1. Introduction and Overview

Welcome to Veekrypt Corporation (“Veekrypt,” “we,” “our,” or “us”). We are a cybersecurity company headquartered in Frisco, Texas, dedicated to protecting organizations through quantum-resistant encryption, blockchain-based key management, and AI-powered threat detection.

This Privacy Policy describes how Veekrypt collects, uses, discloses, retains, and protects information about you when you:

Visit our website at veekrypt.com or any Veekrypt-owned subdomain (e.g., myveekrypt.com)
Use our products and services including VaultSecure, Vkryption, ThreatRepel, and Lightning 360
Engage with us as a partner, reseller (VAR/MSP), or technology partner
Communicate with our sales, support, or marketing teams
Attend Veekrypt-hosted events, webinars, or training sessions

By using Veekrypt’s website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described, please discontinue use of our website and services.

2. Data Controller Information

The data controller responsible for your personal information is:

Veekrypt Corporation

5 Cowboys Way, Suite 300

Frisco, TX 75034

United States

Email: privacy@veekrypt.com

General Inquiries: info@veekrypt.com

Website: https://veekrypt.com

For privacy-related questions or requests, please contact us at privacy@veekrypt.com or by mail at the address above.

3. Information We Collect

We collect information in the following categories:

3.1 Information You Provide Directly

Account Registration: Name, business email address, company name, job title, phone number, username, and password when you create an account on myveekrypt.com.
Contact and Inquiry Forms: Name, email, company, phone number, and the content of your message when you contact us via the website.
Sales and Purchasing: Billing address, company information, purchase order details, and payment information (processed by PCI-DSS-compliant third-party payment processors; Veekrypt does not store raw payment card data).
Partner and Reseller Applications: Company details, business credentials, and contact information provided during VAR/MSP partner onboarding.
Support Tickets: Technical information, log files, and descriptions of issues you provide when seeking customer support.
Event Registration: Name, email, company, and professional role when registering for webinars, training, or Veekrypt University content.

3.2 Information We Collect Automatically

Log Data: IP addresses, browser type and version, operating system, referring URLs, pages viewed, and timestamps.
Cookies and Tracking Technologies: Session cookies, persistent cookies, pixel tags, and similar technologies. See Section 7 for more details.
Device Information: Device identifiers, screen resolution, language settings, and browser plug-in information.
Usage Analytics: Feature utilization within our platform, click patterns, navigation paths, and product interaction data.

3.3 Information From Third Parties

Business Data Providers: We may receive professional contact information from commercially available data sources to supplement our records.
Technology Partners and Integrations: If you connect Veekrypt to third-party services (e.g., cloud storage providers, SIEM platforms), we may receive metadata about those connections.
Referrals: If a Veekrypt partner or customer refers you, we may receive your name and contact information.

3.4 Sensitive and Special Categories of Data

Veekrypt’s products are designed to process and protect your organization’s sensitive data (including healthcare records, financial records, and other regulated data) on your behalf. We process this data as a data processor under your instructions. We do not use your customers’ regulated data for Veekrypt’s own business purposes. Please see Section 12 for information about our role as a data processor.

4. How We Use Your Information

Veekrypt uses personal information for the following purposes:

4.1 Providing and Improving Services

Creating and managing your Veekrypt account
Processing transactions and delivering the products and services you request
Providing technical support and responding to customer service inquiries
Operating and improving the functionality, security, and performance of our platform
Conducting product research and development

4.2 Communication and Marketing

Sending transactional emails (account confirmations, security alerts, invoices)
Sending product updates, security advisories, and service announcements
Providing marketing communications about Veekrypt products, industry insights, and events (where you have opted in or where permitted by law)
Responding to your inquiries and sales requests

4.3 Security and Compliance

Detecting, preventing, and investigating fraud, unauthorized access, and other security incidents
Monitoring for compliance with our Terms of Service and Acceptable Use Policy
Maintaining logs for audit trail and forensic purposes
Complying with applicable laws, regulations, and legal obligations (including HIPAA, PCI-DSS, SOC 2, GDPR, CCPA, NIST, ISO 27001)

4.4 Business Operations

Managing partner and reseller relationships
Conducting internal analytics and business intelligence
Evaluating and processing job applications (if applicable)
Supporting mergers, acquisitions, or other business transactions

5. Legal Basis for Processing (GDPR / International Users)

For individuals in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar legal requirements, our legal basis for processing personal information is as follows:

Performance of a Contract: Where processing is necessary to provide our services to you or to take pre-contractual steps at your request.
Legitimate Interests: Where we have a legitimate business interest in processing your data and that interest is not overridden by your rights (e.g., fraud prevention, improving our services, direct marketing to existing customers).
Consent: Where you have given us explicit consent to process your data for a specific purpose (e.g., marketing emails or cookies).
Legal Obligation: Where processing is required to comply with applicable law.

