VeltoAI LogoVeltoAI

Privacy Policy

Last Updated: September 30, 2025

Introduction

VeltoAI ("we," "our," or "us"), a sole proprietorship, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the App.

We reserve the right to make changes to this Privacy Policy at any time. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. How We Share Your Information
  4. Third-Party Services
  5. Data Security
  6. Data Retention
  7. Your Privacy Rights
  8. Children's Privacy
  9. California Privacy Rights
  10. Quebec Privacy Rights
  11. European Data Protection Rights
  12. International Data Transfers
  13. Do Not Track
  14. Changes to This Privacy Policy
  15. Contact Us

1. Information We Collect

We collect information about you in various ways when you use our App. The information we collect falls into the following categories:

1.1 Information You Provide Directly

Account Information:

  • Full name (optional)
  • Email address (if you sign in with Google)
  • Google account information (if you use Google Sign-In)
  • Profile picture (optional)

Onboarding Information:

  • Age range
  • Business interests and passions
  • Biggest business challenges
  • Business experience level
  • Familiarity with business tools
  • Skills assessment
  • Budget range
  • Geographic location
  • Time commitment preferences
  • Goals and objectives

User-Generated Content:

  • Business ideas and descriptions
  • Custom tasks and notes
  • Goals (monthly and yearly)
  • Progress notes and updates
  • Comments and feedback
  • Any other content you create within the App

Payment Information:

  • Subscription plan selected
  • Payment is processed through Apple App Store or Google Play Store
  • We do NOT directly collect or store credit card information
  • RevenueCat processes payment information on our behalf

Communications:

  • Customer support inquiries
  • Feedback and survey responses
  • Email correspondence with us

1.2 Information Collected Automatically

Device Information:

  • Device type and model (e.g., iPhone 14, Samsung Galaxy S23)
  • Operating system and version (e.g., iOS 17, Android 14)
  • Unique device identifiers (e.g., IDFA, Android Advertising ID)
  • Device settings and preferences
  • Mobile carrier
  • Screen resolution and device orientation

Usage Information:

  • App features you use and how you use them
  • Time spent on different screens
  • Interaction with buttons, tasks, and content
  • Navigation paths through the App
  • Session duration and frequency
  • Task completion rates
  • Goal progress and achievements
  • Gamification metrics (XP, level, streak)

Location Information:

  • Approximate location based on IP address
  • Country, region, and city-level location
  • We do NOT collect precise GPS location
  • Location data from onboarding (user-provided, not GPS)

Technical Information:

  • IP address
  • Browser type (for web features)
  • App version
  • Crash reports and error logs
  • Performance metrics
  • Network connection type

Analytics and Tracking:

  • App opens and session starts
  • Feature usage statistics
  • User flow and navigation patterns
  • A/B testing participation
  • Heatmaps and click tracking

1.3 Information from Third-Party Sources

Google OAuth (if you sign in with Google):

  • Email address
  • Name
  • Profile picture
  • Google account ID
  • Account verification status

Social Media (if we add these features):

  • Social media profile information
  • Friends or connections list
  • Content you share publicly

Payment Processors:

  • Subscription status
  • Payment success/failure events
  • Subscription renewal dates
  • Refund information

1.4 Cookies and Similar Technologies

We use cookies and similar tracking technologies to track activity on our App and store certain information. Technologies we use include:

Cookies:

  • Small data files stored on your device
  • Used to remember your preferences and login status
  • Enable certain features and functionality

Local Storage:

  • Data stored locally on your device
  • Used for caching and offline functionality
  • Includes user preferences and temporary data

SDKs and Tracking Pixels:

  • Third-party software development kits
  • Used for analytics, crash reporting, and attribution
  • May collect device and usage information

You can instruct your device to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our App.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Improve Our Services

Core App Functionality:

  • Create and manage your account
  • Authenticate your identity
  • Process your subscription and payments
  • Provide customer support
  • Send service-related notifications

AI-Powered Features:

  • Generate personalized business ideas using Google Gemini API
  • Create daily task recommendations
  • Analyze your progress and provide insights
  • Suggest goals based on your profile and behavior
  • Optimize content recommendations

Gamification:

  • Track XP, levels, and achievements
  • Maintain streak tracking
  • Calculate progress and statistics
  • Generate performance insights

App Improvements:

  • Analyze usage patterns to improve features
  • Conduct A/B testing for new features
  • Identify and fix bugs and technical issues
  • Optimize app performance
  • Develop new features based on user needs

