Version: May 2025
Effective: Upon use of https://app.vell.ai
1. Introduction
Vell LLC (“we”, “us”, or “our”) is committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This Privacy Policy explains how we collect, use, share, and protect your personal data when you use the services offered through https://app.vell.ai (the “Platform”).
We act as a Data Controller with respect to the personal information you submit during account creation or usage of the Platform. We may also act as a Processor for AI-generated inputs and listing data submitted by our users.
2. Types of Personal Data We Collect
We collect and process the following categories of personal data:
-
Account Information: Full name, business email, password, organization name
-
Usage Data: IP address, browser type, time zone, pages visited
-
Listing Content: Input data used for AI generation, metadata, product descriptions, media prompts
-
Generated Output: AI-generated suggestions, content, and summaries (stored in tenant-isolated format)
-
Session Data: Laravel cookies, session tokens, Redis cache IDs
3. Legal Basis for Processing
We rely on the following lawful bases under Article 6 of the GDPR:
| Purpose | Legal Basis |
|---|---|
| Providing services to registered users | Contractual necessity (Art. 6(1)(b)) |
| AI-generated listing content | Legitimate interest (Art. 6(1)(f)) |
| Analytics and system performance | Legitimate interest |
| Sending transactional communications | Contractual necessity |
| Optional AI-assisted suggestions | Consent (Art. 6(1)(a)) – Opt-in based |
4. How We Use Your Data
We use personal data to:
-
Create and manage your user account
-
Generate cloud marketplace listing content
-
Support Retrieval-Augmented Generation (RAG) features within tenant boundaries
-
Improve product experience through system analytics and feature usage
-
Fulfill legal obligations and respond to lawful requests
5. Data Retention & Storage
We store your data on AWS infrastructure and Cloudflare R2, primarily in the United States. We retain user-generated content and outputs for as long as necessary to deliver the service, or until deletion is requested.
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion |
| Input/output content | 90 days by default |
| Audit logs | 180 days (for compliance) |
| Session data | 24 hours (rolling) |
You may request deletion or export at any time by contacting privacy@vell.ai.
6. Data Sharing & Processors
We do not sell or share personal data with third parties for marketing purposes.
We use trusted third-party processors to support the Platform:
-
Amazon Web Services (AWS) – infrastructure, Bedrock (AI processing)
-
Cloudflare R2 – object storage
-
Redis/Aurora (AWS RDS) – caching and data storage
-
Optional Analytics Providers – not enabled without consent
Each provider is GDPR-compliant and bound by data processing agreements (DPAs).
7. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Right of Access | Request a copy of your personal data (Art. 15) |
| Right to Rectification | Correct incomplete or inaccurate data (Art. 16) |
| Right to Erasure ("Right to be Forgotten") | Request deletion of your personal data (Art. 17) |
| Right to Restrict Processing | Limit how your data is used under certain conditions (Art. 18) |
| Right to Data Portability | Request export of your data in a structured, machine-readable format (Art. 20) |
| Right to Object | Object to certain types of data processing, including direct marketing (Art. 21) |
| Right to Withdraw Consent | If processing is based on your consent, you may withdraw it at any time |
| Right to Lodge a Complaint | File a complaint with your local supervisory authority |
To exercise any of these rights, contact privacy@vell.ai.
8. Security Measures
We implement a combination of technical and organizational measures to protect your data:
-
Encrypted transit (TLS 1.2+) and encrypted storage (AES-256)
-
Access control and role-based permissions for tenant data
-
Laravel CSRF protection and secure cookie handling
-
Periodic audits and vulnerability patching
Note: Users are responsible for securing their own credentials and managing authorized access within their teams.
9. Cookies & Analytics
We use:
-
Session Cookies (Laravel, Redis) to maintain login state
-
CSRF Tokens for request validation
-
No analytics are run without user opt-in. When enabled, data is anonymized and used solely for performance insights
You can manage cookie preferences via your browser settings.
10. International Transfers
While our infrastructure is based in the United States, we commit to safeguarding personal data in accordance with the GDPR. We rely on standard contractual clauses and appropriate safeguards for international transfers from the EEA or UK.
11. Automated Decision-Making
We may use AI tools (e.g., Bedrock + Claude) to:
-
Suggest marketplace listing content
-
Rank generated outputs
-
Offer auto-refresh listing recommendations
No automated decisions are made that have legal or similarly significant effects on users without human review.
Data Roles & Responsibilities
| Entity | Role Under GDPR | Description |
|---|---|---|
| Vell LLC | Data Controller | Determines the purpose and means of processing personal and listing-related data submitted by users. |
| Amazon Web Services (AWS) | Data Processor | Provides cloud infrastructure (Aurora, EC2, Redis, Bedrock) for data storage and AI content generation. |
| Amazon Bedrock / Claude | Sub-Processor | Processes user inputs and generates content via APIs. No training or persistent logging is performed by default. |
| Cloudflare R2 | Data Processor | Handles file and object storage. Vell manages the structure and access. |
| User (Marketplace Partner) | Data Subject / Platform User | Provides content and inputs to the platform. May control access to their tenant's data internally. |
12. Contact & Updates
Data Controller:
Vell LLC
privacy@vell.ai
1525 US Highway 380 STE 209
FRISCO, TX 75033, USA
This policy may be updated from time to time. The latest version will always be available at https://app.vell.ai/privacy-policy. We will notify users via email or platform banners in case of material changes.