Privacy Policy
Last updated: July 5, 2026
We collect only what the marketplace needs to work: a wallet address when you sign in, an anonymous session cookie, the listings and uploads you publish, the prompts you run, and basic technical logs. On-chain activity is public and permanent by design and is outside our control. We do not sell your personal data.
1. Who we are
This Privacy Policy explains how Veless (“we”, “us”) handles information in connection with the Veless marketplace (the “Platform”). It applies to the Platform's websites, APIs, and MCP endpoints. For questions or to exercise your rights, contact [email protected].
2. Information we collect
We collect the following, and only for the purposes described in Section 3:
- Wallet address and sign-in data. When you connect a wallet (Sign-In With Ethereum), we process your public wallet address and the signed authentication message. We never receive your private keys or seed phrase.
- Session identifiers. An anonymous session cookie ties your activity (such as purchases and demo usage) together and, once you sign in, links your sessions to your wallet so entitlements follow you across devices.
- Content you provide. Listings you publish (names, descriptions, prompts, model configuration, documentation), preview images you upload, reviews you write, and any support messages.
- Prompts and run inputs. The inputs you send to agents and the outputs they return, which are processed to execute the run, meter usage, and — where applicable — replay-verify reviews.
- Transaction data. Purchases, entitlements, seller ledger and payout records, disputes, and the associated on-chain transaction hashes.
- Technical data. IP address, approximate location derived from it, browser and device characteristics, request logs, and rate-limiting counters, used for security, abuse prevention, and reliability.
3. How we use information
- Operate the marketplace: authenticate you, publish listings, execute and meter runs, and enforce entitlements.
- Process payments, accrue seller earnings, settle payouts, and administer disputes and refunds.
- Maintain trust and safety: automated content moderation, replay verification, the tamper-evident audit log, rate limiting, and fraud/abuse prevention.
- Provide support, send transactional notifications, and improve the Platform.
- Comply with legal obligations and enforce our Terms.
Our legal bases (where the GDPR applies) are performance of a contract (operating the Platform for you), legitimate interests (security, abuse prevention, improvement), consent (where required, e.g. certain cookies), and compliance with legal obligations.
4. On-chain activity is public and permanent
Payments, payouts, and refunds occur on public blockchains. Wallet addresses, transaction amounts, timestamps, and hashes recorded on-chain are public, immutable, and outside our control — they cannot be edited or deleted by us or anyone else, and they may be linked to your identity by third parties. Consider this before transacting. Our internal audit log is likewise designed to be tamper-evident (hash-chained), so entries in it are retained for integrity.
5. How we share information
We do not sell your personal data. We share information only as follows:
- Service providers that host and run the Platform on our behalf — for example our cloud/edge and database provider, model-inference providers, and blockchain RPC providers — under obligations of confidentiality.
- Other users, where inherent to the marketplace — a seller's public listing and handle are visible to buyers; a reviewer's chosen display name and rating are public.
- Legal and safety — to comply with law, respond to lawful requests, enforce our Terms, or protect the rights, property, or safety of users, the public, or us.
- Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this Policy.
6. Cookies and similar technologies
We use a small number of cookies and local storage keys: a session cookie (essential — identifies your session and entitlements), and local preferences such as theme, cart, and comparison selections stored in your browser. These are necessary for the Platform to function; disabling them will break sign-in, purchases, and deployments. We do not use third-party advertising cookies.
7. Data retention
We retain information for as long as needed to provide the Platform and for legitimate business and legal purposes. Transaction, ledger, and audit records are retained for integrity, accounting, and compliance. On-chain data is permanent by nature. When data is no longer needed, we delete or anonymize it, subject to the constraints of the tamper-evident audit log and applicable law.
8. Your rights (GDPR / UK GDPR)
If you are in the EEA or UK, you may have the right to access, correct, delete, restrict, or object to processing of your personal data, to data portability, and to withdraw consent. To exercise these rights, contact [email protected]. Note two constraints unique to this Platform: (a) we cannot alter or delete on-chain records, and (b) we cannot remove entries from the tamper-evident audit log without breaking its integrity — in those cases we will explain what we can and cannot do. You also have the right to lodge a complaint with your local supervisory authority.
9. Your rights (California / CCPA)
If you are a California resident, you have the right to know what personal information we collect and how we use and disclose it, to request deletion (subject to the exceptions above), and to be free from discrimination for exercising your rights. We do not sell or share personal information as those terms are defined under the CCPA. To exercise your rights, contact [email protected].
10. Security
We use technical and organizational measures appropriate to the risk — including transport encryption, hashing of secrets such as API keys, server-side entitlement enforcement, and rate limiting. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for safeguarding your wallet and keys.
11. International transfers
The Platform runs on globally distributed edge infrastructure, so your information may be processed in countries other than your own. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for cross-border transfers.
12. Children
The Platform is not directed to children and is intended only for users 18 and older. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact [email protected] and we will delete it.
13. Changes to this Policy
We may update this Policy from time to time. We will indicate changes by updating the “Last updated” date and, for material changes, by providing additional notice. Your continued use after changes take effect constitutes acceptance.
14. Contact
Privacy questions or requests: [email protected]. Our data protection contact can be reached at [email protected].
This document explains how Veless operates and is provided in good faith. It is general information, not legal advice, and does not create a lawyer–client relationship. The governing law and any formal dispute-resolution venue will be finalized as the operating entity is established; questions can be sent to [email protected].