This summary provides a plain-language overview of our privacy practices. Please read the full Notice, beginning at Section II, for complete details.
Who we are. Vela Digital Ltd. operates Vela, a dating application for people living with STDs and chronic health conditions. We are based in British Columbia, Canada.
What makes Vela different. Your Health Conditions are encrypted on your phone, meaning that no one can see your Health Conditions without your consent - not even us. We do not sell your data. Our revenue comes entirely from subscriptions, not advertising.
What we collect. We collect information you provide when creating and using your account (such as profile details, photos, and messages), Health Conditions you voluntarily enter (encrypted on your device so that we cannot read them), and limited technical information collected automatically when you use the Services.
How we use it. To operate the dating service, verify that users are real people, enable messaging between matches, moderate photos for safety, and improve the App. We do not use your Health Conditions for matching, advertising, or any secondary purpose.
Who we share it with. We share Personal Information with other users that you’ve matched with on the App (you may choose to share your Health Conditions with your matches) and only with service providers necessary to operate the platform. We do not share your Health Conditions with any third party.
Your rights. Depending on where you live, you have certain rights regarding your Personal Information, including the right to access, delete and modify your Personal Information.
How to reach us. For any privacy questions or to exercise your rights, contact privacy@veladate.app.
Vela Digital Ltd. (“Vela,” “we,” “our,” or “us”) respects your privacy and is committed to protecting it through our compliance with this Privacy Notice (“Notice”).
This Notice describes our practices for collecting, using, maintaining, protecting, and disclosing your Personal Information through https://veladate.app (our “Website”), our Vela mobile application (“App”), any related software and platforms (collectively with the Website and App, the “Services”). “Personal Information” (also referred to as “Personal Data” under certain jurisdictions) generally means information that identifies (whether directly or indirectly) a particular individual.
We built Vela for people who deserve privacy more than most. A core element of our mission is to protect your Personal Information and to be transparent about the data we collect, how it is used, and with whom it is shared.
Please read this Notice carefully. If you do not agree with our terms, please do not use our Services. By accessing or using the Services, you agree to this Notice. This Notice may change from time to time, and your continued use of the Services after we make changes constitutes acceptance of those changes. Please check the Effective date at the top of this Notice to ensure you are viewing the most current version.
The Services are strictly for users aged 18 and older. We do not knowingly collect Personal Information from anyone under 18. If you suspect that a Vela user is under the age of 18, please submit a report using the reporting feature available on our Services. Upon becoming aware that someone under the age of 18 has shared Personal Information with us, we will take appropriate steps to delete such information and terminate that individual’s registration, if applicable.
We collect several types of Personal Information from and about users of our Services, including Personal Information you provide directly when you register for an Account on our Services (“Account”).
We generally collect Personal Information, including all categories of Personal Information described in the tables below, to:
Additional purposes for specific categories of Personal Information are detailed in the tables below.
| Category of Personal Information | How / When Personal Information is Collected | Purpose |
|---|---|---|
| Account Information: email address; phone number (optional); display name; age. | You provide Account Information when creating your Account. | To create and manage your Account. To verify your phone number via one-time passcode (anti-bot, if provided). To communicate with you about the Services. To provide customer support. |
| Profile Information: profile photos; biography; relationship intent; gender identity; sexual orientation; city name and proximity radius (10, 25, 50, 100 miles, or anywhere); pronouns (optional). | You provide Profile Information during onboarding or when editing your profile settings. | To show your profile to potential matches, to match you with compatible people based on location, age, intent, and preferences. Only your general area is shown to other users. We do not track your location in real time. Your city name and selected radius are used only for distance-based matching. Specific photos you upload of yourself for AI avatar generation; photos are temporarily processed and deleted. Your profile photos are not used for avatar generation. |
| Health Condition(s): self-reported STD or chronic condition status (e.g., HSV-1, HSV-2, HPV, HIV+, Hepatitis B/C). | You provide Health Conditions during onboarding (optional) or through profile settings. We only collect Health Conditions with your explicit consent. See Section V for more information. | To enable encrypted health status sharing with individual matches with your consent. See Section V for more information. |
| Verification Photos: Selfies taken during Account creation. | Collected during onboarding; verification is required to create an Account. | To confirm you are a real person and prevent bots and fake profiles. Photos are analyzed by AI for liveness detection (only to confirm a live human is present — not for identification) and may also be assessed for indicators that the subject appears to be under 18, consistent with our Child Safety Standards. Photos are permanently deleted after verification. See Section VI for more information. |
| User Content: Any Personal Information you willingly choose to share in your profile or conversations with other users, including with our customer support team. This may include images, videos, text, or other types of content | You can interact with other users or with us through the messaging functionality through our App. | To enable messaging between matches. To monitor Photos and protect the Vela community. |