2.2 To Personalize Your Experience

  • Customize content and recommendations
  • Remember your preferences and settings
  • Adapt AI suggestions to your profile
  • Provide relevant task recommendations
  • Tailor notifications to your interests

2.3 To Communicate with You

Service Communications:

  • Send confirmation emails for account creation
  • Notify you of subscription changes
  • Send payment receipts and invoices
  • Alert you to terms or policy changes
  • Provide important service updates

Marketing Communications (with your consent):

  • Send promotional emails about new features
  • Notify you of special offers or discounts
  • Share tips and best practices
  • Conduct surveys and request feedback
  • Send newsletters (you can opt out anytime)

Push Notifications (with your permission):

  • Daily task reminders
  • Streak maintenance alerts
  • Achievement unlocks
  • Goal progress updates
  • App update notifications

2.4 For Security and Fraud Prevention

  • Detect and prevent fraudulent activity
  • Monitor for security vulnerabilities
  • Protect against spam and abuse
  • Enforce our Terms of Service
  • Verify your identity
  • Investigate suspicious activity

2.5 For Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal processes (subpoenas, court orders)
  • Enforce our legal rights and agreements
  • Protect our property and safety
  • Defend against legal claims

2.6 For Analytics and Research

  • Understand how users interact with the App
  • Analyze trends and usage patterns
  • Conduct research to improve AI models
  • Generate anonymized statistics
  • Create aggregated reports
  • Benchmark performance

Anonymized Data: We may anonymize your data and use it for:

  • Industry research and insights
  • AI model training and improvement
  • Statistical analysis and reporting
  • Public sharing of aggregated trends

Once data is anonymized, it is no longer considered personal information and may be used without restriction.

3. How We Share Your Information

We do not sell your personal information. However, we may share your information in the following circumstances:

3.1 With Your Consent

We may share your information with third parties when you explicitly consent, such as:

  • Sharing achievements on social media (if implemented)
  • Connecting with other services you authorize
  • Participating in referral programs

3.2 With Service Providers

We share information with third-party service providers who perform services on our behalf:

Supabase (Database and Authentication)

  • Stores user account data, tasks, goals, and app content
  • Provides authentication services
  • Handles data storage and retrieval
  • Privacy Policy: https://supabase.com/privacy

Google Gemini API (AI Services)

  • Processes your profile data to generate business ideas
  • Analyzes your goals and tasks to provide recommendations
  • Creates AI-powered content suggestions
  • Privacy Policy: https://policies.google.com/privacy

RevenueCat (Payment Processing)

  • Manages subscription status and billing
  • Processes payment transactions via App Store/Google Play
  • Handles subscription renewals and cancellations
  • Privacy Policy: https://www.revenuecat.com/privacy

Expo Push Notifications (Notification Delivery)

  • Delivers push notifications to your device
  • Manages notification preferences
  • Privacy Policy: https://expo.dev/privacy

Analytics Providers (if we implement):

  • Mixpanel, Firebase Analytics, or similar services
  • Analyze app usage and user behavior
  • Track feature adoption and engagement

Crash Reporting (if we implement):

  • Sentry, Firebase Crashlytics, or similar services
  • Monitor app stability and performance
  • Collect crash logs and error reports

3.3 For Legal Reasons

We may disclose your information if required or permitted by law:

  • To comply with legal obligations (subpoenas, court orders, warrants)
  • To respond to government requests
  • To enforce our Terms of Service
  • To protect our rights, property, or safety
  • To protect the rights, property, or safety of others
  • In connection with an investigation of fraud or illegal activity
  • To prevent harm or illegal activity

3.4 In Business Transfers

If we are involved in a merger, acquisition, financing, bankruptcy, or sale of assets:

  • Your information may be transferred to the new owner
  • We will notify you before your information is transferred
  • The new owner will be bound by this Privacy Policy
  • You will have the right to delete your data before transfer

3.5 Anonymized and Aggregated Data

We may share anonymized and aggregated information that does not identify you:

  • Industry statistics and benchmarks
  • User behavior trends
  • App performance metrics
  • Research and academic publications
  • Marketing materials

This data cannot be used to identify you personally.

