Veesta Privacy Policy

1. Definitions

• Personal information / personal data: Any information relating to an identified or identifiable individual.
• Processing: Any operation performed with personal information (collection, storage, use, disclosure, deletion).
• Controller: The party that determines the purposes and means of processing personal information. Veesta is the controller for personal information collected for account management, marketing, analytics, and product use. If you are our customer and upload end-user personal information to Veesta's platform, our customer is generally the controller and Veesta is a processor under the applicable customer contract.
• Services: Veesta's website(s), web app, APIs, dashboards, data ingestion services, and other offerings.

2. Personal information we collect

We collect personal information directly from you, automatically when you use our Services, and from third parties. Below is a detailed breakdown.

A. Information you provide to us

You may provide personal information when you:

• Create an account or register for Services (e.g., name, work email, job title, company name, company size, whether you are an agency or a brand).
• Complete profile information (profile photo, phone number, timezone, billing address).
• Request demos, trials, or marketing materials (contact details, company information, preferred demo time).
• Communicate with us (support tickets, chat transcripts, emails, feedback). These communications may include the content of your messages and any attachments you provide.
• Upload content to the platform (brand documents, FAQs, product pages, press releases, case studies). Note: when customers upload personal data (e.g., customer names) as part of their content into Veesta, that data is processed under the customer's instructions and the customer is the controller. Veesta acts as processor for that data in accordance with our customer contract.
• Apply for jobs (resumes, CVs, cover letters, references, background information).
• Make payments (billing contact and invoicing details). Payment card information is collected by our third-party payment processors, not stored by Veesta except as may be necessary for compliance or invoicing (tokenized or limited data may be retained by the payment provider).

B. Information collected automatically when you use our Services

We automatically collect technical and usage data to operate and secure the Services:

• Device & connection data: IP address, device identifiers, browser type and version, operating system, screen resolution, language settings, and mobile network information.
• Usage data: Pages and features used, clickstream data, session times and durations, authentication logs, API usage, and telemetry about product features (e.g., queries run, visibility checks executed).
• Log data: Server logs and records of interactions for debugging, security, and analytics.
• Location information: Approximate location derived from IP address (city, region, country). We do not collect precise GPS coordinates unless explicitly provided by you and permitted by applicable law.

C. Information from cookies and tracking technologies

We and third parties place cookies and similar technologies (pixels, local storage) on your device to support the Services, security, and analytics. See Section 6 below for details.

D. Information from third parties and public sources

• Public web & data sources: Veesta collects publicly available content and metadata from websites, news sources, public datasets, and AI engine outputs to compile citations and visibility analytics. This may include text excerpts, URLs, author names, publication dates, and other metadata. We do not rely on this public data as our only source when personal data protections apply; collection and use follow applicable laws.
• Third-party integrations: If you connect external services (e.g., Google Analytics, Google Search Console, HubSpot, Slack, Notion), we may receive data from those services in accordance with your authorization.
• Partners and vendors: We may receive contact or verification data from identity/verification providers, marketing partners, event platforms, and CRM integrations.

3. How we use personal information

We use the personal information we collect for the following purposes:

A. Provide, operate, and maintain Services

Create and manage user accounts, authentication, single sign-on (SSO), billing and payments, deliver dashboards and reports, media uploads, and integrations. Process queries, generate visibility reports, and deliver analytics and recommendations.

B. Improve services and product development

Analyze usage patterns to improve functionality, bug fix, performance optimization, and feature development. A/B testing, product analytics, and machine learning model improvements using aggregated or anonymized data.

C. Customer support and communications

Respond to user inquiries, provide support, send administrative messages (account updates, security alerts), and manage service provisioning.

D. Marketing and growth

Provide marketing communications (product updates, newsletters, promotional offers) where you opt in, and measure marketing effectiveness. You can opt out at any time (see Section 7). Personalize content and marketing based on preferences and behavior.

E. Security, fraud prevention, and legal compliance

Monitor for fraud, abuse, and suspicious activity, protect platform integrity, and comply with legal obligations. Data may be used to investigate incidents and enforce terms of service.