| Payment and Transaction Information: Full Name; Email Address; Billing Address; Banking Information (e.g., credit/debit card number); Transaction details | If you make a purchase on our App, your Payment Information is collected and processed by our payment processor. | To provide the Services requested by you. To provide customer support. |
Under applicable privacy laws, the following categories of Personal Information may be considered Sensitive Personal Information (“SPI”):
| SPI Category | How We Process and Safeguard SPI |
|---|---|
| Health information | Encrypted client-side (XSalsa20-Poly1305) before reaching our servers. Server stores only ciphertext. Never used for advertising, analytics, matching, or sharing with any third party. |
| Sexual orientation | Used only for matching preferences within the App. Never shared with third parties. Stored on our servers protected by Row-Level Security. |
| Verification Photos (face) | Permanently deleted immediately after successful verification. If manual review is required, retained for a maximum of 7 days then permanently deleted. Never sold, leased, or traded. |
| Location (city-level) | City name and selected distance radius, used for proximity matching only. Only your general area is shown to other users. Not used for advertising. Not shared with third parties. |
As you use our Services, we and our third-party service providers may automatically collect certain Personal Information. We may combine this information with other information we hold about you to generally improve and secure the Services.
| Category of Personal Information | How / When Collected | Purpose |
|---|---|---|
| Device Information: device model; operating system version; App version | Automatically collected when you use the App. | To provide and improve the Services. To diagnose technical issues. |
| Usage Information: Pseudonymized interaction data (screens viewed, features used) collected via our analytics provider. | Automatically collected during your use of the Services. | To analyze product usage, identify trends, and improve the Services. |
Additionally, we also collect the following data in anonymized form (meaning no individual can be identified from the following information):
| Category of Personal Information | How / When Collected | Purpose |
|---|---|---|
| Crash Reports: error logs collected via our error monitoring service. | Automatically collected when a technical error occurs. | To identify and fix bugs and improve stability. |
Our Services uses only strictly necessary cookies required for security and load balancing. We do not use any third-party cookies, advertising cookies, pixel tags, tracking pixels, or similar tracking technologies on our Services.
Vela cannot read your Health Conditions. Your Health Conditions are encrypted on your device before it ever reaches our servers. We store only encrypted ciphertext that is unintelligible without your personal device key. Your Health Conditions remain private once encrypted, unless and until you allow a match to see your Health Conditions.
Vela is not a healthcare provider. We do not diagnose, treat, or provide medical advice. Health Conditions on Vela are entirely self-reported and unverified by Vela.
When you enter your Health Conditions during onboarding or profile editing:
You may choose to share your Health Conditions with a specific match through the in-App sharing feature. This is entirely voluntary; you are never required to share your Health Conditions with anyone. When you share:
Important distinction: Sharing your Health Conditions with a match is also completely private. Your device uses the recipient's public key, combined with your own private key, to encrypt the conditions before anything leaves your phone. Only the recipient's device, using its own private key stored in its hardware-backed secure storage, can decrypt what you've shared. Our servers store the encrypted share but hold no key to read it. We cannot read voluntarily shared Health Conditions any more than we can read your stored ones.
Vela requires users to pass a facial verification scan (using your Verification Photos) during Account creation to prevent bots and fake profiles from accessing a platform where members share sensitive health information. This system performs an automated liveness detection and analysis: it confirms a real, live human is present at the device by assessing the likelihood of whether your Verification Photos are from a live human. As part of the same verification process, Verification Photos may also be assessed for indicators that the subject appears to be under 18, consistent with Vela's Child Safety Standards available at veladate.app/child-safety-standards. Accounts where the verification subject appears to be a minor are rejected and referred for manual administrative review. The system does not identify you, does not match you against any database, and does not generate any facial profile, faceprint, biometric template, or representation capable of identifying an individual. Your Verification Photos are analyzed and then immediately deleted.
Because our Services does not use Verification Photos to identify you and do not generate any identifier capable of doing so, we believe our collection and use of Verification Photos for these purposes does not generally constitute “biometric data” or “biometric identifiers” under applicable law. However, if such data is considered biometric data or biometric identifiers, we provide the following disclosures and controls:
Verification is performed by Vela’s internal system using an AI liveness detection service provided by Anthropic. The AI liveness detection confirms a live human is present and returns a pass/fail result. Anthropic does not share your Verification Photos with any other party. In the event of an unsuccessful verification, only authorized Vela staff conducting the manual review have access to your Verification Photos for that sole purpose. Your Verification Photos are never transmitted to any facial recognition database, biometric identification service, data broker, or advertising platform.