4. Third-Party Services

4.1 Third-Party Service Providers

Our App integrates with the following third-party services, each with their own privacy practices:

Supabase

  • Purpose: Database, authentication, storage
  • Data Shared: Account data, user-generated content, app data
  • Privacy Policy: https://supabase.com/privacy
  • Location: United States

Google Gemini API

  • Purpose: AI-powered content generation
  • Data Shared: Profile information, business interests, goals, tasks
  • Privacy Policy: https://policies.google.com/privacy
  • Location: United States
  • Note: Google may use data to improve its AI services

RevenueCat

  • Purpose: Subscription management and payment processing
  • Data Shared: Subscription status, payment events, device identifiers
  • Privacy Policy: https://www.revenuecat.com/privacy
  • Location: United States

Apple App Store / Google Play Store

  • Purpose: App distribution and payment processing
  • Data Shared: Purchase information, subscription data
  • Apple Privacy: https://www.apple.com/legal/privacy/
  • Google Privacy: https://policies.google.com/privacy

4.2 Third-Party Links

Our App may contain links to third-party websites or services that are not operated by us. If you click on a third-party link, you will be directed to that third party's site.

We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

4.3 Social Media Features

If we implement social media features (sharing, connecting accounts):

  • These features may collect your IP address and usage information
  • They may set cookies to enable functionality
  • Your interactions are governed by the privacy policy of the social media company

5. Data Security

5.1 Security Measures

We implement appropriate technical and organizational security measures to protect your personal information, including:

Encryption:

  • Data in transit is encrypted using TLS/HTTPS
  • Sensitive data at rest is encrypted
  • Secure communication with third-party services
  • End-to-end encryption for sensitive operations

Access Controls:

  • Role-based access control for employees
  • Multi-factor authentication for administrative access
  • Limited access to personal data on a need-to-know basis
  • Regular access reviews and revocations

Database Security:

  • Row-level security policies in Supabase
  • SQL injection prevention
  • Regular security audits
  • Automated backups with encryption

Application Security:

  • Secure API key management
  • Input validation and sanitization
  • Protection against common vulnerabilities (XSS, CSRF)
  • Regular security testing and code reviews

Monitoring and Incident Response:

  • Real-time security monitoring
  • Intrusion detection systems
  • Incident response plan
  • Security breach notification procedures

5.2 Security Limitations

Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

You are responsible for:

  • Maintaining the confidentiality of your account credentials
  • Using a strong, unique password
  • Not sharing your account with others
  • Logging out after use on shared devices
  • Keeping your device and app updated
  • Reporting suspected security issues immediately

5.3 Data Breach Notification

In the event of a data breach that affects your personal information:

  • We will notify you within 72 hours of discovering the breach
  • We will notify relevant data protection authorities as required by law
  • We will provide information about the breach and steps to protect yourself
  • We will take immediate action to mitigate the breach

6. Data Retention

6.1 Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Active Accounts:

  • Account data: Retained while your account is active
  • User-generated content: Retained while your account is active
  • Usage data: Retained for up to 2 years
  • Analytics data: Anonymized after 90 days

Inactive Accounts:

  • Anonymous accounts: Deleted after 30 days of inactivity
  • Authenticated accounts: Deleted after 1 year of inactivity
  • We will send reminders before deletion

Deleted Accounts:

  • Most personal data deleted within 30 days
  • Some data retained for legal compliance (e.g., payment records for tax purposes)
  • Anonymized data may be retained indefinitely
  • Backup data deleted within 90 days

Legal Holds:

  • Data subject to legal proceedings or investigations retained until resolved
  • Data required by law retained for the legally mandated period

6.2 Data Deletion Exceptions

We may retain certain information even after account deletion:

  • Transaction records required for accounting and tax compliance
  • Communications necessary for legal defense
  • Anonymized data that cannot identify you
  • Data required by law enforcement or legal processes

7. Your Privacy Rights

7.1 Access and Portability

You have the right to:

  • Access: Request a copy of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Export: Download all your data from the App

To exercise these rights:

  • Use the "Export Data" feature in App Settings
  • Contact us at privacy@veltoai.com
  • We will respond within 30 days

7.2 Correction and Deletion

You have the right to:

  • Correct: Update inaccurate or incomplete personal data
  • Delete: Request deletion of your personal data

To exercise these rights:

  • Update your profile in App Settings
  • Use the "Delete Account" feature in App Settings
  • Contact us at privacy@veltoai.com

Deletion Consequences:

  • Your account will be permanently deleted
  • All user-generated content will be removed
  • Subscriptions will be canceled (no refund for unused time)
  • This action cannot be undone

7.3 Opt-Out Rights

You have the right to opt out of:

Marketing Communications:

  • Click "Unsubscribe" in any marketing email
  • Disable email notifications in App Settings
  • Email preferences@veltoai.com

Push Notifications:

  • Disable in App Settings
  • Disable in your device's system settings
  • You will still receive service-related notifications

Personalized Advertising:

  • Enable "Limit Ad Tracking" on iOS
  • Opt out of personalized ads on Android
  • Use the "Do Not Sell My Personal Information" link (California residents)

Analytics:

  • Some analytics can be disabled in App Settings
  • Device-level tracking can be limited in system settings

7.4 Object to Processing

You have the right to object to processing of your personal data when:

  • Processing is based on legitimate interests
  • Processing is for direct marketing purposes
  • Processing is for research or statistical purposes

To object, contact us at privacy@veltoai.com with the specific processing you object to.

