VeloPrivacy Policy

Privacy Policy

Last updated: 15 July 2026

This policy explains what personal data Velo ("we", "us") collects when you use velo.ninja and related apps, why we collect it, who we share it with, and the choices you have. It is written for real product use — including Google sign-in and Google Calendar — not only personalization features.

1. Who we are

Velo is a chat-first workspace for founders and small teams (boards, docs, decisions, hours, and an AI assistant). The service is available at https://velo.ninja and via our mobile apps.

Privacy questions: privacy@velo.ninja.

2. What this policy covers

It covers personal data processed when you:

  • Visit our marketing site or download the app
  • Sign in with Google and create or join an organization workspace
  • Use chat, boards, documents, decisions, hours, personas, reminders, or voice
  • Optionally connect Google Calendar
  • Invite teammates, manage billing, or use Settings privacy controls

A separate plain-language note about optional behavioral personalization lives at /privacy/personalization. That feature is off until you turn it on; this Privacy Policy still applies to everything else.

3. What we collect

Account & identity

  • Google account identifiers (such as Google user id), email, name, and profile photo you authorize via Google sign-in
  • Organization membership and role (owner / admin / member), invitations you send or accept
  • Preferences you set (language, theme, week start, notification settings, and similar)

Workspace content you create

  • Chat topics and messages (including tool actions and confirmation cards)
  • Boards, tasks, tags, assignees, time entries, decisions, clients, and documents (including uploaded files)
  • Personas, reminders, and other product content tied to your org or user

Workspace content may include personal data you choose to put there (client names, emails of invitees, meeting notes, etc.). You control what you enter.

Calendar (only if you connect it)

  • OAuth tokens that let Velo read and write your Google Calendar on your behalf
  • Event details needed to show your week and to create, update, or cancel events you confirm in Velo

We do not keep a full local mirror of your calendar as a separate product database; Google Calendar remains the source of truth. See Google account & Calendar.

Voice & audio features

  • If you use voice input or text-to-speech, audio or text is processed by our speech providers solely to provide that feature

Payments

  • If you buy credits or a subscription, our payment provider processes billing details. We receive payment status, plan/pack identifiers, and related customer/subscription ids — not your full card number

Technical & usage data

  • Approximate logs needed to operate the service (e.g. request method/path, error diagnostics). We avoid logging request bodies that may contain secrets or sensitive content
  • App version and similar client metadata where needed for support and release safety

What we do not do

  • We do not sell your personal data
  • We do not buy marketing lists about you to profile your workspace
  • We do not use Google user data for advertising

4. Google account & Calendar

Velo uses Google OAuth so you can sign in without a password we store. Sign-in uses limited identity scopes (typically OpenID, profile, and email) so we can create your session and show your account.

Google Calendar is separate. Connecting Calendar is optional and requested through an additional consent when you choose Connect Google Calendar (or grant calendar access on mobile). That grant uses Google’s calendar scope so Velo can read and write events on your primary calendar — for example to show your week, propose meetings, and create or update events only after you confirm in the product.

  • Calendar tokens are stored encrypted and tied to your Velo user
  • You can disconnect Calendar in the product; we then revoke/discard those tokens as far as Google and our systems allow
  • Deleting your Velo account removes stored Google integration tokens along with your other account data

Velo’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. How we use data

  • Provide the product — authenticate you, load your org workspace, sync live updates, run tools you invoke in chat
  • AI assistance — send relevant context you already stored or just typed to model providers so the assistant can answer and act
  • Calendar features — only with your Calendar grant, to display and manage events you request
  • Team features — invitations, roles, board permissions, shared org content
  • Billing — fulfill purchases, enforce plan limits, receipts/support
  • Security & reliability — prevent abuse, debug outages, ship fixes
  • Optional personalization — only if you opt in; see Personalization & your data
  • Communications — transactional email (invites, due-date reminders, account deletion confirmation, and similar)

6. AI processing

Chat and related features send prompts and retrieved workspace context to third-party AI providers (currently including Anthropic for assistant/document pipelines, and OpenAI for certain voice features) so we can return answers and run tools. That processing is necessary to operate Velo’s AI features.

  • We do not sell your workspace content
  • We do not use your workspace to train public foundation models for others
  • Provider processing is governed by our contracts with those providers and their applicable data-processing terms

7. When we share data

We share personal data only as needed to run Velo:

  • Google — authentication and, if connected, Calendar API access
  • Infrastructure — hosting and database providers that store or run the service (e.g. application hosting and Postgres)
  • Frontend hosting / delivery — e.g. Firebase Hosting for the web app
  • AI providers — Anthropic, OpenAI (as used for the features above)
  • Email — Resend for transactional mail
  • Payments — Lemon Squeezy (or the payment provider configured for your purchase) for checkout and subscription state
  • Org members — content and membership data you choose to share inside your organization, subject to board permissions
  • Legal / safety — if required by law or to protect users, the service, or others from serious harm

Service providers process data on our instructions to deliver their service, not to build their own marketing profiles from your Velo workspace.

8. Retention

  • Account & workspace data — kept while your account/org exists and you use the service
  • Personalization signals (if enabled) — underlying records are kept up to about 12 months, then purged; see the personalization page
  • Backups & logs — may persist for a limited operational period after deletion, then age out
  • Account deletion — you can request deletion in Settings (Danger zone). We email a one-time confirmation link; after you confirm, we delete account data as described in-product (including dissolving orgs you still own)

9. Security

  • Access to workspaces is authenticated and org-scoped; board visibility and roles further limit who sees what
  • Uploaded documents are encrypted at rest
  • Google Calendar OAuth tokens are stored encrypted
  • We use HTTPS for data in transit to our services

No method of transmission or storage is 100% secure. If you suspect unauthorized access, contact us immediately at privacy@velo.ninja.

10. Your rights & controls

Depending on where you live, you may have rights to access, correct, export, delete, or restrict certain processing. In Velo you can:

  • Disconnect Google Calendar in Calendar / Integrations settings
  • Export or delete personalization data and turn personalization on/off in Settings → Privacy
  • Delete your account via Settings → Danger zone (email confirmation required)
  • Leave or adjust org access with your org admin where applicable

To exercise a right we do not yet expose in-product, email privacy@velo.ninja. We may need to verify you control the account before acting.

11. International transfers

We may process and store data in countries other than where you live (including where our hosting and AI providers operate). Where required, we rely on appropriate safeguards offered by those providers (such as standard contractual clauses) and on the fact that transferring data is necessary to provide the service you requested.

12. Children

Velo is aimed at professionals and businesses. It is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child provided data, contact us and we will delete it.

13. Changes

We may update this policy as the product evolves. The “Last updated” date at the top will change. For material changes, we will provide a clearer notice in the product or by email when appropriate. Continued use after an update means you accept the revised policy for that onward use.

14. Contact

privacy@velo.ninja
Web: https://velo.ninja

Related: Personalization & your data · Terms of Service