F. Research and aggregated insights

Produce de-identified and aggregated analytics for benchmarking, industry reports, or research. Aggregated data does not identify individuals.

G. Business operations and corporate transactions

Transfer data in connection with mergers, acquisitions, reorganizations, or sale of assets (with appropriate protections as described below).

4. Legal bases for processing (EEA / UK)

If you are located in the European Economic Area (EEA) or the UK, Veesta relies on one or more of these legal bases to process your personal information:

• Contractual necessity: Processing necessary to perform our contract with you (e.g., account provisioning, delivering Services).
• Consent: Where you consent to certain processing (e.g., marketing emails, analytics cookies). You may withdraw consent at any time.
• Legitimate interests: For purposes such as security, fraud detection, product improvement, and internal analytics, where our legitimate interests are balanced against your rights.
• Legal obligations: When required to comply with laws or legal processes.

We will inform you of the legal basis for processing where required by law.

5. How we disclose personal information

We may disclose personal information to the following categories of recipients:

A. Service providers and vendors

We use third-party service providers to operate and support our Services, including:

• Cloud hosting and infrastructure providers (e.g., AWS, Google Cloud).
• Analytics and monitoring providers.
• Email service and marketing platforms.
• Payment processors and billing partners.
• Customer support and CRM vendors.

These providers are contractually required to only process personal data on our behalf and in accordance with our instructions.

B. AI & analytics providers

We may share data with AI and analytics partners for the purpose of delivering visibility analytics or powering features (e.g., embeddings providers, LLM APIs). When such providers process personal data, we require contractual guarantees (e.g., data processing agreements, confidentiality).

C. Customers & integrated platforms

If you use Veesta to ingest brand content or citations, your organization (the customer) controls that data. We may disclose personal data to your authorized team members or to third-party integrations you enable (e.g., to export reports to a connected analytics account).

D. Legal compliance & safety

We may disclose personal data to respond to lawful requests by public authorities, to comply with court orders, subpoenas, or other legal processes; to protect our, your, or others' rights, property, or safety; and to detect, prevent, or otherwise address fraud, security, or technical issues.

E. Business transfers

In connection with a corporate transaction (merger, acquisition, reorganization, sale of assets), personal data may be transferred to the successor entity, subject to privacy protections.

F. With your consent

We may share personal information with third parties where you have provided consent to do so (for example, when you authorize integrations).

We do not sell personal information. Where applicable, we will comply with consumer privacy laws (e.g., CCPA) concerning sales or sharing of personal information.

6. Cookies and similar technologies

Veesta and our third-party partners use cookies, web beacons, pixels, local storage, and similar technologies to collect and store information about your interactions with the Services.

Cookies we use

We use cookies for the following purposes:

• Strictly necessary cookies – required for the basic operation of the Services (authentication, security, session management). Without these cookies, core features may not work.
• Functional cookies – remember preferences and provide enhanced features (language, region, session continuity).
• Analytics & performance cookies – collect information about how users interact with the Services to improve the product (e.g., PostHog, Google Analytics).
• Advertising & targeting cookies – used to deliver relevant advertising (where applicable) and measure ad performance.

Example cookie listing (illustrative):

You may control cookies via your browser settings and opt-out tools. Blocking certain cookies may affect your ability to use the Services. Where required by law, we will request consent for non-essential cookies.

7. Your choices and rights

Veesta provides several controls and rights depending on your location and applicable law. Below is an overview:

Account-level controls

• Access & correction: You may access and update your account information by logging into your Veesta account or contacting us.
• Delete account: You may request deletion of your account and associated data. Some information may remain in backups or archives as described in Section 10.
• Account administrator controls: For company or agency accounts, designated administrators can manage team access, roles, and settings.

Marketing preferences

Opt-out of marketing: You may unsubscribe from marketing emails by clicking the “unsubscribe” link in marketing messages or by contacting privacy@veesta.co. Transactional and account emails are still sent as necessary.

