Our Privacy Policy

1. Interpretation and Definitions

The words of which the initial letter is capitalized have meanings defined under the following conditions.

• Account means a unique account created for You to access our Service.
• Application refers to Velo (velotype.app), our macOS software program.
• CCPA / CPRA / GDPR refer to the respective Californian and European data protection regulations.
• Service refers to the Application or the Website (velotype.app) or both.

2. Data Collection and Usage

Personal Data & Account Information

When you register or log in to Velo (velotype.app), we utilize email and password authentication managed by our identity provider, Supabase. Supabase securely handles the issuance of JSON Web Tokens (JWT) to establish a secure session on your device. Your password is never stored in plain text and is protected using industry-standard hashing.

Payment Processing

We utilize Lemon Squeezy as our Merchant of Record. Velo (velotype.app) does NOT collect, process, or store your raw credit card data. All billing information is handled securely by Lemon Squeezy, which issues webhooks to our servers strictly to update your subscription status for premium application features.

Website Operations & Security

We utilize Cloudflare Turnstile on our web properties to prevent malicious bot activity and spam. Your interactions with our web forms may be evaluated by Cloudflare's privacy-first algorithms.

3. How the macOS Application Handles Your Data

The Velo (velotype.app) macOS Application operates with strict, natively built privacy parameters:

• Local Audio Processing (WhisperKit): When using our offline models, your audio is processed directly on your Apple Silicon hardware via AVFoundation and WhisperKit. Absolutely no audio data leaves your machine.
• Cloud Audio Processing: If you select a cloud provider (such as OpenAI, Groq, Anthropic, Google, DeepSeek, GLM, Grok, Kimi, Qwen, or OpenRouter), audio buffers are temporarily transmitted to their respective servers exclusively for transcription. We actively force API parameters to prevent third-party AI hallucination and do not store these audio logs on our own backend.
• Bring Your Own Key (BYOK): When utilizing Bring Your Own Key (BYOK), your API keys are securely encrypted and stored locally within the native macOS Keychain. They are never transmitted to our backend servers.
• Accessibility & Screen Injection: Velo (velotype.app) utilizes macOS Accessibility APIs (like `CGEvent`) and `NSPasteboard` to type text into your active windows. Velo (velotype.app) does not read, harvest, or transmit the background content of the applications you are typing into. You maintain absolute privacy over your local workspace.

4. Data Sharing and Cookies

We do not sell your personal data. Our use of Cookies and similar tracking technologies is strictly necessary to authenticate users via Supabase and prevent fraudulent use of accounts via Cloudflare Turnstile. We prioritize your privacy and do not use aggressive third-party trackers.

We share Your personal information with our strictly necessary Service Providers (Google, Supabase, Lemon Squeezy, Cloudflare) solely to provide the core functionalities of our Service: secure authentication, payment processing, infrastructure security, and operational communications.

5. Your Privacy Rights (GDPR & CCPA)

You have the right to request access to, correction of, or deletion of the Personal Data that We have collected about You. Depending on your jurisdiction (such as California or the European Economic Area), you benefit from specific legal protections regarding the portability and erasure of your data.

Instant Account Deletion: You have the option to delete your account directly through your account settings. Utilizing this feature will immediately and permanently erase your personal data, profile, and associated settings from our systems.

You may also exercise Your rights by contacting our support team at [email protected] to request manual profile eradication. We will respond to your manual data access or deletion requests within 30 days maximum.

6. Disclosure & Security

The security of Your Personal Data is our highest priority. We utilize strict Row-Level Security (RLS) policies within our database to isolate user data. However, remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. Under certain circumstances, Velo (velotype.app) may also be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities.