Where your data is stored, and GDPR
Veillo is built for European businesses, so it is built EU-first. Your data is stored in the EU, and the access model is yours to control.
Updated May 2026
Where it is stored
Veillo's application, database, and file storage all run in EU regions. For a compliance product serving European businesses, that is the right default, not an add-on. The full picture, including the providers we use, is on the security page.
GDPR and the DPA
Veillo is built EU-first, and we offer a Data Processing Agreement. If your organisation needs a signed DPA in place, you can review and request ours from the DPA page. It sets out how we process data on your behalf, where it is hosted, and who our sub-processors are.
Who can see your data
Your workspace is yours. We keep it that way in three concrete ways.
- Access is role-based. Inside your organisation, who can see and change what is set by roles. You can give an external auditor a read-only view without exposing billing or letting them change anything.
- We do not sell data. Your compliance records are not a product.
- We do not train models on your records. The AI-assisted suggestions use models, but your register and documents are not training data.
Sub-processors and deletion
Our current sub-processors are listed in the DPA, and how we handle personal data is set out in the privacy policy. You can export your data at any time and ask us to delete it. See export everything and leave.
The five roles in Veillo (Owner, Admin, Editor, Reviewer, Auditor), what each can do, and how to invite teammates or give an external auditor read-only access.
How to export your register, documents, and audit log out of Veillo, how to cancel, and what happens to your data afterward.
What it means that Veillo is software rather than a law firm: where the legal judgment comes from, and when you still need your own lawyer.
Still need help?
Get in touch and a human will answer, or book a short walkthrough.