Veda AIPROJECT GOVERNANCE
Back to Dashboard

Privacy Policy

Veda AI

Last updated: February 2026

1. Overview

Veda AI ("we," "our," or "us") is a project management health analytics platform that helps teams monitor project performance, identify risks, and improve delivery. This Privacy Policy describes how we collect, use, store, and protect your information when you use our services.

By using Veda AI, you agree to the practices described in this policy. If you do not agree, please do not use our services.

2. Data We Collect

We collect the following categories of data:

  • Account data: Email address, name, and authentication credentials when you sign up or log in.
  • Project data: Information from your Connected Services (e.g., project names, task keys, status, metrics) that you choose to sync.
  • Usage data: How you interact with the platform (e.g., pages viewed, features used) to improve our product.
  • Feedback: Optional anonymized diagnosis snapshots when you report issues, used solely to improve our analytics.

2a. Personal Data

If you agree to use our services, we store your user ID (from your authentication provider, e.g., Supabase Auth) to enable access control, permissions, and reporting features on the Dashboard. Your user ID is used solely to:

  • Authentication and authorization: To identify you and ensure you can access only your own data.
  • Dashboard and reporting: To associate project data, sync history, and analytics with your account so you can view and manage your portfolio.

We do not sell or share your user ID with third parties for marketing purposes. You can request deletion of your account and associated data at any time (see Section 8).

3. Connected Services

Veda AI integrates with third-party project management and development tools (collectively, "Connected Services"). These include:

  • Currently supported: Jira (Atlassian), via OAuth 2.0.
  • Planned integrations: GitHub, Backlog, Asana, Monday.com, and similar tools.

When you connect a Connected Service, we access only the data necessary to compute project health metrics (e.g., SPI, CPI, task status). We do not access or store content beyond what is required for analytics. You control which projects and data sources are connected.

Each Connected Service has its own privacy policy. We encourage you to review their policies when authorizing access.

4. AI & Analytics

We use artificial intelligence and analytical models to process your project data for the following purposes:

  • Computing project health indicators (e.g., Schedule Performance Index (SPI), Cost Performance Index (CPI)).
  • Identifying risks, blind spots, and patterns (e.g., shadow work, optimism bias, team burnout signals).
  • Generating forecasts and what-if simulations to support decision-making.

Important: We do not use your data to train or improve public or third-party AI models. Your project data is processed solely to deliver analytics within your account and is not shared for model training purposes.

5. Data Security & Storage

Your data is stored and managed using Supabase, a secure cloud infrastructure provider. We implement industry-standard measures to protect your information:

  • Encryption: Data at rest is encrypted. Sensitive credentials (e.g., OAuth tokens) are encrypted with AES-256-GCM before storage.
  • Access control: Row-level security (RLS) ensures users can access only their own data.
  • Transmission: All data in transit is protected via TLS/HTTPS.

Supabase is SOC 2 compliant and provides robust security controls. For more information, see Supabase Security.

5a. Security Excellence

We align our security practices with industry standards and multi-tenant isolation so your data stays strictly separated from other customers.

  • OWASP alignment: We address OWASP Top 10 risks: broken access control (A01), injection (A03), and authentication failures (A07). All API inputs are validated with schemas; credentials are never stored in code; and every table is protected by Row Level Security (RLS).
  • Tenant isolation: Every query is scoped by workspace. You only see and act on data in workspaces where you are a member. RLS policies enforce that project, connector, and analytics data cannot leak across tenants. Our security audits confirm workspace-scoped policies on all relevant tables.
  • Least privilege: We use the most restrictive RLS policies possible. Service-role bypass is limited to server-side operations (e.g. sync jobs) and never exposes cross-tenant data to the client.

6. Permissions & Access

We are committed to transparency about the permissions we request from Connected Services:

  • Read-only access: For most integrations (e.g., Jira), we request read-only or minimally scoped permissions. We do not modify, delete, or create data in your Connected Services unless you explicitly trigger such actions.
  • Limited scope: Permissions are tailored to the purpose you select (e.g., syncing specific projects). You can revoke access at any time through the Connected Service or our Integrations settings.
  • User control: You choose which projects to sync and which data to include. We do not access data beyond what you authorize.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete or anonymize your personal and project data within 30 days, except where we are required to retain data for legal or regulatory purposes.

Feedback and anonymized snapshots may be retained in aggregated form to improve our services, but they do not contain personally identifiable information.

8. Your Rights

Depending on your location, you may have the right to:

  • Access and receive a copy of your personal data.
  • Correct or update inaccurate data.
  • Request deletion of your data.
  • Object to or restrict certain processing.
  • Data portability.
  • Withdraw consent where processing is based on consent.

To exercise these rights, please contact us using the details in Section 9. We will respond within the timeframe required by applicable law.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

We may update this policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

Privacy Policy | Veda AI | Veda AI