Compliance
Confidentiality, not anonymity — designed so regulated buyers can actually buy.
This page is maintained by the VEIL project. It describes controls implemented in code and process. It is not a certification.
VEIL follows the “confidentiality, not anonymity” model championed by the Solana Foundation, applied to data. Contributors are known and consenting, data is encrypted, buyers receive verifiable aggregate insight, and a designated auditor path keeps regulated use compliant. Nothing on this page waives contributor consent rights.
Designated auditor keys can inspect specific query results under a documented legal process — without exposing individual records.
Every computation carries an NVIDIA CC / AMD SEV attestation proving approved code ran on genuine hardware.
Queries below the network floor (default k=25) are rejected before any data is loaded — no override.
Every contributor's cumulative ε is tracked on-chain; when exhausted, they are excluded until reset.
Every consent change writes to ConsentRegistry with a timestamp and scope diff — queryable by regulators.
Governance changes touching contributor safety carry 7 to 21-day timelocks so contributors can react.
Coordinated disclosure. Report privately before public discussion. We acknowledge within one business day and remediate on severity-based timelines.
Enclave attestation failures halt affected queries automatically. Post-incident, we publish a proof-referenced writeup and any governance changes required.