Data We Collect
VELO collects the minimum required to function. Nothing is sold. Nothing is used to profile you beyond the product itself. Below is the complete inventory.
Account Data
Email address, display name, and profile photo — obtained via Google Sign-In. Your Firebase UID (a unique identifier generated at registration). Stored in Firebase Authentication and Firestore until you delete your account.
Usage & Preferences
Subscription tier (Free / Pro / Master), Sparks balance, and personal settings (reading speed, AI provider, language). Stored locally on your device (Free/Pro) or synced to Firestore (Master). Retained until account deletion.
Reading History
Session records: document title, reading progress, WPM, duration. Stored locally on your device only. Auto-deleted after 7 days. Never transmitted to our servers.
API Key (Pro / BYOK)
Your personal API key, if you choose to use your own. Stored exclusively in encrypted local storage on your device (flutter_secure_storage). Never transmitted. Never accessible to VELO.
Content You Process
Text, images, and PDFs you submit for reading, scanning, or AI chat. Sent to Google Gemini for processing. Not stored by VELO at any point. Retained only for the duration of the active request.
Analytics Events
Action type, features accessed, AI model used, readings completed. Collected by Firebase Analytics only with your prior consent. Retained up to 14 months per Google's retention policy.
Advertising Identifiers
Google Advertising ID (GAID on Android / IDFA on iOS). Managed by Google AdMob. Used only in the Free tier and during Master overage to deliver ads. Requires your prior consent.
Legal Basis for Processing
Under GDPR Article 6, every data processing activity must have a declared legal basis. Here is ours.
Art. 6.1.b — Contract execution
Account data, content processing via AI
Required to provide the core service. No opt-out — disabling this means you cannot use VELO.
Art. 6.1.a — Consent
Firebase Analytics
Opt-in only. Activated after you give explicit consent in the onboarding flow. Revocable from Settings → Privacy.
Art. 6.1.a — Consent
AdMob advertising identifiers
Opt-in only via Google's User Messaging Platform. You can opt out from your device's ad settings at any time.
Art. 6.1.c — Legal obligation
Billing and transaction records
Managed by Google Play and App Store. VELO does not store payment data directly.
Third Parties
We do not sell your data. We share it only with the following processors — all bound by data processing agreements.
Data: Email, UID, profile, usage events, settings
Purpose: Authentication, cloud storage, analytics
Data: Text, images, and PDFs you submit for processing
Purpose: AI summaries, OCR, chat. Data is not used to train Google's models per our agreement.
Data: Device advertising ID (GAID/IDFA), in-app behavior
Purpose: Ad delivery — Free tier and Master overage only
Data: Text you process if you select OpenAI as your AI provider
Purpose: Alternative AI processing. Your key, your data.
Data: Text you process if you select Claude as your AI provider
Purpose: Alternative AI processing. Your key, your data.
Retention & International Transfers
Retention Periods
Account data (email, UID, tier, sparks)
Until account deletion
Reading history
7 days (local device only)
Content processed by AI
Session duration — not persisted
API key (Pro/BYOK)
Until app uninstall or user deletion
Analytics events
Up to 14 months (Google Analytics policy)
Ad identifiers
Per Google AdMob policy
International Data Transfers
All services listed above are operated by Google LLC, headquartered in the United States. Data may be transferred to and processed in the US. Google LLC transfers data under the Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of protection for EU residents.
Your Rights
Regardless of where you live, you have rights over your data. EU and Brazilian users have additional statutory rights under GDPR and LGPD respectively.
- visibility
Access (Art. 15) — Request a copy of all data we hold about you. See /data-export for the in-app export flow.
- edit
Rectification (Art. 16) — Correct inaccurate data in your profile. Email privacy@velo.software with the correction.
- delete_forever
Erasure (Art. 17) — Delete your account and all associated data. See /data-deletion for the full process.
- download
Portability (Art. 20) — Receive your data in JSON format. Use the in-app export or request via privacy@velo.software.
- block
Objection (Art. 21) — Opt out of analytics and advertising from Settings → Privacy at any time.
- undo
Withdraw Consent — Revoke analytics or ad consent at any time. Withdrawal does not affect prior processing.
- gavel
Lodge a Complaint — EU residents may contact their national supervisory authority if they believe their rights have been violated.
To exercise any right: email privacy@velo.software — Subject: [Right Name] Request. We respond within 30 calendar days.
Minors & Policy Updates
Minors Under 13
VELO is not directed at users under 13 years of age. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided personal data without verifiable parental consent, we will delete it immediately. If you are a parent or guardian and believe your child has used VELO, contact us at privacy@velo.software.
Policy Changes
Material changes to this policy will be communicated in-app with a notice before they take effect. Minor changes (formatting, typos, clarifications) may be made without notice. Continued use of VELO after the effective date constitutes acceptance of the updated policy.
Last updated: April 6, 2026 — Version 1.0
Privacy Contact
For any privacy request, data question, or to exercise your rights:
privacy@velo.softwareMaximum response time: 30 calendar days