7.5 Restrict Processing

You have the right to request restriction of processing when:

  • You contest the accuracy of personal data
  • Processing is unlawful but you don't want deletion
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification

7.6 Withdraw Consent

Where we process your data based on consent, you have the right to withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

To withdraw consent:

  • Use privacy settings in the App
  • Contact us at privacy@veltoai.com
  • Deletion of account automatically withdraws all consent

7.7 Automated Decision-Making

We use AI to generate business ideas and recommendations. You have the right to:

  • Understand how AI decisions are made
  • Object to AI-based processing
  • Request human review of AI decisions
  • Opt out of certain AI features

Our AI does not make decisions that have legal or similarly significant effects on you.

8. Children's Privacy

The App is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

If you are under 18:

  • You may not use the App
  • You may not create an account
  • You may not submit any personal information

If you are a parent or guardian:

  • If you believe your child has provided personal information to us, contact us immediately at privacy@veltoai.com
  • We will delete the information and terminate the account
  • We may require proof of parental relationship before processing requests

Verification:

  • We do not verify users' ages systematically
  • We rely on users to provide accurate age information
  • If we discover a user is under 18, we will immediately delete their account and data

9. California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

9.1 Information We Collect

Categories of personal information we collect:

  • Identifiers (name, email, device ID)
  • Commercial information (subscription history)
  • Internet activity (app usage, clicks)
  • Geolocation data (approximate location)
  • Inferences (business interests, preferences)
  • Professional information (business experience)

9.2 Your CCPA Rights

Right to Know:

  • What personal information we collect
  • Sources of personal information
  • Purposes for collecting personal information
  • Categories of third parties we share with

Right to Delete:

  • Request deletion of your personal information
  • Exceptions apply for legal obligations

Right to Opt-Out:

  • We do not sell personal information
  • If we did, you could opt out via "Do Not Sell My Personal Information"

Right to Non-Discrimination:

  • We will not discriminate against you for exercising CCPA rights
  • You will not receive different pricing or service quality

Right to Correction:

  • Request correction of inaccurate personal information

Right to Limit Use of Sensitive Personal Information:

  • We do not collect sensitive personal information as defined by CCPA

9.3 How to Exercise CCPA Rights

Note: While we are based in Quebec, Canada, we honor CCPA rights for California residents.

To exercise your CCPA rights:

  • Email: veltoais@gmail.com
  • Subject: "California Privacy Request"
  • Include: Your name, email, and specific request

We will:

  • Verify your identity before processing requests
  • Respond within 45 days (may extend by 45 days if needed)
  • Not charge a fee for requests (unless excessive or repetitive)
  • Not discriminate against you for exercising rights

9.4 Authorized Agent

You may designate an authorized agent to make requests on your behalf:

  • Provide written authorization signed by you
  • We may require you to verify your identity directly
  • We may require proof of the agent's authority

9.5 California's "Shine the Light" Law

Under California Civil Code Section 1798.83:

  • You can request information about personal information disclosed to third parties for marketing
  • We do not disclose personal information to third parties for their direct marketing purposes

10. Quebec Privacy Rights

If you are a Quebec resident, you have rights under Quebec's privacy laws (Law 25 and the Act respecting the protection of personal information in the private sector).

10.1 Your Quebec Privacy Rights

You have the right to:

  • Access: Request access to your personal information
  • Rectification: Request correction of inaccurate information
  • Withdrawal of Consent: Withdraw consent for processing at any time
  • Object: Object to processing of your personal information
  • Portability: Receive your data in portable format
  • Privacy Incidents: Be notified of privacy breaches that pose serious harm

To exercise these rights, contact us at veltoais@gmail.com with subject "Quebec Privacy Request".

