Our Core Privacy Promise
Vellum Secure uses Zero-Trust, On-Device architecture. Your sensitive data is analyzed locally on your machines and NEVER transmitted to our servers. We only receive anonymized metadata—never the actual content of your files, messages, or clipboard.
1. Introduction
Vellum Secure Security Ltd. ("Vellum Secure," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products and services, including our Desktop Application, Browser Extension, and Cloud Dashboard.
By using Vellum Secure products, you agree to the collection and use of information in accordance with this policy.
2. Our Zero-Trust Architecture
Unlike traditional DLP solutions that route your data through cloud servers for analysis, Vellum Secure employs a fundamentally different approach:
2.1 On-Device Processing
- All sensitive data detection and analysis occurs locally on your device
- Our lightweight AI model runs entirely on your machine
- No sensitive content is ever transmitted to Vellum Secure servers
- Analysis happens before data reaches the network (Pre-Submission Analysis™)
2.2 What We Never Collect
We Do NOT Collect:
The actual content of your clipboard, files, emails, messages, or any text you type. We do not see, store, or process your sensitive data. Period.
3. Information We Collect
We collect only the minimum information necessary to provide our security services:
| Data Type | Collected? | Purpose |
|---|---|---|
| Sensitive content (clipboard, files, text) | NO | — |
| Passwords or credentials | NO | — |
| Personal communications | NO | — |
| Event type (e.g., "blocked attempt") | YES | Security alerts & analytics |
| Timestamp of events | YES | Audit trails |
| Destination URL (anonymized) | YES | Threat detection |
| Device identifier (hashed) | YES | License management |
| Account email (Enterprise admins) | YES | Account management |
4. How We Use Information
The limited metadata we collect is used exclusively for:
- Security Alerts: Notifying IT administrators of potential data leakage attempts
- Analytics Dashboard: Providing aggregated security insights (no individual content)
- Product Improvement: Understanding usage patterns to improve protection
- License Verification: Ensuring valid subscription status
- Customer Support: Responding to your inquiries
5. Data Storage and Security
5.1 Where Data is Stored
- Sensitive Data: Never leaves your device. Stored locally with encryption.
- Metadata: Stored in secure cloud infrastructure (AWS/GCP) with encryption at rest and in transit.
- Account Information: Stored in our secure database with industry-standard encryption.
5.2 Security Measures
- AES-256 encryption for all stored data
- TLS 1.3 for all data in transit
- SOC 2 Type II compliant infrastructure
- Regular third-party security audits
- Zero-knowledge architecture for sensitive content
6. Data Sharing
We do not sell, rent, or trade your information. We may share limited data only in these circumstances:
- With Your Employer: If you use Vellum Secure through an enterprise license, your IT administrator may view security alerts and anonymized analytics related to your device.
- Service Providers: Trusted partners who assist in operating our services (cloud hosting, payment processing), bound by strict confidentiality agreements.
- Legal Requirements: When required by law, court order, or to protect our legal rights.
7. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data ("Right to be Forgotten")
- Portability: Request your data in a machine-readable format
- Objection: Object to certain processing activities
To exercise these rights, contact us at privacy@vellum-secure.com
8. International Data Transfers
If you are located outside of Israel, your metadata may be transferred to and processed in Israel or other countries where our service providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where applicable.
9. Children's Privacy
Vellum Secure is designed for enterprise use and is not intended for individuals under 18 years of age. We do not knowingly collect information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of Vellum Secure after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
- Email: privacy@vellum-secure.com
- General Inquiries: hq@vellum-secure.com
- Phone: +972-54-830-0544
Summary: Your Data, Your Control
Vellum Secure was built from the ground up with privacy as a core principle. We protect your data by never seeing it in the first place. That's the Vellum Secure difference.