Trust & Security

Last updated: May 2026  ·  Vaelara Ltd, ICO registration ZB980653

How we think about security

Security is not a feature layer for us. It is a design assumption. We build on the basis that networks are untrusted, devices can be lost, and sensitive data should remain unreadable to anyone outside the intended conversation.

End-to-end encryption

All communication through our products is encrypted on the sending device before it leaves. We do not hold keys. We cannot read your messages or call data, and we design our systems so that no future us could. Encryption is applied at the application layer: not just in transit.

Vaelara Eirys (video)

Encrypted video and device data sessions. Calls are established as direct peer-to-peer connections where the network allows it. Our relay infrastructure is used only when a direct connection can't be established, and relay traffic is encrypted: we do not decrypt it at the relay point.

Vaelara Rhun (off-grid messaging)

Messages are encrypted before they leave the device and can only be decrypted by the intended recipient. The mesh routing means messages may pass through intermediate devices to reach their destination: those intermediate devices cannot read the content.

Vaelara Skyglass (airspace monitoring)

Passive RF listening only. The system does not transmit. Detection logs are stored locally or within the customer's own infrastructure. No detection data is sent to Vaelara systems unless explicitly configured by the customer.

Our infrastructure

Our backend services run on infrastructure hosted within the EU and UK. We use Cloudflare Workers for edge functions, including our contact form handler. We apply the principle of least privilege throughout: services only have access to what they need to do their job.

Website security

This website is built to run with a restrictive Content Security Policy, no inline JavaScript, and additional browser protections including frame and referrer controls. Where our hosting platform supports it, we apply these controls as HTTP response headers. We do not load advertising or analytics scripts.

Responsible disclosure

If you discover a security vulnerability in any of our products or this website, please contact us at [email protected]. We'll respond promptly and treat all reports in confidence.

Compliance

• ICO registered: ZB980653
• UK GDPR-aligned data handling and privacy controls
• Data processing agreements available on request

Contact

For security or compliance questions, email [email protected] or use our contact form.