Home / Privacy Policy

Privacy Policy

Last updated: June 4, 2026.

This policy covers two groups: people who create an account on Veltima, and store owners whose public websites are indexed by our crawlers. We treat both carefully.

What we collect about account holders

  • Name and email — from Google OAuth when you sign up.
  • Usage data — pages visited, searches run, exports created. Used to enforce plan limits and improve the product.
  • Billing metadata — plan, subscription status, payment references. Card numbers never touch our servers; they're handled by our payment processor.
  • Support correspondence — if you email us, we keep the thread to help you and train our team.

What we collect from public websites

We crawl publicly accessible pages on e-commerce stores to build our index. This includes:

  • Technology signals (CMS, payment providers, analytics tools).
  • Publicly listed contact details (emails, phone numbers, social handles) when present.
  • Product information, store metadata, buying signals like sold-out states.

We respect robots.txt and apply per-host rate limits to avoid burdening any site. We do not attempt to access private or gated content.

How we use data

For account holders: to provide the service, enforce plan limits, process billing, send transactional emails, and — only if you opt in — product updates.

For store data: to make it searchable and exportable by our users for legitimate B2B purposes (prospecting, qualification, market research).

Legal basis (GDPR)

We process account data under the contract we have with you. We process public store data under our legitimate interest in providing a commercial directory of public information, balanced against the rights of store operators — who can always request removal (see below).

Who we share data with

  • Payment processors (WayForPay, and Stripe for Enterprise) — to charge cards and handle subscriptions.
  • Infrastructure providers (Hetzner, Cloudflare) — who host and protect the service.
  • Email delivery — for transactional mail (password resets, billing receipts).

We don't sell personal data. We don't share it with advertisers.

Data location

All data is stored in the EU — Hetzner's Helsinki and Falkenstein data centers. Backups stay in the EU.

How long we keep data

  • Account data — while your account is active and for up to 12 months after deletion, for legal and billing reconciliation.
  • Billing records — 7 years (tax requirement).
  • Store data — indefinitely while the store is publicly reachable; removed within 7 business days on owner request.

Your rights

Under GDPR and similar laws, you can access, correct, export, or delete your personal data. Email support@veltima.app and we'll handle the request within 30 days.

Store owners can request removal of their site from our index using the same email. We handle removal within 7 business days.

Cookies

We use only essential cookies required to keep you logged in and to remember your billing-intent after OAuth redirects. No tracking, no advertising cookies, no third-party analytics.

Data Processing Agreement

Enterprise customers can request a signed DPA. Email support@veltima.app with your company details.

Security

We use HTTPS everywhere, encrypt backups, keep dependencies up to date, and apply the principle of least privilege for access to production data. If you believe you've found a security issue, please responsibly disclose it by emailing support@veltima.app.

Changes to this policy

Material changes are communicated by email or in-app at least 14 days before they take effect.

Contact

Questions or requests? Email support@veltima.app.