Privacy Policy

1. Who we are

Veontra ("Veontra", "we", "us") operates the veontra.com website — a cloud service that extracts structured data from documents such as invoices, receipts, resumes, bank statements, and ID documents.

This Privacy Policy explains what personal data and document content we process, why we process it, which third parties are involved, and what choices you have. It applies when you visit our marketing pages, create an account, upload documents, or manage billing.

2. Data we collect

We collect only the data needed to run the service, secure accounts, and bill paid plans.

• Account data: email address, optional first and last name, password hash (for email sign-up), Google account identifier when you use Sign in with Google, organization name, your role (owner or member), and account type (personal or organization).
• Security and verification data: IP address recorded at registration, email verification and password-reset token metadata, and Cloudflare Turnstile signals when you register.
• Document data: files you upload (PDF, images, and similar formats), file name and MIME type, processing status, extracted fields and confidence scores, raw text used for extraction, and which team member uploaded or approved each document.
• Usage and billing data: trial status and end date, monthly document limit, documents processed in the current period, pay-as-you-go credit balance, subscription status, Paddle customer and subscription identifiers, billing period dates, and transaction references from our payment provider.
• Organization collaboration data: email addresses you invite to your organization and invite status.
• Google account data (optional): when you use Sign in with Google or connect Google Sheets export, we receive your Google account identifier, Google email address, and — for Google Sheets — an OAuth refresh token stored to perform exports you request (see Section 6).
• Technical data: HTTP cookies that keep you signed in and remember your language preference, server logs needed for security and troubleshooting, and audit log entries (for example document approval or export actions).

3. How we use your data

We use the data above to create and manage your account, authenticate you, send transactional emails (verification and password reset), store and process your documents, show extraction results for human review, enforce plan limits, process payments, provide customer support, prevent abuse, and improve reliability of the platform.

We do not sell your personal data and we do not use your uploaded documents to train public AI models. Document content is sent to our AI provider only to perform extraction for your organization.

We use Google user data only to provide Sign in with Google and Google Sheets export features you choose to enable. We do not use Google user data for advertising, sell it to data brokers, use it to train AI models, or transfer it for purposes unrelated to app functionality.

4. Legal bases (EEA/UK users)

Where GDPR or similar laws apply, we rely on: performance of a contract (providing the service you signed up for); legitimate interests (security, fraud prevention, service improvement, and enforcing our terms); and consent where required (for example optional marketing communications, if we offer them in the future). You may withdraw consent at any time without affecting processing that is required to provide the service.

5. Third-party service providers

We use trusted processors that help us operate Veontra. They may process data only on our instructions and for the purposes listed below.

• Paddle — payment processing, subscriptions, invoices, and tax handling. Paddle receives billing contact details and payment information you enter in their checkout. We do not store full card numbers on our servers.
• Amazon Web Services (S3) — private storage of uploaded document files. Files are accessed through time-limited signed URLs, not public links.
• AI API provider (currently OpenAI-compatible API, default model gpt-4.1-mini) — document text and images are transmitted to extract structured fields. Processing is scoped to your request.
• SMTP email provider — delivery of verification, password-reset, and organization invite emails.
• Google — Sign in with Google authentication and Google Sheets export via OAuth (see Section 6).
• Cloudflare Turnstile — bot protection on registration.
• Google Fonts — web font delivery when you load our site.

6. Google user data

Veontra offers two optional Google integrations. Each is initiated by you through Google OAuth. We access Google user data only to provide the features below.

• Sign in with Google — we receive your Google account identifier and email address to authenticate you and create or link your Veontra account.
• Google Sheets export (paid feature) — when you choose Export → Google Sheets and complete Google OAuth, we request permission to create and update spreadsheets in your Google account (Google Sheets API) and to read your Google email address (userinfo.email) so we can show which account is connected.
• Google user data we collect: your Google email address and, for Google Sheets, an OAuth refresh token stored in our database and linked to your Veontra user account.
• How we use Google user data: solely to authenticate you (Sign in with Google) or to create and populate a spreadsheet with extracted document data you explicitly export. We do not read your existing spreadsheets except as needed to write the export you requested.
• Sharing and transfer: Google user data is transmitted only to Google's APIs to perform actions you request. We do not sell, rent, or share Google user data with third parties for their independent use, advertising, credit decisions, or AI model training.
• Storage and security: Google OAuth tokens and the connected email are stored on our servers, protected by HTTPS in transit, tenant isolation, and access controls limited to operating the integration.
• Retention and deletion: Google Sheets connection data is kept while your account remains connected. You may disconnect in Veontra (which removes stored tokens from our systems) and revoke Veontra access at https://myaccount.google.com/permissions. Sign-in Google identifiers are retained while your account uses that login method.
• Policy updates: if we change how Veontra accesses, uses, stores, or shares Google user data, we will update this Privacy Policy and the "Last updated" date on this page.

7. Document storage, isolation, and deletion

Each customer organization's documents and extracted data are isolated. Other customers cannot access your files or extraction results.

When you delete a document in Veontra, we delete the stored file from our object storage and remove the associated database records, including extraction data tied to that document.

If you need account-level deletion or a data export, contact us at the email below. We will respond within a reasonable time. Some billing records may be retained where required for accounting, tax, or dispute resolution.

8. Security

We use industry-standard measures including encrypted connections (HTTPS), hashed passwords, httpOnly authentication cookies, tenant isolation, private file storage, and restricted access to stored Google OAuth tokens. No security method is perfect; please use a strong unique password and review extracted data before using it in financial or compliance workflows.

9. Retention

We keep account and document data while your account is active and as needed to provide the service. Trial, subscription, and credit usage counters are kept for the current billing or trial period.

Google Sheets OAuth refresh tokens are kept until you disconnect the integration or delete your account. Transactional email logs, security logs, and payment records may be kept longer where required by law or legitimate business needs (typically up to several years for financial records).

10. Your rights

Depending on your location, you may have the right to access, correct, delete, restrict, or export personal data, and to object to certain processing. You may also lodge a complaint with your local data protection authority.

To exercise these rights, email us. We may need to verify your identity before fulfilling a request.

11. International transfers

Veontra and our providers may process data in countries other than yours (including the United States and the European Union). Where required, we rely on appropriate safeguards such as standard contractual clauses offered by our providers.

12. Children, changes, and contact

Veontra is a business service not directed at children under 16. We do not knowingly collect children's data.

We may update this policy. Material changes — including changes to how we use Google user data — will be reflected on this page with a new "Last updated" date. Continued use after an update means you accept the revised policy.

For privacy requests and questions, contact us using the email below.