Privacy Policy
Last updated: 12 July 2026
Vela ("Vela", "we", "us", "our") helps adults meet for dating and friendship through a voice‑first, AI‑assisted experience. We know the information you share with a dating service is personal, and often sensitive. This policy explains, in plain language, what we collect, why, who we share it with, how long we keep it, and the rights you have. By creating an account or using Vela, you agree to this policy.
Vela is available to adults in the countries where we offer the app. Wherever you live, we aim to give everyone the same strong baseline of protection, and we honour the data‑protection rights available to you under your local law — including, where they apply to you, the EU and UK GDPR, the California Consumer Privacy Act as amended (CCPA/CPRA) and other US state privacy laws, Canada's PIPEDA, Australia's Privacy Act, Brazil's LGPD, and comparable laws elsewhere.
1. Who we are and how to contact us
Vela is operated by Zephyrshop LLC, a Delaware limited liability company, which is the controller (or "business") responsible for your personal data. For any privacy question, to exercise your rights, or to reach our data protection contact, email hello@vela.dating. If you are in a region with a data‑protection authority, you also have the right to complain to it (see §11).
2. The information we collect
You give us:
- Account data — your email address, a hashed password, and authentication records. If you choose a third‑party sign‑in (such as Google or Apple), we receive basic authentication details from that provider. Includes any passkey or two‑factor settings you enable.
- Profile data — display name, age and date of birth, gender and who you're interested in, sexual orientation (optional), relationship intentions and style, your nationality flag, the location scope you choose (city, country, or worldwide), your bio and prompt answers, and the lane you pick (dating or friendship).
- Photos and videos you add to your profile or share in Moments and chats.
- Voice recordings — your short voice introduction and any voice messages you send. These are recordings of your voice and may constitute biometric or otherwise sensitive data. We also generate a text transcript of your voice introduction to power matching, translation, and accessibility.
- Calls — when you place a voice or video call with a match, the call is carried by our real‑time provider. We keep call metadata (such as who called whom, time, and duration) for safety and to run the feature; we do not record calls unless we clearly tell you and you consent.
- Identity verification and Trust — to confirm you are a real adult, our verification provider processes a government ID and a selfie/liveness check. We receive a pass/fail result and limited metadata; the provider handles the underlying documents and biometric analysis. Your Trust Score is calculated from signals such as verification, a voice intro, and profile completeness.
- Purchases and gifts — your subscription and purchase history, and — for physical gifts you choose to send — the recipient's delivery address and order details, handled by our gift‑fulfilment provider.
- Content you create — messages, openers, reactions, Moments, date plans, reflections, safety check‑ins, and gift activity.
We collect automatically:
- Usage and device data — interactions in the app, approximate/coarse location and IP address, device and other identifiers, and diagnostic and crash logs — used for safety, fraud prevention, reliability, and improving the product.
- Cookies and similar technologies on our website — see §10.
3. Sensitive / special category data and explicit consent
A dating service inevitably handles sensitive information — details that reveal your sexual orientation (or that can be inferred from your preferences) and your voice and face in recordings and verification, which may be treated as biometric data. Some optional answers may touch on health (for example, a no‑alcohol preference).
Where the law requires it, we process this data only with your explicit consent, which you give when you create your profile and choose to share these details. You can withdraw consent at any time by editing or removing the information, adjusting your settings, or deleting your account. Withdrawing consent doesn't affect processing already carried out, and some features may not work without the relevant data.
4. Our lawful bases (where GDPR‑style laws apply)
We rely on: contract (to provide the service you sign up for); consent and explicit consent (for sensitive data, certain communications, and non‑essential cookies); legitimate interests (to keep the community safe, prevent fraud and abuse, secure our systems, and improve Vela — balanced against your rights); and legal obligation (to meet legal, tax, and safety requirements). You can object to processing based on legitimate interests (see §11).
5. How we use your information
- Create your profile and run matching — your Daily Spark, the Discover and Swipe decks, and Moments.
- Power our AI features: a matchmaker that suggests compatible people and explains why; an optional in‑chat message coach; in‑chat translation; and automated screening of messages, photos, and behaviour for safety. These use the AI provider listed in §7.
- Enable messaging, voice notes, and voice/video calls between matched members.
- Verify identity, calculate Trust, and keep Vela real, calm, and safe — including a moderation queue, risk signals, blocking/reporting, safety check‑ins, and enforcement of our Terms and Community Guidelines.
- Process memberships, Boosts, AI credits, gifts, and any events/Salons.
- Send service notifications (new matches, messages, your Daily Spark) according to your settings, and — only where permitted or with your consent — occasional offers.
