Privacy Policy
This policy explains what personal data Velo ("we", "us") collects when you use velo.ninja and related apps, why we collect it, who we share it with, and the choices you have. It is written for real product use — including Google sign-in and Google Calendar — not only personalization features.
1. Who we are
Velo is a chat-first workspace for founders and small teams (boards, docs, decisions, hours, and an AI assistant). The service is available at https://velo.ninja and via our mobile apps.
Privacy questions: privacy@velo.ninja.
2. What this policy covers
It covers personal data processed when you:
- Visit our marketing site or download the app
- Sign in with Google and create or join an organization workspace
- Use chat, boards, documents, decisions, hours, personas, reminders, or voice
- Optionally connect Google Calendar
- Invite teammates, manage billing, or use Settings privacy controls
A separate plain-language note about optional behavioral personalization lives at /privacy/personalization. That feature is off until you turn it on; this Privacy Policy still applies to everything else.
3. What we collect
Account & identity
- Google account identifiers (such as Google user id), email, name, and profile photo you authorize via Google sign-in
- Organization membership and role (owner / admin / member), invitations you send or accept
- Preferences you set (language, theme, week start, notification settings, and similar)
Workspace content you create
- Chat topics and messages (including tool actions and confirmation cards)
- Boards, tasks, tags, assignees, time entries, decisions, clients, and documents (including uploaded files)
- Personas, reminders, and other product content tied to your org or user
Workspace content may include personal data you choose to put there (client names, emails of invitees, meeting notes, etc.). You control what you enter.
Calendar (only if you connect it)
- OAuth tokens that let Velo read and write your Google Calendar on your behalf
- Event details needed to show your week and to create, update, or cancel events you confirm in Velo
We do not keep a full local mirror of your calendar as a separate product database; Google Calendar remains the source of truth. See Google account & Calendar.
Voice & audio features
- If you use voice input or text-to-speech, audio or text is processed by our speech providers solely to provide that feature
Payments
- If you buy credits or a subscription, our payment provider processes billing details. We receive payment status, plan/pack identifiers, and related customer/subscription ids — not your full card number
Technical & usage data
- Approximate logs needed to operate the service (e.g. request method/path, error diagnostics). We avoid logging request bodies that may contain secrets or sensitive content
- App version and similar client metadata where needed for support and release safety
What we do not do
- We do not sell your personal data
- We do not buy marketing lists about you to profile your workspace
- We do not use Google user data for advertising
4. Google account & Calendar
Velo uses Google OAuth so you can sign in without a password we store. Sign-in uses limited identity scopes (typically OpenID, profile, and email) so we can create your session and show your account.
Google Calendar is separate. Connecting Calendar is optional and requested through an additional consent when you choose Connect Google Calendar (or grant calendar access on mobile). That grant uses Google’s calendar scope so Velo can read and write events on your primary calendar — for example to show your week, propose meetings, and create or update events only after you confirm in the product.
- Calendar tokens are stored encrypted and tied to your Velo user
- You can disconnect Calendar in the product; we then revoke/discard those tokens as far as Google and our systems allow
- Deleting your Velo account removes stored Google integration tokens along with your other account data
Velo’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
5. How we use data
- Provide the product — authenticate you, load your org workspace, sync live updates, run tools you invoke in chat
- AI assistance — send relevant context you already stored or just typed to model providers so the assistant can answer and act
- Calendar features — only with your Calendar grant, to display and manage events you request
- Team features — invitations, roles, board permissions, shared org content
- Billing — fulfill purchases, enforce plan limits, receipts/support
- Security & reliability — prevent abuse, debug outages, ship fixes
- Optional personalization — only if you opt in; see Personalization & your data
- Communications — transactional email (invites, due-date reminders, account deletion confirmation, and similar)
6. AI processing
Chat and related features send prompts and retrieved workspace context to third-party AI providers (currently including Anthropic for assistant/document pipelines, and OpenAI for certain voice features) so we can return answers and run tools. That processing is necessary to operate Velo’s AI features.
- We do not sell your workspace content
- We do not use your workspace to train public foundation models for others
- Provider processing is governed by our contracts with those providers and their applicable data-processing terms
8. Retention
- Account & workspace data — kept while your account/org exists and you use the service
- Personalization signals (if enabled) — underlying records are kept up to about 12 months, then purged; see the personalization page
- Backups & logs — may persist for a limited operational period after deletion, then age out
- Account deletion — you can request deletion in Settings (Danger zone). We email a one-time confirmation link; after you confirm, we delete account data as described in-product (including dissolving orgs you still own)
9. Security
- Access to workspaces is authenticated and org-scoped; board visibility and roles further limit who sees what
- Uploaded documents are encrypted at rest
- Google Calendar OAuth tokens are stored encrypted
- We use HTTPS for data in transit to our services
No method of transmission or storage is 100% secure. If you suspect unauthorized access, contact us immediately at privacy@velo.ninja.
10. Your rights & controls
Depending on where you live, you may have rights to access, correct, export, delete, or restrict certain processing. In Velo you can:
- Disconnect Google Calendar in Calendar / Integrations settings
- Export or delete personalization data and turn personalization on/off in Settings → Privacy
- Delete your account via Settings → Danger zone (email confirmation required)
- Leave or adjust org access with your org admin where applicable
To exercise a right we do not yet expose in-product, email privacy@velo.ninja. We may need to verify you control the account before acting.
11. International transfers
We may process and store data in countries other than where you live (including where our hosting and AI providers operate). Where required, we rely on appropriate safeguards offered by those providers (such as standard contractual clauses) and on the fact that transferring data is necessary to provide the service you requested.
12. Children
Velo is aimed at professionals and businesses. It is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child provided data, contact us and we will delete it.
13. Changes
We may update this policy as the product evolves. The “Last updated” date at the top will change. For material changes, we will provide a clearer notice in the product or by email when appropriate. Continued use after an update means you accept the revised policy for that onward use.
14. Contact
privacy@velo.ninja
Web: https://velo.ninja
Related: Personalization & your data · Terms of Service