Draft under legal review.
Draft — under legal review. This Privacy Policy has not been finalized. Do not use VellumGuard for regulated production data, PHI, or customer-sensitive production workloads unless separately agreed in writing with VellumGuard. VellumGuard is not currently SOC 2 certified, is not currently HIPAA compliant, and no Business Associate Agreement (BAA) is currently available.
VellumGuard is currently in private beta / design-partner access. A complete Privacy Policy will be published at this URL before any public or commercial launch. The notes below describe our current data practices as they stand during beta.
Data is stored in Google Cloud SQL (Postgres) in us-east1. Automated
daily backups are retained according to Cloud SQL defaults. EU data residency is
not currently available.
We do not sell data. During beta, data is processed by VellumGuard and its infrastructure providers (Google Cloud). A sub-processor list will be published with the final Privacy Policy.
During the private beta, do not send PHI, PCI card data, or other regulated personal data through the VellumGuard API without a separate written data-handling agreement. Contact beta@vellumguard.com before sending regulated data.
Privacy questions: beta@vellumguard.com
Last updated: draft — not finalized. Version will be stamped when legal review is complete.