Privacy Policy
This policy details how Vaelis Group protects user privacy, enforces zero-knowledge boundaries, and maintains non-custodial independence across our cognitive infrastructure.
01. Overview & Scope
Vaelis Group operates as an applied AI research and product lab dedicated to building cognitive infrastructure for the modern web. This Privacy Policy applies to all applications, APIs, SDKs, and visual sandboxes developed by Vaelis Group (collectively, the “Platform”).
Our primary architectural commitment is to human sovereignty and privacy. Whether serving regular consumers automating daily tasks or enterprise institutions coordinating treasury operations across Web2 and Web3, we design systems that minimize data collection by default.
02. Non-Custodial Privacy & Keys
Vaelis Group software is strictly non-custodial and decentralized at the execution layer. We do not collect, store, transmit, or have access to:
- Private cryptographic keys, seed phrases, or institutional signing credentials.
- Multi-signature vault authorization tokens or master API secrets.
- Direct control over user funds or digital assets on any blockchain or banking protocol.
All transaction bundle approvals and intent signatures occur locally on the user's device or within institutional hardware security modules (HSMs).
03. Studio Simulation Data
Maren and Vaelis Studio send prompts and relevant conversation context to configured AI providers, including Google and OpenAI, to generate responses and simulated execution plans. The simulations do not broadcast transactions or control user funds.
If a user enables optional research analytics, redacted prompts, responses, tool activity, timing, and token usage may be retained for up to 90 days. Choosing Essential only disables that research storage. Secret-like values are automatically redacted, but users should never submit private keys, seed phrases, passwords, or production credentials.
04. System Telemetry & Analytics
We process limited operational telemetry to operate the service, investigate failures, and prevent abuse:
- Security telemetry: Truncated network addresses, coarse location, browser, device, access attempts, and rate-limit counters. Network addresses and user-agent strings are removed after seven days.
- Optional Studio research: With permission, redacted prompts, responses, performance, tool activity, and token metrics are retained for no more than 90 days.
- Service providers: We use infrastructure and processing providers such as Vercel, PostgreSQL hosting, Google, OpenAI, Resend, and private object storage where required to deliver the Platform.
05. Institutional Contact
For formal inquiries regarding cryptographic boundary verification, data residency compliance, or institutional sandbox audits, contact our legal and systems security syndicate.