VEIL.AI Azure Managed Application Privacy Policy

VEIL.AI Azure Managed Application Privacy Policy

Effective Date: 1.1.2026

Introduction

VEIL.AI respects your privacy and is committed to complying with applicable laws and regulations, including the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA) regarding any information we may collect while using our Azure Managed Application (“Managed Application” or “App”). This Privacy Policy applies to the VEIL.AI Azure Managed Application (hereinafter, “us”, “we”, “VEIL.AI”). This Privacy Policy outlines what information we collect, how we use it, and under what circumstances we may disclose it.

By downloading, installing, or using our App, you agree to the collection and processing of your data as outlined by this Privacy Policy.

Information We Collect

We may collect and process the following types of information:

• Personal Identifiable Information (PII): Information that identifies you as an individual, such as your name, contact details, and any data provided by you while using our App.
• Protected Health Information (PHI): If applicable, data covered under HIPAA, such as patient records, health data, and medical information.
• Non-Personal Data: Anonymized information that cannot identify you personally.
• Customer Data: Data processed within our App, including any personal data or PHI uploaded to Microsoft Azure by customers.
• Automated Information: Such as your device type, operating system, IP address, unique identifiers, and usage patterns, including interactions with app features and accessed content.

How We Use Your Information

We use your data to:

• Provide and maintain our App.
• Comply with legal obligations and protect our rights and the rights of others, ensuring appropriate security and confidentiality measures for personal data and PHI.
• Improve the functionality of our App through analysis and troubleshooting.
• Respond to user inquiries and provide customer support.
• Conduct necessary legal and compliance audits.
• Send updates, promotional materials, and important information related to the App.

Legal Compliance and Your choices

We are committed to complying with the GDPR and HIPAA. We process personal data under the following lawful bases:

• Consent: If applicable, we collect personal data with explicit consent.
• Contractual Obligation: Processing necessary for the performance of a contract.
• Legitimate Interests: For purposes such as enhancing product performance and security.

You have the following rights regarding your personal information:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can ask us to correct inaccurate or incomplete data.
• Right to Erasure (Right to be Forgotten): You can request deletion of your personal data when no longer needed or in certain situations.
• Right to Data Portability: You can request your data in a structured, machine-readable format.
• Right to Object: You can object to data processing in specific circumstances.
• Opt-Out: You may opt out of receiving promotional emails or push notifications.

Data Processing with Microsoft Azure

Our App operates on Microsoft Azure’s platform, which may process data in connection with the App under GDPR and HIPAA. Microsoft Azure provides features such as encryption, pseudonymization, data masking, and access controls to secure personal data and PHI.

For more details on Microsoft’s data handling and privacy practices, refer to the Microsoft Privacy Statement and the Microsoft Trust Center.

Data Sharing and Disclosure

We do not sell or trade personal data or PHI. We may share information under the following circumstances:

• Service Providers: We may share data with trusted third-party vendors to assist with operational services. These parties are obligated to comply with HIPAA (if applicable) and GDPR.
• Legal Requirements: We may disclose data to comply with legal obligations, including court orders or regulatory requirements.
• Business Transfers: In the event of a merger, acquisition, or asset sale, data may be transferred as part of the transaction in compliance with GDPR and HIPAA.

Data Security

We use industry-standard security measures to protect personal data and PHI from unauthorised access, disclosure, alteration, or destruction. These include encryption, access controls, and regular security audits. Despite these measures, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

Data Retention

We retain personal data and PHI for as long as necessary to fulfil the purposes for which it was collected or to comply with legal and contractual obligations. Once data is no longer needed, it will be securely deleted or anonymized in compliance with GDPR and HIPAA.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any significant changes will be communicated via our website or within our App. Continued use of our App after any changes indicates your acceptance of the updated policy.

Contact Us

If you have any questions regarding this Privacy Policy, or if you wish to exercise your rights under GDPR or HIPAA, please contact us at:

VEIL.AI
Haartmaninkatu 4
00290 Helsinki
FINLAND
[email protected]