provider (Hetzner) via systemd journald. Retention follows systemd journald defaults; specific retention will be documented upon UG registration.

Waitlist submissions use two distinct storage paths. The public Solo Pro waitlist (accessible via the pricing page and selected product surfaces) posts to /api/leads/capture and is persisted in the Supabase leads table alongside other lead-capture submissions. The in-account waitlist (accessible from /account/license and /account/billing when logged in) posts to /api/account/waitlist and is held in volatile server memory, with a confirmation email sent via Resend; the in-account submission itself is not persisted and is lost on server restart.

2. How We Use It

To operate the website, provision Solo Free accounts, and authenticate you when you sign in.

To respond to contact, pilot, demo-lead, use-case, and waitlist submissions.

To send transactional email: email verification at signup, delivery of your DSA API key at signup, support responses, and waitlist confirmations.

To understand aggregate website usage via privacy-preserving analytics.

To diagnose errors and investigate abuse using server-level access logs.

3. Sub-processors

We use the following third-party sub-processors. Each processes only the data strictly required for its role.

  1. 1. Hetzner
    Infrastructure hosting. Germany.
  2. 2. Cloudflare
    DNS, CDN, DDoS mitigation. Operates globally including outside the EU/EEA; transfers covered by Standard Contractual Clauses.
  3. 3. Supabase
    Auth (session cookies for account holders) and Database (leads table, blog_posts table). EU region.
  4. 4. Resend
    Transactional email — signup verification, DSA API key delivery, contact form responses, support responses, waitlist confirmation.
  5. 5. Plausible
    Cookieless website analytics. EU-hosted. No cookies, no cross-site tracking.
  6. 6. Anthropic
    Processes user input submitted to /api/demo/process and /api/use-case/analyze using our Veil-operated API key (not BYOK). /api/demo/process is reachable via the /try demo UI. /api/use-case/analyze is currently server-only and not exposed via any UI, but is documented here because the endpoint exists in the codebase. US processor; Standard Contractual Clauses in place.
  7. 7. FreeTSA (freetsa.org)
    RFC 3161 timestamp authority. Receives SHA-256 cryptographic hashes of Veil Certificates only. No user content transmitted.
  8. 8. Sigstore Rekor
    Public transparency log operated by the Sigstore project. Receives SHA-256 cryptographic hashes of Veil Certificates only. No user content transmitted.

4. Your Rights Under GDPR

Under GDPR Chapter III, you have the following rights regarding your personal data. Exercise any of these by emailing [email protected].

  • Art. 15Right of access
  • Art. 16Right to rectification
  • Art. 17Right to erasure
  • Art. 20Right to data portability
  • Art. 21Right to object
  • Art. 77Right to lodge a complaint with your national data protection authority

5. Data Retention

Retention per lead-submission surface (see §1 for the surface-by-surface taxonomy): (1) Main contact form — delivered as email via Resend to [email protected], not persisted in any database of ours; follows Resend retention and the operator's email-inbox policy. (2) Public lead-capture + Solo Pro public waitlist (Supabase leads table) — retained until deletion is requested via [email protected]. (3) Demo lead gate (.demo-leads.json on VPS filesystem) — retained until deletion is requested via [email protected]. (4) Use-case analyzer lead gate (.usecase-leads.json on VPS filesystem) — retained until deletion is requested via [email protected]. (5) In-account Solo Pro feature-interest expression — held in volatile server memory only, lost on server restart (no database retention applies). Automated retention schedules for persisted surfaces will be published upon UG registration.

Account data (email, DSA API key SHA-256 hash and 12-character prefix) is retained for as long as the account exists. Upon account deletion request, account data is removed from our database and the raw DSA API key is revoked at the gateway.

Waitlist submissions retention depends on the path. Public Solo Pro waitlist submissions (POST /api/leads/capture) are persisted in the Supabase leads table and retained until you request deletion via [email protected]. In-account waitlist submissions (POST /api/account/waitlist) are held in volatile server memory only and are lost on server restart; a confirmation email is sent via Resend at the time of submission.

Server-level request logs follow systemd journald defaults on the Hetzner VPS; specific retention will be documented upon UG registration.

6. International Transfers

Anthropic (US) and Cloudflare (global edge) process data outside the European Union / European Economic Area. Both transfers are covered by Standard Contractual Clauses (GDPR Article 46(2)(c)). All other sub-processors operate within the EU/EEA.

Data sent to Anthropic is limited to the content you submit via /api/demo/process or /api/use-case/analyze and is not combined with other identifying data on our side. Data routed through Cloudflare is limited to what is necessary for DNS resolution, CDN caching of public assets, and DDoS mitigation.

7. Security

Architectural measures that apply to the platform referenced by this website (The Veil):

  • Dual-sandbox architecture: identity data in Sandbox A, pseudonymous tokens in Sandbox B, with a governed bridge between them.
  • Kubernetes NetworkPolicy isolation across 7 namespaces (27 NetworkPolicy resources enforcing pod-level traffic rules).
  • Column-level encryption on PII fields in Sandbox A.
  • Three-layer PII detection pipeline (Presidio NER, Quasi-Identifier Risk Engine, LLM PII Shield) prior to any inference path seeing submitted data.
  • Ed25519-signed per-request certificates and an append-only audit hash chain.
  • The Gateway fails closed on its own Veil evidence: if it cannot record a signed, request-level claim, the inference is refused at the edge.
  • External certificate anchoring via FreeTSA (RFC 3161) and Sigstore Rekor (cryptographic hashes only; no user content is transmitted to these services).

These are architectural and evidence mappings, not held certifications. We do not claim SOC 2, ISO 27001, HIPAA, or any other formal compliance attestation.

8. Changes to This Policy

This policy is a v1.0 draft. Material changes will be reflected in the version number and date at the bottom of this page. Continued use of the site after a revision constitutes acknowledgment of the revised policy.

9. Contact

All privacy enquiries: [email protected].

v1.0 draft — April 24, 2026 — subject to review upon Declade UG registration.

Want to see this in action?

Book a working session — we'll walk through your use case together.

Contact us