Veil is operated by:
Askus GmbH
c/o Vigor Trustees
Pflugstrasse 20
9490 Vaduz
Liechtenstein
For privacy inquiries: relations@veil.li
Askus GmbH is the data controller and responsible for processing your personal data in accordance with GDPR and applicable EEA data protection regulations.
Veil is a private membership network. We collect and process a minimal amount of personal data, limited to what is necessary to:
Veil is designed with privacy and discretion as core principles. We do not operate public profiles, public feeds, member lists, or social features. All member data is strictly confidential.
When you apply for membership on the Veil landing page, we collect:
| Data Category | Purpose | Retention |
|---|---|---|
| Email address | Account creation, membership verification, authentication | Indefinite (confirmed) / 7 days (pending) / 30 days (failed) / 90 days (refunded) |
| Referral code (if provided) | Membership referral tracking | Same as membership record |
| Commitment tier selection | Recording membership level | Same as membership record |
| IP address (SHA-256 hashed) | Rate limiting, fraud prevention | 90 days |
| Firebase Auth UID | Account identification and authentication | Same as membership record |
| Application timestamps | Recording application lifecycle | Same as membership record |
| Terms acceptance timestamp | Evidence of consent | Same as membership record |
Payment card data (credit card details, expiration dates, CVV) is never stored on Veil servers. Payment processing is handled entirely by Stripe, our PCI DSS Level 1 certified payment processor. Stripe maintains exclusive control over payment information and transmits only transaction confirmations back to Veil (transaction ID, amount, timestamp, success/failure status).
We process your personal data under the following legal bases under Article 6 GDPR:
Role: Data processor
Services: Application hosting, authentication infrastructure, Firestore database
Data shared: Email, Firebase UID, application timestamps, commitment tier, IP hash
Location: europe-west6 (Zurich, Switzerland)
Legal basis for transfer: Google Cloud has achieved adequacy decisions under GDPR for European data centers
Role: Data processor for payment data; independent controller for payment analytics
Services: Payment processing, fraud detection
Data shared: Email, transaction amount, commitment tier, IP address
Certification: PCI DSS Level 1
Legal basis for transfer: Stripe's Standard Contractual Clauses comply with GDPR requirements
Firebase infrastructure is hosted in the europe-west6 region (Zurich), which is located within the EEA. Data remains within EEA jurisdiction under Swiss data protection laws, which maintain adequacy with GDPR.
Stripe processes payment data in the United States. Stripe implements Standard Contractual Clauses (SCCs) approved by the European Commission, binding contractual commitments ensuring compliance with GDPR levels of protection, and technical and organizational measures including encryption of personal data in transit and at rest.
| Status | Retention Period | Details |
|---|---|---|
| Pending applications | 7 days | Applications awaiting payment confirmation are deleted after 7 days of inactivity |
| Confirmed memberships | Indefinite | Email and membership records retained for membership validity |
| Failed applications | 30 days | Applications with payment failures retained for 30 days, then deleted |
| Refunded memberships | 90 days | Retained for 90 days, then anonymized for audit purposes |
| IP address hashes | 90 days | Hashed IP data retained 90 days, then deleted |
After retention periods, data is either deleted or anonymized such that it can no longer be attributed to an individual.
You have the right to request a copy of the personal data we hold about you. To exercise: Send a request to relations@veil.li with the subject line "Data Access Request".
You have the right to correct inaccurate or incomplete personal data. If you believe your data is incorrect, please contact us immediately.
You have the right to request deletion of your personal data under certain circumstances, including when data is no longer necessary, when you withdraw consent, when you object to processing, or when data has been unlawfully processed.
We may retain data if required by law or if deletion conflicts with legal obligations or contract performance.
You may request that we limit how we process your data while you dispute its accuracy or challenge the lawfulness of processing.
You have the right to receive your personal data in a structured, commonly used, machine-readable format. To exercise: Send a request to relations@veil.li with the subject line "Data Portability Request".
You have the right to object to processing of your personal data where the legal basis is legitimate interest.
Where we rely on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.
You have the right to lodge a complaint with the relevant data protection authority:
Liechtenstein Office of the Data Protection Commissioner (Datenschutzstelle)
Aulestrasse 51
9490 Vaduz, Liechtenstein
www.datenschutzstelle.li
Veil does not set any cookies or tracking technologies. No analytics scripts, pixels, or user-tracking mechanisms are deployed by Veil.
| Service | Cookie Type | Purpose | Your Control |
|---|---|---|---|
| Firebase | Session/Functional | Authentication, security | Browser cookie settings |
| Stripe | Functional/Security | Payment processing, fraud detection | Browser cookie settings |
These are functional cookies only. No advertising or behavioral tracking cookies are used.
Veil does not use automated decision-making or profiling that produces legal or similarly significant effects on individual members. Rate limiting and fraud detection may use automated thresholds, but these are protective measures and do not deny access without human review.
We implement appropriate technical and organizational security measures to protect your personal data:
Despite these measures, no security system is completely impenetrable. We commit to promptly notifying affected members of any data breach.
Veil is not intended for individuals under 18 years old. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete it immediately. If you believe we have collected data from a child, please contact us at relations@veil.li.
We may update this Privacy Policy to reflect changes in our data processing practices or legal requirements. Material changes will be communicated to members via email or posted to our website at least 30 days before taking effect. Your continued use of Veil following notification of material changes constitutes your acceptance of the updated policy.
For any questions about this Privacy Policy, requests to exercise your rights, or privacy concerns:
Email: relations@veil.li
Mailing Address:
Askus GmbH
c/o Vigor Trustees
Pflugstrasse 20
9490 Vaduz
Liechtenstein
We aim to respond to privacy requests within 14 calendar days.
If you have questions about our data processing practices, you may direct inquiries to: relations@veil.li.
| Processing | Legal Basis | Justification |
|---|---|---|
| Email verification | Contract + Consent | Required for membership authentication |
| Commitment tier recording | Contract | Required to establish membership level |
| Payment processing | Contract | Required to execute membership payment |
| IP rate limiting | Legitimate Interest | Prevents abuse and protects infrastructure |
| Application timestamps | Contract + Legitimate Interest | Membership record + fraud prevention |
| Referral tracking | Legitimate Interest | Enables referral system |