VedaVel

Security posture

Security and Data Handling

Vedavel Technologies builds privacy-conscious, secure, customer-controlled products. Our offerings are designed to help reduce manual effort while protecting sensitive business data, source code, documents, and operational information. Minor legal-team follow-up changes may be incorporated later.

Posture

Security principles for customer-controlled deployments.

Vedavel products are designed to run in customer-controlled environments.

  • Local-first processing where possible.
  • Customer control over sensitive repositories, documents, indexes, reports, and logs.
  • Explicit customer approval before enabling external or cloud processing.
  • Transparent reports, generated artifacts, and audit-friendly outputs.
  • Separation between static or local analysis and optional AI-assisted analysis.

Deployment

Supported deployment models and control boundaries.

Local-first and private-environment deployments are central, with cloud-connected options remaining optional.

  • Customer laptop or workstation.
  • Customer server or internal network.
  • On-prem infrastructure.
  • Customer-managed private cloud.
  • Restricted-network or air-gapped environments where supported.
  • Optional cloud-connected or managed components where separately agreed.

Data categories

Customer data categories that may be processed.

Scope depends on enabled features and customer-selected deployment patterns.

  • Source code repositories, dependency files, configuration files, build files, manifests, and lockfiles.
  • Documents, PDFs, DOCX files, images, scanned files, OCR outputs, and knowledge files.
  • Indexes, embeddings, reports, summaries, citations, and audit outputs.
  • Local logs, diagnostics, support bundles, and temporary artifacts.
  • Optional prompts, responses, snippets, metadata, and context used by AI/LLM-assisted features.

Default handling

Default data handling position.

Sensitive customer material is expected to remain under customer control by default.

  • Vedavel does not require customers to upload repositories or private documents to Vedavel cloud systems by default.
  • Customer repositories, private documents, and generated artifacts are not uploaded to Vedavel by default.
  • Vedavel does not train public AI models on Customer Content.
  • Vedavel does not sell Customer Content.
  • Vedavel does not access local deployment data unless the customer shares it or enables an external feature.
  • Generated reports and artifacts remain in customer-designated environments by default.

AI and LLM controls

AI/LLM data-flow controls and approvals.

Cloud or LLM integrations are optional and customer-configured.

  • Local AI/LLM mode can process prompts and outputs within customer-controlled environments.
  • Cloud AI/LLM mode may send selected data to customer-approved providers depending on customer configuration.
  • Control options may include engine selection, customer-provided API keys, feature enablement, dry-run or preview, audit logs, and configuration separation between static and AI-assisted analysis.
  • Customers approve cloud AI/LLM usage and review provider privacy, security, retention, and training policies.
  • AI-assisted outputs are decision-support outputs and must be reviewed before business, legal, security, compliance, migration, rewrite, or production use.

Access and encryption

Access control, encryption posture, and secrets hygiene.

Security responsibilities are shared based on who controls each environment.

  • For systems under Vedavel control, least-privilege principles are followed.
  • Possible measures include role-based access, restricted administrative access, strong authentication, access reviews, confidentiality commitments, and segregation of duties.
  • For local and on-prem deployments, customer administrators control local users, OS access, repositories, documents, networks, secrets, and credentials.
  • Encryption in transit and at rest is recommended where applicable; website and supported network communications should use HTTPS/TLS.
  • Customers should enable storage encryption, backup encryption, network protections, and secure secrets management in customer environments.
  • Credentials and API keys should not be committed to repositories, logs, reports, or support bundles.

Logs and artifacts

Generated artifacts can contain sensitive details.

Treat generated operational artifacts as sensitive when they include internal or customer-specific context.

Generated logs, reports, intermediate files, indexes, embeddings, audit records, prompts, model responses, and diagnostic artifacts may contain sensitive details such as paths, file names, dependency versions, configuration details, document extracts, code snippets, AI prompts/responses, and findings. Local logs, indexes, embeddings, reports, and temporary artifacts should be stored in customer-controlled access-restricted locations.

Practices and response

Secure development, vulnerability reporting, and incident handling.

Operational processes focus on practical controls without certification or absolute outcome claims.

  • Secure development practices may include code review, controlled release process, dependency review and patching where applicable, validation before production release, security-focused testing, regression checks, and avoidance of unnecessary data collection.
  • Optional AI features are separated from baseline local and static features where possible.
  • Security reports may be sent to hello@vedavel.com and should include affected product, version where applicable, issue description, reproduction steps, potential impact, and contact details.
  • Researchers should not access, modify, delete, or exfiltrate customer data and should not disrupt systems.
  • If Vedavel becomes aware of a security incident affecting systems under Vedavel control, Vedavel will investigate and take reasonable steps to contain, remediate, and notify affected parties as required by applicable law or contract.
  • For local and on-prem deployments, customers monitor and respond in their own environments unless a managed service or support agreement applies.

Product notes

Product-specific security and handling notes.

Examples below help define practical customer review expectations by product family.

  • TechStackAnalyserUpgrader-like products may scan repositories, dependency files, build and configuration files, selected source files, and generated reports; customers should review configuration before enabling semantic, upgrade, rewrite, or cloud LLM features.
  • DocuMind-like products may process documents, PDFs, OCR outputs, embeddings, indexes, retrieval results, citations, and answer outputs; customers should treat indexes, embeddings, summaries, and citations as sensitive where derived from confidential documents.
  • ChoiceVel may process counselling preference inputs, rank/cutoff/category/community/location/branch preferences, sample or public datasets, and recommendation outputs; outputs are guidance only and do not guarantee admission.
  • Mainframe analyser may process legacy source code, jobs, copybooks, data-flow evidence, and generated dependency reports; customers should treat generated modernization artifacts as confidential.
  • IDMS to PostgreSQL migration tools may process schemas, unload files, mappings, generated DDL, converted data, logs, and validation reports; customers should use masked or test data where appropriate and validate migration outputs.

Security

Security questions can be reviewed with Vedavel.

Contact hello@vedavel.com for security and data-handling questions. This page reflects policy-pack integration and may receive minor legal-team follow-up changes.

Contact VedaVel