Vela does not sell, lease, trade, or otherwise profit from biometric data.
Vela uses AI technology in three limited ways:
We do not train AI models on your Personal Information. Your photos, messages, Health Conditions, and other Personal Information are used only to provide the Services to you - not to build, train, improve, or fine-tune any AI model, whether operated by Vela or any third party.
Our AI service providers do not train on your Personal Information either. Our agreements with AI service providers require them to process your Personal Information only for the specific purpose for which it is shared, and to use it for no other purpose, including AI training.
No AI makes decisions that affect your Account without human oversight. AI is used to flag potential policy violations, not to terminate or suspend Accounts. Any Account action taken based on a content moderation flag is reviewed by a human member of the Vela team before any action is taken.
AI is not used on your Health Conditions. Your Health Conditions are encrypted on your device before reaching our servers. No AI system, whether operated by Vela or any third party, ever has access to your health condition data in readable form.
This section describes legal basis we use for each particular purpose of processing, where such legal basis may be applicable under the applicable laws, such as the EU General Data Protection Regulation (“GDPR”). To process your Personal Information as described in this Notice we rely on the following legal basis:
We only share Personal Information with the limited third parties described below. When we disclose Personal Information, the recipient is required to keep that Personal Information confidential, secure and process the Personal Information only for the specific purpose for which they are engaged.
You share Personal Information with other Vela users when you voluntarily disclose information on the Services for others to see, such as your Account Information, Profile Information and User Content.
We share Personal Information with third-party service providers that perform services on our behalf. The categories of service providers we use, and the data shared with each, are set out in the table below. No service provider receives your Health Condition data in readable form.
| Category of Service Provider | Purpose | Data Shared |
|---|---|---|
| Cloud infrastructure provider | Database, authentication, file storage | Account data, profile data, encrypted Health Conditions (ciphertext only), photos, messages |
| AI liveness detection service | Face verification during Account creation. See Section VI for full details, including the identity of this provider as disclosed in the biometric consent screen. | Face photos (3 frames) during verification. |
| AI content moderation service | Detecting policy violations in photos | Photos submitted for moderation. |
| AI image generation service | AI avatar generation (premium opt-in feature only) | Photos you upload of yourself may be used to generate your AI avatar. Photos are not used for AI training. |
| Analytics provider | Product analytics | Anonymized usage events. |
| Error monitoring service | Error tracking and crash reporting | Anonymized crash reports and device information. |
| SMS delivery provider | Phone number verification (optional) | Phone number (one-time passcode only) |
| Email delivery provider | Transactional email (Account notifications, support) | Email address |
| Geolocation service | City/location autocomplete during onboarding | Search query text, IP address |
| Push notification services | Push notification delivery | Device push token |
| Payment processor | Subscription billing | Email address, payment method details |
We may sell, transfer, or otherwise share some or all of our assets, including your Personal Information, in connection with a merger, acquisition, reorganization or sale of assets (including, in each case, as part of the due-diligence process with any potential acquiring entity) or in the event of bankruptcy.
We may share Personal Information with government agencies as required by valid legal process (subpoenas, court orders, or warrants). We require valid legal process before disclosing any user data to law enforcement. We will notify affected users of law enforcement requests unless legally prohibited from doing so. We may also disclose information as necessary to protect the rights, property, or safety of Vela, our users, or the public, or to stop illegal or unethical activity.
Although we take precautions intended to help protect your information, no system or electronic data transmission is completely secure. Any transmission of your Personal Information is at your own risk. We expect that you will use appropriate security measures to protect your information and to maintain the security of your Account credentials.
We retain your Personal Information for the period necessary to fulfil the purposes outlined in this Notice, unless a longer retention period is required or permitted by law. The specific retention periods for each data type are set out below.
