Back to Home
Legal

Privacy Policy

Last updated: February 2026

VeilGuard ("we", "us", "our") respects your privacy. This Policy explains what data we collect, why we collect it, and how it is stored. It applies to the VeilGuard website, Client Zone portal, and the FiveM anticheat resource.

1. Who is the data controller

VeilGuard is the data controller for personal data processed through the Service. Contact: privacy@veilguard.io.

2. Data we collect from server operators (customers)

  • Account data — email, username, hashed password (bcrypt), creation date, role
  • Discord OAuth data (optional) — Discord ID, avatar URL, email address
  • Billing data — handled by Stripe; we store transaction IDs, plan, amount, status, applied promo code. We do NOT store card numbers
  • License data — license key, plan, expiry, server-fingerprint heartbeat
  • Operational telemetry — last login IP, user-agent on password reset (for security notifications), failed login attempts

3. Data the anticheat resource collects from your players

When you run VeilGuard on your FiveM server, the resource processes player data on YOUR server. We act as a data processor and the data is sent to our backend so YOU can see it in your Client Zone. This includes:

  • FiveM player IDs, Steam/Discord/license identifiers, character names
  • Connection metadata (ping, IP region — not full IP), session duration
  • Detected anticheat events (memory patterns, behavioural anomalies, screenshots when you request them)
  • Ban records (reason, severity, expiry, who issued it)

You are responsible for displaying a privacy notice to your players if required by local law (UK GDPR, EU GDPR, etc.). A template is available on request.

4. Why we process this data (legal basis)

  • Performance of contract (UK GDPR Art. 6(1)(b)) — to provide the Service you paid for
  • Legitimate interest (Art. 6(1)(f)) — to detect cheating, prevent abuse, secure our infrastructure
  • Consent (Art. 6(1)(a)) — for marketing emails (you can opt out at any time)
  • Legal obligation (Art. 6(1)(c)) — for tax, accounting, and law-enforcement requests

5. Third-party processors we use

  • Stripe Payments UK Ltd — payment processing (data hosted in US/EU under SCCs)
  • Resend — transactional email delivery (mail.veilguard.io)
  • Discord — OAuth login (data shared only if you click "Continue with Discord")
  • Cloudflare — CDN, DDoS protection
  • MongoDB Atlas — database hosting (EU region)
  • Emergent — application hosting platform

6. How long we keep it

  • Account data — for as long as your account exists, plus 90 days after deletion
  • Billing records — 6 years (UK HMRC requirement)
  • Audit logs and server logs — 12 months
  • Inactive accounts with no licenses — purged after 12 months of inactivity

7. Your rights

Under UK/EU GDPR you have the right to:

  • Access the data we hold about you
  • Request correction of inaccurate data
  • Request deletion ("right to be forgotten") — subject to our 6-year tax-record obligation
  • Request a copy of your data in a portable format
  • Withdraw consent for marketing at any time
  • Complain to the UK Information Commissioner's Office (ico.org.uk)

To exercise these rights, email privacy@veilguard.io with proof of identity.

8. Security

Passwords are hashed with bcrypt. API tokens (JWT) are signed with HS256, expire after 7 days, and are revoked on password reset. All traffic is HTTPS. MongoDB is access-restricted; no public internet access. We monitor for suspicious activity and run rate limits + account lockouts on the auth surface.

9. Cookies

We use a single first-party cookie / localStorage key (gb_token) to keep you logged in. We do not use advertising cookies, trackers, or third-party analytics beyond aggregated server-side metrics.

10. Changes to this Policy

We update this Policy when our processing changes. Material changes will be announced by email to active customers at least 14 days in advance.

11. Contact

For privacy questions: privacy@veilguard.io.