Security
Built with security in mind
Veld is in beta — we're continuing to harden the platform as we approach GA. The summary below covers our current posture. Questions? Email [email protected].
Magic-link authentication
We never collect or store passwords. Sign-in uses a one-time magic link delivered to your verified email address, with short-lived tokens and rotation-safe sessions.
Encrypted in transit and at rest
Every connection between Veld clients and our API is TLS-encrypted. Message history and file metadata live in PostgreSQL with disk-level encryption; uploaded files live in S3-compatible storage with server-side encryption.
Least-privilege access
Production credentials are rotated regularly and scoped to the smallest set of services that need them. Database, storage, and email keys are siloed per environment.
Per-organization isolation
Every API request is scoped to a single organization at the database layer. Member roles (owner, admin, member, client) gate write access to billing, members, and channel administration.
Stripe-managed billing
We do not see or store credit card numbers. All payment information is collected and processed by Stripe; Veld only stores Stripe customer and subscription identifiers.
See also our privacy policy and terms of service.