Velauth Privacy Policy

Last updated: June 2026

1. Overview

Velauth Ltd ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your data when you use Velauth (the "Software").

2. Data We Collect

2.1 Identity and Account Data

When you create a Velauth account, we collect:

Storage: Identity data is stored in our Cloud Service (Appwrite, hosted on our VPS).

2.2 Active Directory Credentials

We never store Active Directory credentials.

When you connect the Software to Active Directory:

2.3 Enrollment Tokens

Agent enrollment tokens are:

The Cloud Service stores only a SHA-256 hash of the token to verify agent identity. A stolen token can be used only from the same Domain Controller (machine-pinned via DPAPI).

2.4 Telemetry Data

Telemetry is off by default — the Software collects nothing until you opt in via Settings → Privacy. If you enable it, the anonymous telemetry collected includes:

Collection: Telemetry is sent to PostHog, a third-party analytics service.

Opt-in: Telemetry is disabled by default. You can enable or disable it at any time in Software Settings → Privacy.

2.5 Crash Reports

When the Software crashes, it automatically sends a crash report to Sentry, including:

Crash reports are used only to diagnose and fix bugs.

3. Data We Do NOT Collect

We do not collect or store:

4. How We Use Your Data

We use collected data to:

We do not:

5. Third-Party Services

The Software uses the following third-party services:

PostHog (Telemetry)

Sentry (Crash Reporting)

Appwrite (Cloud Service Backend)

6. Data Retention

7. Data Security

We implement industry-standard security measures:

However, no security measure is 100% secure. We cannot guarantee absolute protection against all threats.

8. Your Rights (GDPR)

If you are located in the EU or UK, you have the following rights under GDPR:

To exercise these rights, contact [email protected].

9. Children

The Software is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

10. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or by posting the updated policy on our website.

Your continued use of the Software after changes constitutes acceptance of the updated Privacy Policy.

11. Contact

If you have questions about this Privacy Policy or our data practices, please contact:


Data Controller: Velauth Ltd, London, United Kingdom

Data Protection Officer: For inquiries, contact [email protected]

Last updated: June 2026