Privacy Policy
Effective: April 4, 2026
1. Who We Are
Veevo ("we", "us", "our") operates the Veevo platform at getveevo.io — a video conferencing and collaboration service designed for schools, districts, and small organizations. Our contact email for privacy matters is support@getveevo.io.
2. Information We Collect
We collect information you provide directly to us when you register or use our platform:
- Account information: name, email address, password (stored as a secure hash), and organization name.
- Profile data: role within your organization (administrator, teacher, student, member).
- Usage data: session start/end times, participant counts, recording metadata, attendance records, poll responses, and chat messages within sessions.
- Technical data: IP address (collected at login and registration for security purposes), browser type, and device type.
- Payment information: billing email and Stripe customer ID. We do not store full card numbers — payment processing is handled by Stripe, Inc.
- COPPA-related data (where applicable): date of birth and parent/guardian email, collected only when an organization has enabled parental consent requirements for student accounts.
3. FERPA Compliance
Veevo operates as a School Official under FERPA (20 U.S.C. § 1232g) when contracted by educational institutions. As such:
- We use student education records solely to provide the contracted service — we do not sell, share, or use them for advertising.
- The educational institution (administrator) retains control over student data and is responsible for obtaining any required parental consent.
- Students and their parents may request access to or deletion of records by contacting their school administrator, who can submit a request to support@getveevo.io.
- We support configurable data retention periods. When an organization's data retention window expires, session recordings and attendance logs are eligible for automated deletion.
4. COPPA Compliance (Children Under 13)
Veevo does not knowingly collect personal information from children under 13 without verifiable parental consent. When an educational institution enables the parental consent requirement for their account:
- Students are asked to provide their date of birth during account creation via invitation.
- Students identified as under 13 must provide a parent or guardian email address before their account is activated.
- A parental consent notification is sent to the provided email. The account remains in a pending-consent state until consent is confirmed.
- If consent is not received within 14 days, the student account is automatically deactivated.
- Parents and guardians may review, update, or request deletion of their child's information by contacting support@getveevo.io.
If your school does not enable the parental consent requirement, you (the administrator) represent that you have obtained all necessary consents and authorizations under applicable law, including COPPA.
5. How We Use Your Information
- To provide, operate, and improve the Veevo platform.
- To authenticate users and maintain session security.
- To generate attendance, session, and analytics reports for your organization.
- To process billing and subscription management through Stripe.
- To send transactional emails (invitations, password resets, consent notices).
- To maintain audit logs for security and legal compliance.
We do not use student data for advertising, profiling, or any purpose other than providing the educational service.
6. Data Sharing and Third Parties
We do not sell your personal information. We share data only with the following categories of service providers, under strict data processing agreements:
- Real-time video infrastructure provider — powers live video and audio for class sessions. Session media is processed through their servers during live classes.
- Stripe, Inc. — payment processing for paid subscriptions.
- Neon Tech, Inc. — managed PostgreSQL database hosting.
We may disclose information if required by law, court order, or to protect the rights and safety of users.
7. Data Retention
We retain children's personal information only as long as necessary to provide the educational service, and no longer. Organization administrators can configure their retention window from the dashboard. The table below summarizes what we keep, for how long, and why:
| Data type | Retention period | Reason for retention |
|---|---|---|
| Session recordings & attendance logs | 365 days by default (school-configurable) | Allows teachers and administrators to review class sessions and verify attendance for the academic year. |
| Student account records | Until deleted by school or parent request | Required to maintain the active student account and allow the student to join classes. Deleted immediately upon verified request. |
| Parental consent records | Duration of student account + 3 years | Legal requirement under COPPA to retain evidence of verifiable parental consent for the duration of the account and a reasonable period thereafter. |
| Audit logs | 7 years minimum | Required for legal compliance, security investigations, and regulatory audits. The 7-year period aligns with standard statutory limitation periods. |
| Organization & billing records | Until organization is deleted or requests deletion | Needed to maintain active subscriptions, process payments, and provide service continuity. Billing records are retained 7 years for tax and accounting requirements. |
Indefinite retention is prohibited. When a retention window closes, data is automatically purged. To request early deletion, contact support@getveevo.io.
8. Your Rights
Depending on your location, you may have the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data (subject to legal retention obligations).
- Export your organization's data (available through the dashboard for administrators).
- Withdraw consent (where processing is based on consent).
To exercise these rights, contact support@getveevo.io. We will respond within 30 days.
9. Security
We implement industry-standard security measures including Argon2id password hashing, TLS encryption in transit, rate limiting on authentication endpoints, account lockout after repeated failed attempts, and IP-based audit logging for all authentication events.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email and through a notice in the platform. Your continued use after the effective date constitutes acceptance of the updated policy.
11. Contact
For privacy questions, data requests, or COPPA/FERPA concerns, contact us at:
Veevo Privacy Team
support@getveevo.io