vesxo
Legal Center

Privacy Policy

Last updated: May 20, 2026. Learn how we securely protect and manage your data.

AES-256 Encryption

All your API keys and access tokens are encrypted at rest with industry-standard GCM algorithms.

Zero Data Selling

We never sell, rent, or trade your data. Your information is used strictly to execute your commands.

Google Compliant

Fully aligned with Google API Services User Data Policy, including Limited Use requirements.

1. Introduction

Welcome to **Vesxo** (also referred to as "Vesxo", "we", "our", or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy describes how we collect, store, encrypt, and process your information when you connect your AI agents to third-party tools (such as Gmail, Slack, HubSpot, etc.) using our gateway.

2. Information We Collect

To provide our AI Gateway service, we collect the following types of information:

  • Account Information: Your email address, full name, and billing details provided during registration.
  • Connected Tool Credentials (MCPs): API keys, webhook URLs, or OAuth tokens (such as Google OAuth refresh tokens) that you explicitly provide to connect tools.
  • AI Client Tokens: Token parameters generated to bind and authenticate your local AI agents (Claude, Cursor, etc.).
  • Security Log Metadata: IP address, origin country, time of request, and response status, collected solely to power our real-time security anomaly scanner.

3. How We Use and Protect Your Data

Your connected tool credentials are **never stored in plain text**. Every API key or OAuth token is encrypted immediately upon submission using authenticated **AES-256-GCM** encryption under our `MASTER_ENCRYPTION_KEY`.

We only decrypt credentials in volatile memory on-the-fly for the millisecond-duration required to securely forward your authorized AI commands to the respective Cloudflare Worker.

Google API Services - Limited Use Disclosure

Vesxo's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We do not use Gmail/Calendar data for developing, training, or improving generalized AI models. Data is only utilized to complete specific user-prompted commands (e.g., sending an email).

4. Third-Party Services and Subprocessors

We coordinate with specific certified subprocessors to run the platform:

  • Supabase: For user authentication, profiles, and encrypted database records.
  • Cloudflare: For secure worker edge execution and proxy routing.
  • Paddle: For sandbox and production billing and subscription operations.

5. Contact Us

If you have any questions or concerns regarding our Privacy Policy or your data rights, please contact our privacy compliance officer:

Email: support@vesxo.com
Web: https://vesxo.com