Veil
Legal

Privacy Policy

Effective Date: April 1, 2026 ยท Platform: veiliitk.tech

Table of Contents
1. Introduction & Scope
2. Information We Collect
3. How We Use Your Information
4. Data Storage & Security
5. Anonymity Architecture
6. Data Retention & Deletion
7. Your Rights
8. Contact Us

1. Introduction & Scope

This Privacy Policy describes how Veil ("we," "us," or "our") collects, uses, stores, and protects the personal information of users ("you") who access the Veil platform at veiliitk.tech and any associated mobile interfaces.

Veil is an anonymous social platform exclusively for verified students of the Indian Institute of Technology Kanpur (IIT Kanpur). By creating an account or using our services, you agree to the terms described in this policy.

๐Ÿ”’Anonymity is the core promise of Veil. This policy is built to protect and enforce it.

2. Information We Collect

2.1 Account Information

To verify your eligibility and create your account, we collect your @iitk.ac.in email address. This email is used solely for sending a One-Time Password (OTP) during login. It is never displayed to other users, indexed in search results, or shared with third parties.

2.2 Profile Information

During onboarding, you voluntarily provide: your academic batch (e.g., Y22), your branch/program, and your gender. This information is used to populate your anonymous profile. You may also optionally set a mood status and a short bio.

2.3 Communications Data

Messages sent via Direct Messages and Group Chats are stored in our encrypted database to enable cross-device sync. Messages sent in ephemeral Rooms are stored temporarily and automatically purged after 24 hours.

2.4 Technical & Usage Data

We may collect standard server logs including IP addresses (for abuse prevention), browser type, and timestamps of actions. This data is not tied to your anonymous identity and is automatically purged within 30 days.

3. How We Use Your Information

Email address
OTP verification and account creation only
Batch / Branch / Gender
Displayed on your anonymous profile for discovery filters
Message content
Delivering and syncing your conversations
Online status
Showing real-time presence indicators to other users
IP address
Rate limiting, abuse detection, and security monitoring

We do not use your data for advertising, user profiling, or sell it to any third party under any circumstances.

4. Data Storage & Security

All user data is stored on Supabase infrastructure, which is hosted on ISO 27001-certified data centers. All data in transit is encrypted using TLS 1.3. All data at rest is encrypted using AES-256.

Access to the production database is restricted via Row Level Security (RLS) policies. Only authenticated server-side processes using a service role key can access raw user data. Client-side code can only read data that has been explicitly permitted.

5. Anonymity Architecture

Veil's anonymity is enforced by architecture, not just policy. Here is how it works:

โœ“Your real name and email are stored in a separate database row that is never joined or returned to other users.
โœ“Your anonymous identity (e.g., 'Silent Moon') is randomly generated at signup and cannot be changed or predicted.
โœ“The 'Request Reveal' feature is strictly mutual: both parties must consent before any real information is exchanged.
โœ“Group chats and Rooms show only batch and anonymous name โ€” never your email or real name.
โœ“Deleted messages are permanently removed from our database within 24 hours.

6. Data Retention & Deletion

Direct Messages
Until you delete them
Room Messages
24 hours (auto-deleted)
OTP Codes
End of the day issued
Account & Profile
Until account deletion requested
Server Logs
30 days maximum

To request permanent deletion of your account and all associated data, email us at support@veiliitk.tech. We will process the request within 7 business days.

7. Your Rights

As a user of Veil, you have the right to:

โ†’Access a copy of the personal data we hold about you.
โ†’Correct inaccurate profile information at any time from the app.
โ†’Request deletion of your account and all associated data.
โ†’Withdraw consent by ceasing to use the platform and requesting account deletion.
โ†’Lodge a complaint with relevant data protection authorities if you believe your rights have been violated.

8. Contact Us

For privacy-related queries, data deletion requests, or security disclosures, please contact:

Veil IITK
Platformveiliitk.tech
AddressHall 1, IIT Kanpur, Uttar Pradesh, India โ€” 208016

This policy may be updated periodically. Continued use of the platform after changes constitutes acceptance of the revised policy. Material changes will be communicated via the app.