6. How We Share Your Information

Veekrypt does not sell your personal information. We may share information in the following circumstances:

6.1 Service Providers and Sub-Processors

We engage trusted third-party service providers that process data on our behalf under confidentiality obligations. These include:

Cloud infrastructure providers (e.g., Amazon Web Services, Microsoft Azure)
Payment processors (PCI-DSS compliant)
Email and communication platforms
Customer relationship management (CRM) systems
Analytics and monitoring platforms
Customer support tools

All sub-processors are bound by data processing agreements that require them to maintain appropriate security standards.

6.2 Technology Partners

If you use Veekrypt integrations with technology partners (as listed on veekrypt.com/technology-partners/), relevant data may be shared to enable that integration, as described at the time of configuration.

6.3 Legal and Regulatory Requirements

We may disclose information when required by law, court order, or government authority, or when we believe disclosure is necessary to: (a) protect the rights, property, or safety of Veekrypt, our customers, or the public; (b) detect or prevent fraud or security threats; or (c) comply with applicable legal obligations.

6.4 Business Transfers

In the event of a merger, acquisition, financing, divestiture, or sale of Veekrypt’s assets, personal information may be transferred as part of that transaction. We will notify affected users and maintain the protections described in this Policy.

6.5 With Your Consent

We may share your information with third parties for other purposes with your explicit consent.

7. Cookies and Tracking Technologies

Veekrypt uses cookies and similar technologies to operate our website and improve user experience. Categories include:

Strictly Necessary Cookies: Essential for the website to function (e.g., session management, login authentication). These cannot be disabled.
Performance and Analytics Cookies: Collect aggregated data on how visitors use our website (e.g., Google Analytics). These help us improve site performance.
Functional Cookies: Remember your preferences (e.g., language, region) to personalize your experience.
Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness. We only use these with your consent.

You may manage your cookie preferences through our cookie consent banner or your browser settings. Note that disabling certain cookies may affect website functionality. For more information, please refer to our Cookie Policy (available at veekrypt.com/cookie-policy/).

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including to:

Maintain active customer accounts and service relationships
Comply with applicable legal, tax, and accounting obligations (typically 7 years for financial records)
Resolve disputes and enforce our agreements
Support audit trails required for SOC 2, HIPAA, PCI-DSS, and other compliance frameworks

When personal information is no longer required, we securely delete or anonymize it. Anonymized or aggregated data that cannot be linked to an individual may be retained indefinitely for analytics and business intelligence purposes.

Specific retention periods:

Account data: Retained for the duration of the active account plus 3 years after account closure
Security and audit logs: Retained for a minimum of 1 year (or as required by applicable regulation)
Marketing data: Retained until you opt out or request deletion
Customer Data processed on behalf of enterprise clients: Per applicable Data Processing Agreement

9. Data Security

As a cybersecurity company, data security is central to everything we do. Veekrypt employs industry-leading security controls to protect your information, including:

Encryption at Rest and in Transit: All data is encrypted using AES-256 at rest and TLS 1.2/1.3 in transit.
Zero-Knowledge Architecture (VaultSecure): Our VaultSecure product is designed so that encryption keys are managed exclusively by you, meaning Veekrypt cannot access your encrypted data.
Blockchain-Based Key Management (Vkryption): Our Vkryption system uses distributed ledger technology to ensure cryptographic key integrity and non-repudiation.
Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA), and least-privilege principles are enforced across our systems.
Monitoring and Threat Detection: ThreatRepel AI continuously monitors for anomalous activity, intrusion attempts, and security events across our infrastructure.
Vulnerability Management: Regular penetration testing, vulnerability scanning, and security assessments are conducted by independent third parties.
SOC 2 Compliance: Veekrypt is pursuing SOC 2 Type II certification to validate our security controls against the AICPA Trust Services Criteria.
Employee Training: All Veekrypt personnel undergo regular security awareness training and are bound by confidentiality obligations.

