Last updated: April 4, 2026
Veniara (“we,” “us,” or “our”) provides a cloud-based client portal for professional services firms (“Customers”). Our Customers use Veniara to exchange documents, messages, invoices, and other information with their own clients (“End Users”). This Privacy Policy describes how we collect, use, store, and protect personal information.
When we act as a Data Controller: We are the data controller for the personal information of our Customers (accounting firm owners and staff who sign up for Veniara). We determine the purposes and means of processing this data to provide our service.
When we act as a Data Processor: We are a data processor for End User data (the accounting firm's clients). Our Customers determine what End User data is collected and how it is used. We process this data solely on behalf of and under the instructions of our Customers. If you are an End User, please contact your accounting firm directly regarding your personal data — they are the data controller for your information.
Account Information (Customers): Name, email address, firm name, and password when you create an account.
End User Information (provided by Customers): Name and email address of your clients, as entered by you. We do not independently collect End User information.
Content Data: Files, messages, questionnaire responses, invoices, and e-signatures that Customers and End Users upload or submit through the platform.
Payment Information: Billing details are collected and processed directly by Stripe, our payment processor. We do not store credit card numbers. See Stripe's Privacy Policy.
Automatically Collected Information: IP addresses, browser type and version, device information, access timestamps, pages visited, and referring URLs. This data is collected through server logs (Vercel) and is used for security monitoring and service improvement.
We do not use your data for advertising, sell your data to third parties, or use End User content data for any purpose other than providing the service.
We use the following third-party service providers (sub-processors) to operate Veniara:
All sub-processors maintain SOC 2 Type II certifications. We will notify Customers at least 30 days before adding new sub-processors.
All data is stored in the United States on AWS infrastructure. Data is encrypted at rest using AES-256 and in transit using TLS 1.3. Database access is controlled through Row-Level Security (RLS) policies that enforce tenant isolation at the database engine level. See our Security page for technical details.
Active accounts: Data is retained for the duration of your subscription.
Account cancellation: Upon cancellation, your data will be available for export for 30 days, after which it will be permanently deleted from production systems.
Backups: Automated database backups are retained for 30 days and then permanently deleted. Backup data is encrypted at rest.
Legal holds: We may retain data longer if required by law, legal process, or valid governmental request.
Stripe: Payment data retained by Stripe is subject to Stripe's retention policy.
Depending on your jurisdiction, you may have the following rights:
To exercise these rights, contact us at privacy@veniara.com. We will respond within 30 days.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
To make a CCPA request, contact privacy@veniara.com.
If you are in the European Economic Area (EEA) or United Kingdom, the following applies:
Legal Basis: We process your personal data based on: (a) performance of a contract (providing the service), (b) legitimate interests (security monitoring, service improvement), and (c) legal obligations (tax and accounting requirements).
International Transfers: Your data is stored in the United States. We rely on Standard Contractual Clauses (SCCs) for lawful transfer of data from the EEA to the US.
Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.
Data Processing Agreement: A DPA is available upon request for Customers who require one. Contact legal@veniara.com.
We use essential cookies only for authentication (maintaining your login session). We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Stripe's payment processing may set its own cookies subject to Stripe's cookie policy.
Veniara is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
In the event of a data breach that compromises the security of personal information, we will: (a) notify affected Customers within 72 hours of discovery, (b) provide details about the nature of the breach, data affected, and remediation steps, and (c) cooperate with Customers in meeting their own notification obligations to End Users and regulatory authorities.
We may update this policy from time to time. We will notify Customers of material changes via email at least 30 days before the changes take effect. Continued use of the service after changes constitutes acceptance.
For privacy-related questions: privacy@veniara.com