Privacy & data use
What we collect
- Account: email, password hash, verification state, plan tier, API key metadata (not secret values).
- Usage: subscriptions, delivery logs, supplier push activity, and VEXpert session counters (Grok/feedback daily limits).
- Beta feedback: interview transcript in memory until send; email draft; optional screenshots you attach (PNG/JPEG/WebP/GIF).
How we use it
StreamingVEX operates the unified VEX catalog, ingest, and subscriber delivery. Your email is your account identifier. We send transactional mail (verification, password reset, exploit alerts when subscribed, beta feedback copies).
What is public in the catalog
Approved public pull and supplier-published catalog entries expose supplier name, product name, release labels, and VEX document metadata to anyone browsing /ui/catalog or the public API. Subscriber-only sources are not listed until published. Do not submit secrets in VEX JSON or feedback screenshots.
Beta feedback & screenshots
When you send beta feedback through VEXpert, we email you (To) and platform operators (Bcc). Screenshots are stored temporarily on the API host until send or cancel, then deleted. An audit row records subject and redacted body — not image bytes.
Processors
Hosting (e.g. Railway), email (SMTP or Resend), and optional xAI Grok for VEXpert may process data under their terms. Grok intake for feedback uses a dedicated prompt — not your full account secrets.
Retention
Account data persists until you request deletion. Delivery logs rotate by plan tier. Feedback temp files expire with the VEXpert session TTL.
Contact
Questions: support@streamingvex.org