While we implement robust security measures, no system is completely immune to risk. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law.

10. Your Privacy Rights

Depending on your location, you may have the following rights with respect to your personal information:

10.1 Rights Under GDPR / EEA / UK

Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure (‘Right to Be Forgotten’): Request deletion of your personal data, subject to legal retention obligations.
Right to Restriction of Processing: Request that we limit how we use your data in certain circumstances.
Right to Data Portability: Receive a copy of your data in a structured, machine-readable format.
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making: We do not make solely automated decisions with legal or similarly significant effects.

10.2 Rights Under CCPA / CPRA (California Residents)

California residents have the following rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA:

Right to Know: The categories and specific pieces of personal information we have collected about you, the purposes for collection, and the categories of third parties with whom we share it.
Right to Delete: Request deletion of personal information, subject to certain exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising. No opt-out is required, but you may contact us to confirm.
Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information to what is necessary to provide services.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

10.3 Exercising Your Rights

To exercise any of the rights above, please submit a request to privacy@veekrypt.com. We will respond within the timeframe required by applicable law (generally 30 days, extendable by an additional 30 days with notice). We may request verification of your identity before processing your request.

11. Children’s Privacy

Veekrypt’s services are designed for businesses and are not directed at individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected information from a minor, we will promptly delete it. If you believe we have collected information about a minor, please contact us at privacy@veekrypt.com.

12. Veekrypt as a Data Processor

When Veekrypt processes personal data contained within files, databases, or systems that our enterprise customers encrypt or protect using our products, we act as a data processor under the direction of our customers (the data controllers). In this capacity:

We process customer data only pursuant to written instructions in our Data Processing Agreement (DPA).
We implement appropriate technical and organizational safeguards to protect the confidentiality and integrity of customer data.
We do not process customer data for our own commercial purposes.
We assist customers in fulfilling their obligations to data subjects, including responding to access and deletion requests.
Enterprise customers may request a copy of our DPA, sub-processor list, and relevant compliance documentation by contacting privacy@veekrypt.com.

13. International Data Transfers

Veekrypt is headquartered in the United States. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States, which may have different data protection laws than your country of residence.

For transfers from the EEA, UK, or Switzerland, we rely on the following transfer mechanisms:

Standard Contractual Clauses (SCCs) approved by the European Commission
UK International Data Transfer Agreements (IDTAs) where applicable
The EU-U.S. Data Privacy Framework (where Veekrypt is certified or where applicable)

By using our services, you acknowledge and consent to the transfer of your information to the United States and other countries where Veekrypt operates.

14. Third-Party Links and Services

Our website may contain links to third-party websites or services that are not operated by Veekrypt. We have no control over the privacy practices of these third parties and encourage you to review their privacy policies. Inclusion of a link does not imply endorsement by Veekrypt.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or product offerings. When we make material changes, we will:

Post the updated Policy on veekrypt.com with a revised ‘Last Updated’ date
Provide in-app or email notification to registered users for significant changes
For changes that materially affect how we process personal information, obtain your consent where required by law

Your continued use of Veekrypt’s services after the effective date of any changes constitutes your acceptance of the updated Policy.

16. Regulatory Compliance Frameworks

Veekrypt’s platform is designed to help customers achieve compliance with a range of industry standards. With respect to Veekrypt’s own operations, we maintain compliance with:

HIPAA: Where applicable as a Business Associate for healthcare customers. Business Associate Agreements (BAAs) are available upon request.
PCI-DSS: Payment card data processed by Veekrypt is handled through PCI-DSS-compliant third-party payment processors.
GDPR / UK GDPR: As described throughout this Policy.
CCPA / CPRA: As described in Section 10.2.
SOC 2: Veekrypt is pursuing SOC 2 Type II certification under the AICPA Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy).
NIST Cybersecurity Framework: Our security program is aligned with the NIST CSF.
ISO 27001: Our information security management practices are aligned with ISO 27001 principles.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Team — Veekrypt Corporation