| Data Type | Retention Period |
|---|---|
| Profile Information (name, bio, preferences) | Duration of Account. Permanently deleted immediately upon Account deletion. |
| Health Conditions (encrypted ciphertext) | Duration of Account. Encryption key cleared on logout or Account deletion, rendering ciphertext permanently unreadable. |
| Profile photos | Duration of Account. Permanently deleted immediately upon Account deletion. |
| Verification Photos — successful verification (Vela-side) | Vela’s servers: Permanently deleted after successful verification. Manual review cases only: Retained for a maximum of 7 days, then permanently deleted. |
| Verification Photos – Service Provider | Retained by our AI service provider for up to 30 days for safety monitoring, then permanently deleted. |
| User Content; Chat messages | Duration of Account. Permanently deleted immediately upon Account deletion. |
| Health access grant records (metadata only — no readable Health Conditions) | Retained for 3 years from the date of last activity on the grant, or until Account deletion, whichever occurs first. |
| Analytics data | Anonymized. Retained per our analytics provider’s retention policy. |
| Crash reports | 90 days. |
| Moderation logs | Duration of Account. Deleted when your Account is deleted. |
You can delete your Account at any time from the Settings screen in the app. When you do:
Reports filed against your Account by other users may be retained for community safety purposes even after your Account is deleted. Account deletion is immediate and permanent. There is no recovery window.
Depending on where you are located, you may have the following rights regarding your Personal Information. To exercise any applicable right, contact privacy@veladate.app. We will respond within the time period required by applicable law in your jurisdiction and may ask you to verify your identity first.
You have the right to be informed and request copies of the Personal Information we process about you. Please see the Section IV within this Notice to see the full list of categories and sources of Personal Information we have collected and process.
Under certain circumstances, you may have the right to obtain your Personal Information in a structured, readily usable format.
You have the right to request correction of inaccurate or incomplete Personal Information. You can edit your profile information directly within the app at any time.
You have the right to request deletion of all or some of your Personal Information. You can delete your Account at any time from the Settings screen, which immediately and permanently deletes your data as described in Section XI.
You have the right to request that we limit our use and disclosure of your Sensitive Personal Information (health data, sexual orientation, biometric data, location) to what is necessary to provide the Services. Withdrawing consent for health data can be accomplished by removing your conditions from your profile settings or deleting your Account.
We do not sell your Personal Information. In the preceding 12 months, we have not sold any Personal Information and have not shared Personal Information for cross-context behavioral advertising.
We will not discriminate against you for exercising any privacy right.
Where we process Personal Information based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
You may have the right to object to processing based on legitimate interests and to request restriction of processing in certain circumstances.
You have the right to lodge a complaint with a relevant supervisory authority: Canadian residents may contact the Office of the Privacy Commissioner of Canada (PIPEDA) or the BC Information and Privacy Commissioner (BC PIPA). EEA residents may contact the relevant national data protection authority. U.S. state residents may contact their privacy protection agency, Attorney General, or other applicable regulator within their state.
Washington state residents have additional rights under the My Health My Data Act (MHMDA). A standalone Consumer Health Data Privacy Policy is available at veladate.app/health-data-privacy. Because health data is zero-knowledge encrypted and never shared with any third party, MHMDA deletion rights are fully satisfied by Account deletion with no third-party notification required.
Under the GDPR, Vela Digital Ltd. is a data controller. As a data controller, we process Personal Information (or personal data) in compliance with the GDPR and in accordance with this Notice. European residents may contact the Privacy Officer at privacy@veladate.app to exercise any applicable privacy rights described above or to address any questions or concerns regarding this Notice.
In addition to the legal rights described in Section XII, you have the following choices regarding your information:
Please be aware that if you do not allow us to collect certain Personal Information (for example, by declining face verification), we may not be able to provide some or all of the Services to you.
Vela Digital Ltd. Is incorporated in British Columbia, Canada. Our Services are hosted and offered in the United States of America (US). If you are accessing the Services from another country, please be advised that you may be transferring your personal information to us in the US, and you consent to that transfer, processing and storage of your personal information in accordance with this Privacy Notice.
Our Services may include links to third-party websites and services that are not operated by us. When you click these links, you will be directed away from our Services. A link to a third-party website or service does not mean that we endorse it, or the quality or accuracy of information presented on it. If you decide to visit a third-party website or service, you are subject to its privacy practices and policies, not ours. This Privacy Notice does not apply to any personal information that you provide to these other websites and services.
We may update this Privacy Notice at any time. When we do, we will post the updated Notice on this page and update the Effective Date. We will make reasonable efforts to notify you of material changes by posting the updated Terms on the Website and through in-App notification before they take effect. Your continued use of the Services after we make changes constitutes acceptance of those changes. If you do not accept the revised Terms, you must stop using the Services and delete your account.
For changes that would result in a materially new use of your Personal Information beyond the purposes described in this Notice, or that would materially reduce your privacy rights or expand how we share your Personal Information with third parties, we will obtain your affirmative consent before those changes apply to you.
If you have questions about this Notice, your data, or your rights, please contact us at: privacy@veladate.app