Valyu Logo

Privacy Policy

See how Valyu collects, uses, and protects your data. We explain what information we collect and how we handle it.

VALYU PRIVACY POLICY

Last updated: October 20 2025

Valyu.Network LTD (“Valyu”, “we”, “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website, APIs, products, and related services (“Services”).

We are the data controller for personal data processed in connection with the Services.

1. Information We Collect

We collect the following categories of data when you use the Services:

1.1. Account Information

When you create an account, we collect:

  • Name
  • email address
  • organisation (optional)
  • password and authentication token
  • billing information (if applicable)

1.2. API Usage & Logs

When you call our APIs, we automatically collect:

  • request metadata (IP address, timestamp, endpoint called)
  • API key used
  • query size / tokens / parameters
  • latency, error logs, performance metrics
  • device and browser information (for dashboard usage)

We do not use query data or logs to train machine learning models.

1.3. Query Content (“Customer Data”)

This includes:

  • text prompts
  • search queries
  • documents you upload
  • instructions or metadata you send to our API

We process Customer Data only to:

  • return results
  • improve API performance (e.g., caching, routing)
  • secure our systems
  • prevent abuse
  • comply with legal or contractual obligations

We do not use Customer Data to train models or build datasets.

We do not share Customer Data with publishers or third parties except as required by law.

1.4. Payments

If you buy credits or subscribe to a plan, your payment details are processed by our payment provider (e.g., Stripe).

We do not store full payment card numbers.

1.5. Communications

If you contact us, we process:

  • messages
  • support requests
  • feedback
  • email metadata

2. How We Use Your Data

We use personal data for the following purposes:

2.1. To provide and operate the Services

  • creating account
  • processing API calls
  • returning Outputs
  • enforcing rate limits and caching rules

2.2. To secure our systems

  • detecting abuse, misuse, or harmful behaviour
  • preventing violations of our AUP
  • blocking malicious traffic
  • protecting Partner-licensed content

2.3. To monitor and improve performance

  • latency measurement
  • error debugging
  • endpoint optimisation
  • API routing
  • indexing and search performance

2.4. To communicate with you

  • account notifications
  • usage alert
  • product updates
  • billing communications

2.5. To comply with our legal obligations

Including:

  • UK GDPR
  • Publisher licensing agreements
  • law enforcement requests (rare; disclosed only when legally required)

3. Lawful Bases for Processing (GDPR)

We process personal data under the following lawful bases:


Purpose . Lawful Basis

Providing the Services Contract

Securing the platform Legitimate Interests (Art. 6(1)(f))

Preventing abuse Legitimate Interests

Analytics and performance Legitimate Interests

Account Notifications Consent / Legitimate Interests

Marketing (optional). Consent (Art. 6(1)(a))

Billing & payments Contract

Legal Compliance Legal Obligation

We balance legitimate interests with user rights in accordance with GDPR.

4. Data Sharing

We do not sell or rent personal data.

We share data only with:

  • Service providers: cloud hosting, analytics, payments, security (under strict confidentiality).
  • Contracted publishers: never Customer Data—only aggregate usage metrics required under license terms.
  • Regulators or authorities: only if legally required.

We do not expose customer identifiers to publishers.

5. International Transfers

We store and process data in:

  • United Kingdom
  • European Union
  • United States (for certain infrastructure vendors)

Transfers to non-UK/EU countries are protected by:

  • adequacy decisions, or
  • Standard Contractual Clauses (SCCs)

6. Data Retention

6.1. Customer Data (Query Content)

  • Stored only as long as necessary to process a request
  • Deleted automatically within a short operational window (typically 24–72 hours) unless logs are legally required

Restricted publisher content is never stored.

6.2. API Logs

We retain:

  • security logs: up to 90 days
  • performance logs: up to 30 days
  • billing logs: up to 7 years (legal obligation)

6.3. Account Information

Retained until your account is deleted.

7. Your Rights (GDPR & UK GDPR)

You have the right to:

  • access your personal data
  • correct inaccurate data
  • delete your data (subject to legal exceptions)
  • restrict processing
  • object to processing based on legitimate interests
  • withdraw consent (where applicable)
  • data portability (for account data)

To exercise rights: contact@valyu.ai

8. Security

We use industry-standard technical and organisational measures, including:

  • encryption in transit
  • strict access controls
  • rigorous key management
  • audit logs
  • monitoring for misuse
  • data minimisation
  • publisher-specific access controls

No system is 100% secure, but we take appropriate steps to protect your data.

9. Children

We do not knowingly collect data from children under 16.

If we discover such data, we delete it promptly.

10. Third-Party Links

Our website may contain links to external sites.

We are not responsible for their privacy practices.

11. Changes to This Policy

We may update this Privacy Policy.

Material changes will be communicated through the dashboard, email, or website.

12. Contact

For privacy inquiries, you can reach us at:

contact@valyu.ai