Data subject rights (EEA / UK / other jurisdictions)

Depending on your jurisdiction, you may have rights to:

• Access the personal data we maintain about you.
• Request rectification of inaccurate data.
• Request deletion of personal data (right to be forgotten), subject to legal exceptions.
• Request restriction of processing.
• Object to processing (including profiling) based on legitimate interests.
• Request data portability.
• Withdraw consent where processing is based on consent.

To exercise these rights, contact us at privacy@veesta.co. We may ask you to verify your identity before fulfilling requests. We will respond in accordance with applicable law.

California Consumer Privacy Act (CCPA) – California residents

If you are a California resident, you have additional rights under CCPA/CPRA, including:

• Right to know categories and specific pieces of personal information collected, disclosed, or sold.
• Right to access and request deletion of personal information.
• Right to opt-out of the sale of personal information (Veesta does not sell personal information).
• Right to non-discrimination for exercising privacy rights.

Submit CCPA requests to privacy@veesta.co including “CCPA Request” in the subject line. We may require verification to process your request.

8. Children's privacy

Veesta's Services are not directed to children under 18. We do not knowingly collect personal information from children under 18. If we learn that a child under 18 has provided personal information, we will take reasonable steps to delete that information. If you believe we may have collected information about a child, please contact privacy@veesta.co.

9. International transfers & storage

Veesta operates globally and uses cloud infrastructure and third-party vendors located in the United States and other countries. When we transfer personal data across borders (for example, from the EEA/UK to the U.S.), we apply appropriate safeguards such as Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or other legal mechanisms in accordance with applicable law. By using the Services, you consent to the storage and processing of your personal information in the U.S. and other jurisdictions.

If you are located in the EEA/UK and wish to request additional information about our transfer mechanisms, please contact privacy@veesta.co.

10. Data retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and for legitimate business purposes. Specific retention periods vary by data type:

• Account and profile data: retained while account is active and for a reasonable period after account closure for backup, compliance, and fraud detection (typically up to 2 years unless otherwise required).
• Support & communications: retained for the period necessary to resolve requests and for record keeping (commonly 2–5 years).
• Transactional and billing data: retained for tax and accounting obligations (commonly 7 years or as required by law).
• Log data & telemetry: retained for security, performance, and product analytics; aggregated or anonymized where possible; specific retention depends on system and product needs (commonly 6–24 months).
• Uploaded brand data (customer content): retained according to our customer agreements (customers can request export or deletion per contract). After account termination, we will delete or anonymize customer content in accordance with the contract, subject to backups and legal obligations.

If you have a specific retention request (including deletion), contact privacy@veesta.co. We will respond consistent with applicable laws and contractual obligations.

11. Security practices

Veesta implements reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, alteration, or disclosure. These measures may include encryption in transit and at rest, access controls, logging, monitoring, vulnerability scanning, and regular security audits and third-party assessments.

Despite these measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of personal data.

If we become aware of a data breach affecting personal information that creates a real risk of harm, we will comply with applicable breach notification laws and take reasonable steps to notify affected individuals and regulators in a timely manner.

12. Third-party services and integrations

Veesta may integrate with or use third-party service providers (e.g., analytics, CRM, email, cloud hosting, payments, AI providers). These vendors may have their own privacy policies and processing practices. We recommend that you review third-party privacy policies before authorizing integrations. When you enable an integration, you authorize Veesta to share the requested data with that third party.

13. Links to other sites

Our Services may contain links to third-party websites that are not operated or controlled by Veesta. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices of those websites. You should read their privacy policies before providing personal information.

14. Changes to this Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, regulatory requirements, or the Services. If we make material changes, we will provide notice via email (if you are an account holder) or by posting a prominent notice on the Services. We will indicate the date the Policy was last revised at the top of this page.

15. Contact information & Data Protection Officer (DPO) / privacy contact

If you have questions about this Privacy Policy, to exercise your privacy rights, or to make a complaint, please contact us at:

If you are an individual in the EEA/UK and have unresolved concerns, you may also lodge a complaint with your local supervisory authority.

16. Effective date

This Privacy Policy is effective as of October 17, 2025.