- Comply with law, respond to lawful requests, and protect Vela and our community.
6. Automated processing and AI
Matching, message and translation suggestions, and safety screening involve automated processing of your data, including by our third‑party AI provider (currently Anthropic). We do not use solely automated decision‑making that produces legal or similarly significant effects about you without a lawful basis and appropriate safeguards; safety actions that could limit or end your access are subject to human review, and you can ask us to review a decision (see §11). We instruct our AI provider to process your data only to provide these features and not to train its general models on your content, where such terms are available to us.
7. Who we share your information with
We do not sell your personal data. We share it with:
- Other members — your profile, photos, voice introduction, Moments, and the messages, calls, and gifts you choose to send are visible to people you match or interact with. Think before you share something you wouldn't want seen.
- Service providers (processors) acting on our instructions:
- Supabase — database, authentication, and file storage.
- RevenueCat, together with the Apple App Store and Google Play — to manage and process in‑app subscriptions, Boosts, and AI credits.
- Wix — to process and fulfil physical gift orders (including delivery details).
- Anthropic — AI matchmaking, coaching, translation, and safety screening.
- LiveKit — real‑time voice and video calls.
- Firebase Cloud Messaging (Google) — push notifications.
- Sentry — crash reporting and diagnostics.
- Vercel — website hosting and content delivery, plus our transactional email and identity‑verification providers.
- Sign‑in providers — if you sign in with Google or Apple, that provider authenticates you.
- Safety, legal, and protection — we may disclose information to comply with the law, respond to valid legal requests, enforce our Terms, or protect the rights, safety, and security of our members, the public, or Vela.
- Business transfers — if Vela is involved in a merger, acquisition, or sale of assets, your information may transfer as part of that transaction; we'll tell you if it becomes subject to a materially different policy.
8. International transfers
Vela is operated from the United States, and our providers may process data in the US and other countries. When we transfer personal data across borders — including out of the UK, EEA, or another region with transfer rules — we use an appropriate safeguard, such as the EU Standard Contractual Clauses, the UK International Data Transfer Agreement (IDTA) or Addendum, or reliance on an adequacy decision, and we carry out transfer risk assessments. Contact us for detail on the safeguards used.
9. How long we keep it
We keep your personal data while your account is active. When you delete your account, we delete or anonymise your personal data within 30 days, except where we must keep certain records longer — for example, transaction and tax records, and limited safety records of serious violations or banned accounts to protect the community and meet legal obligations. Voice recordings and verification results are kept only as long as needed for their purpose.
10. Cookies and similar technologies
On our website we use cookies and similar technologies that are strictly necessary to run the service (such as keeping you signed in and secure). Any non‑essential cookies — for example, optional analytics — are used only with your consent where the law requires it. You can manage non‑essential cookies through our cookie controls or your browser.
11. Your rights
Depending on where you live, you have rights over your personal data. These commonly include the right to: access a copy of your data; correct inaccurate data; delete your data; restrict or object to processing (including processing based on legitimate interests, and any direct marketing); data portability; and withdraw consent at any time.
- EU / EEA / UK: the full GDPR rights above. You can complain to your local supervisory authority (for example, the UK ICO at ico.org.uk or the Irish DPC at dataprotection.ie).
- California and other US states: you have the right to know, access, correct, delete, and limit use of your personal information, and to opt out of any "sale" or "sharing" — we do not sell or share your personal information for cross‑context behavioural advertising. We will not discriminate against you for exercising your rights.
- Canada, Australia, Brazil, and other regions: you have the access, correction, and deletion rights granted by your local law.
You can exercise most rights in‑app (edit your profile, adjust settings, or delete your account) or by emailing hello@vela.dating, and we'll respond within the time the law allows. You may use an authorised agent where the law permits.
12. Security
We protect your data with encryption in transit, hashed passwords, row‑level database security, access controls, and optional account protections such as passkeys and two‑factor authentication. Identity verification and mutual‑interest messaging are designed to reduce abuse. No service is perfectly secure, so please use a strong, unique password and keep your login safe.
13. Children
Vela is strictly for adults 18 and over. We do not knowingly collect data from anyone under 18. If we learn an account belongs to a minor, we remove it. If you believe a minor is using Vela, contact hello@vela.dating.
14. Changes to this policy
We may update this policy as Vela evolves or the law changes. If we make material changes, we'll let you know in the app or by email and update the date above. Continuing to use Vela after a change means you accept the updated policy.
15. Contact us
Questions, requests, or concerns: hello@vela.dating. We read every message and aim to help.