Privacy policy
Veesie is a ClickForest product. This privacy policy explains which personal data we process, why, and what rights you have. Version 1.0, effective from 26 May 2026.
1. Data controller
The data controller for Veesie is:
Manon BV (trading as ClickForest)
Zwarte Leeuwstraat 78A, 2820 Bonheiden, Belgium
Company number / VAT: BE 0549.803.522
Email: hello@veesie.com
Website: veesie.com
2. Which personal data do we process?
| Category | Examples | Source |
|---|---|---|
| Account data | Email address, name, hashed password | You provide them yourself at registration |
| Organization data | Company name, chosen plan, onboarding status | Created at first login |
| Service usage | Clients, prompts, run results, AI answers, tokens, cost per call | Generated by using Veesie |
| Billing | Payment reference, Stripe customer ID | Via Stripe Checkout (only on a paid plan) |
| Technical data | IP address (edge level, not stored in our DB), browser session token | Automatically via Cloudflare Workers |
| Trial hash | SHA-256 hash of the email address | Created on completing onboarding (see section 5) |
We process no special categories of personal data (such as health data, political opinions or biometric data).
3. Purposes and legal bases
| Purpose | Legal basis (GDPR) |
|---|---|
| Delivery of the service (dashboard, runs, analytics) | Art. 6(1)(b): performance of the contract |
| Authentication and session management | Art. 6(1)(b): performance of the contract |
| Billing and subscription management | Art. 6(1)(b) + Art. 6(1)(c): legal obligation (accounting law) |
| Email notifications about runs and alerts | Art. 6(1)(b): performance of the contract |
| Anti-abuse: preventing repeated free trials | Art. 6(1)(f): legitimate interest (see section 5) |
| Internal operational statistics (cost, usage) | Art. 6(1)(f): legitimate interest |
4. Retention periods
| Data | Retention period |
|---|---|
| Account data, clients, prompts, run results | As long as your account is active. After deletion: erased immediately (cascade). |
| Invoice data | 7 years (legal accounting retention obligation) |
| Trial hash (SHA-256) | Indefinite (see section 5 for explanation and right to object) |
Operational cost logs (usage_events) | 12 months, then deleted automatically |
5. Trial history: SHA-256 anti-abuse hashing
trial_history). This is a pseudonymous, non-reversible fingerprint. The original email address cannot be recalculated from this hash.Why?
Veesie offers a free trial on sign-up. Without a measure, a user could delete their account and sign up again with the same email address to get a new free trial. The hash registration prevents this abuse: on a new sign-up we check whether the hash already exists. If so, the new trial starts immediately as expired.
Legal basis
Art. 6(1)(f) GDPR: legitimate interest. Our interest is the commercial integrity of the trial model and preventing systematic abuse. We weigh this against your privacy interest: the hash is pseudonymous (not directly identifiable), the email address itself is not stored, and its only function is binary detection (has this address ever had a trial: yes/no).
Objecting (Art. 21 GDPR)
You can object at any time to the processing of your trial hash via hello@veesie.com. We assess your request within 30 days. If the objection is well-founded, we delete the hash from trial_history.
6. Recipients and subprocessors
| Subprocessor | Function | Location |
|---|---|---|
| Supabase (Postgres + Auth) | Database, authentication | EU (Frankfurt) |
| Cloudflare (Workers) | Application hosting, edge processing | Global edge, processing in the nearest EU region |
| Resend | Transactional email (notifications, reports) | EU region |
| Stripe | Payment processing (only on a paid plan) | Ireland (EU) |
| Sentry | Error monitoring (error tracking) | EU (Frankfurt, Germany) |
| Google Analytics 4 | Website statistics (only after cookie consent) | US (Google LLC), based on SCCs |
| OpenAI, Anthropic, Google, Perplexity | LLM calls (prompts are sent to the providers) | US / EU (depending on the provider). Answers are stored in the EU DB. |
Note on LLM providers: the prompts you configure in Veesie are forwarded to the relevant AI providers for processing. They usually contain no personal data (they are questions about your brand, not about people). Do check that your prompts themselves contain no personal data.
We never share personal data with third parties for marketing or profiling purposes.
Role with customer data: you are responsible for the lawfulness of the data you enter into Veesie. For personal data you provide as a customer and that we process on your behalf, we may act as a processor within the meaning of the GDPR. A data processing agreement is available on request via hello@veesie.com.
7. International transfers
The core data (account, clients, results) is stored exclusively in the EU (Supabase Frankfurt). LLM calls go to providers outside the EU (including OpenAI and Anthropic in the US). These transfers happen on the basis of the Standard Contractual Clauses (SCCs) offered by the relevant providers.
8. Your rights
Under the GDPR you have the following rights:
- Access (Art. 15): you can request which data we hold about you.
- Rectification (Art. 16): have incorrect data corrected.
- Erasure (Art. 17): delete your account and all associated data. You do this yourself via Dashboard, Settings, Delete account, or by email.
- Restriction (Art. 18): have processing temporarily restricted.
- Portability (Art. 20): request a copy of your data in machine-readable format. You can do this yourself via Dashboard, Settings, Privacy (JSON export).
- Objection (Art. 21): object to processing based on legitimate interest (including the trial hash).
Send your request to hello@veesie.com. We respond within 30 calendar days.
You also have the right to lodge a complaint with the Belgian Data Protection Authority (DPA).
9. Cookies and tracking
Strictly necessary cookies (no consent required): a session cookie for authentication (Supabase Auth) and security cookies from Cloudflare and Cloudflare Turnstile (bot protection on the sign-up and contact pages).
Analytics cookies: for website statistics we use Google Analytics 4. These are only placed after you give consent via the cookie banner, and you can withdraw that choice at any time. We use no advertising cookies.
10. Changes
For material changes to this policy we send an email notification to all active users and update the date at the top. Minor editorial changes are made without separate notice.
11. Contact
For questions, requests or complaints about privacy: hello@veesie.com.
Back to veesie.com