11. European Data Protection Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR).

11.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance:

  • To provide the App and its features
  • To process your subscription
  • To provide customer support

Legitimate Interests:

  • To improve the App and develop new features
  • To detect and prevent fraud
  • To analyze usage patterns
  • To ensure security

Consent:

  • To send marketing communications
  • To use cookies and tracking technologies
  • To process data for specific purposes you've consented to

Legal Obligation:

  • To comply with laws and regulations
  • To respond to legal processes

11.2 Your GDPR Rights

Right of Access:

  • Obtain confirmation that we process your data
  • Receive a copy of your personal data
  • Learn about our processing activities

Right to Rectification:

  • Correct inaccurate personal data
  • Complete incomplete personal data

Right to Erasure ("Right to be Forgotten"):

  • Request deletion of your personal data when:
    • No longer necessary for the purpose collected
    • You withdraw consent
    • You object to processing
    • Processed unlawfully
    • Required by law

Right to Restriction:

  • Request restriction of processing when:
    • Accuracy is contested
    • Processing is unlawful
    • No longer needed but you need it for legal claims
    • You objected pending verification

Right to Data Portability:

  • Receive your data in machine-readable format
  • Transmit data to another controller

Right to Object:

  • Object to processing based on legitimate interests
  • Object to direct marketing (always honored)
  • Object to profiling

Right to Withdraw Consent:

  • Withdraw consent at any time
  • Does not affect prior processing Right to Lodge a Complaint:
  • File a complaint with your data protection authority
  • Contact information for EU supervisory authorities: https://edpb.europa.eu/about-edpb/board/members_en

11.3 Data Protection Contact

For GDPR inquiries, contact us at:

  • Email: veltoais@gmail.com
  • Subject: "GDPR Request"
  • Response Time: Within 30 days

11.4 Data Transfers

We transfer personal data from the EEA to Canada and the United States. Canada is recognized by the EU as providing adequate data protection. For transfers to the United States, we ensure adequate protection through:

  • Standard Contractual Clauses: With third-party service providers
  • Adequacy Decisions: Where applicable
  • Your Consent: With your explicit consent for specific transfers

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your country's laws.

Where We Store Data:

  • VeltoAI (Primary): Quebec, Canada
  • Supabase: United States
  • Google (Gemini API): United States and globally
  • RevenueCat: United States

Note: While we operate from Canada, some third-party services are US-based. Your data may be subject to US law enforcement access in accordance with applicable laws.

Safeguards for International Transfers:

  • Standard Contractual Clauses approved by regulatory authorities
  • Adequacy decisions by data protection authorities
  • Binding Corporate Rules
  • Your explicit consent

Your Rights Regarding International Transfers:

  • Request information about the safeguards we use
  • Object to transfers to specific countries
  • Request that we stop using specific third-party services

13. Do Not Track

Some web browsers and devices permit you to broadcast a preference that you not be "tracked" online. Currently, we do not take action in response to Do Not Track signals.

However, you can control tracking through:

  • Device-level privacy settings (Limit Ad Tracking on iOS, Opt Out of Personalized Ads on Android)
  • Cookie preferences in the App
  • Disabling analytics in App Settings

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Update the "Last Updated" date at the top
  • Notify you via email (if you provided one)
  • Notify you via in-app notification
  • For material changes, require your explicit consent

Material changes include:

  • New types of personal information collected
  • New purposes for processing
  • New third-party service providers
  • Changes to data retention periods
  • Changes to your rights

Your Options:

  • Review the updated Privacy Policy
  • Continue using the App (constitutes acceptance)
  • Delete your account if you disagree

Version History: Previous versions of this Privacy Policy are available upon request at veltoais@gmail.com (subject: "Privacy Policy History").

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

VeltoAI Sole Proprietorship (Quebec, Canada)

All Inquiries:

  • Email: veltoais@gmail.com
  • Response Time: Within 5 business days for general inquiries, 30 days for legal/privacy requests

Location: Quebec, Canada (Physical address available upon request for legal purposes)

Business Hours: Monday - Friday, 9:00 AM - 5:00 PM EST

For Specific Requests, Email veltoais@gmail.com with:

  • Privacy/Data Requests: Subject line "Privacy Request"
  • Data Access/Portability: Subject line "Data Access Request"
  • Data Deletion: Subject line "Delete My Data"
  • Marketing Opt-Out: Subject line "Unsubscribe"
  • CCPA Requests: Subject line "California Privacy Request"
  • GDPR Requests: Subject line "GDPR Request"
  • Security Issues: Subject line "URGENT: Security Issue"

By using the VeltoAI App, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

Last Updated: September 30, 2025 Version: 1.0