Trust & Security

Last updated: April 2026  ·  Vaelara Ltd, ICO registration ZB980653

How we think about security

Security isn't a layer we bolt on. It's the starting point. Every product we build assumes the network is untrusted, the device may be lost, and the data mustn't be readable by anyone it wasn't intended for. We work backwards from there.

End-to-end encryption

All communication through our products is encrypted on the sending device before it leaves. We do not hold keys. We cannot read your messages or call data, and we design our systems so that no future us could. Encryption is applied at the application layer: not just in transit.

Vaelara Eirys (video)

Encrypted video and device data sessions. Calls are established as direct peer-to-peer connections where the network allows it. Our relay infrastructure is used only when a direct connection can't be established, and relay traffic is encrypted: we do not decrypt it at the relay point.

Vaelara Rhun (off-grid messaging)

Messages are encrypted before they leave the device and can only be decrypted by the intended recipient. The mesh routing means messages may pass through intermediate devices to reach their destination: those intermediate devices cannot read the content.

Vaelara Skyglass (airspace monitoring)

Passive RF listening only. The system does not transmit. Detection logs are stored locally or within the customer's own infrastructure. No detection data is sent to Vaelara systems unless explicitly configured by the customer.

Our infrastructure

Our backend services run on infrastructure hosted within the EU and UK. We use Cloudflare Workers for edge functions, including our contact form handler. We apply the principle of least privilege throughout: services only have access to what they need to do their job.

Website security

This website is built to run with a restrictive Content Security Policy, no inline JavaScript, and additional browser protections including frame and referrer controls. Where our hosting platform supports it, we apply these controls as HTTP response headers. We do not load advertising or analytics scripts.

Responsible disclosure

If you discover a security vulnerability in any of our products or this website, please contact us at privacy@vaelara.com. We'll respond promptly and treat all reports in confidence.

Compliance

• ICO registered: ZB980653
• UK GDPR-aware data handling and privacy controls
• Data processing agreements available on request

Contact

For security or compliance questions, email privacy@vaelara.com or use our contact form.