Privacy

Privacy policy

Plain-English explanation of what we collect, why we collect it, what we never do with it, and how to exercise your rights under Australian law.

Last updated: 1 July 2026

Summary in plain English

Vela processes the minimum data needed to run the platform for you. Specifically: account details you give us when you sign up, content you create or upload to your workspace, and aggregated platform analytics that you choose to import.

We do not sell customer data. We do not train generative AI models on your content. We use third parties (Supabase, Vercel, Resend, Meta, Google) only to deliver the service to you — never to enrich other customers or external systems.

You can request a copy of your data, request deletion, or close your workspace at any time. Australian Privacy Principles apply, and we respond to requests within 30 days.

1. Information we collect

Account data. When you sign up we collect your name, email address, business name, and a hashed password. For paid plans we also collect billing details via our payments processor (we never see full card numbers).

Workspace data. Anything you create inside Vela — briefs, generated copy, uploaded images, scheduled posts, social account connections, brand-voice guidelines — is stored in your workspace under your account.

Connected platform data. If you connect Instagram, Facebook, or Google Ads, we receive the minimum OAuth tokens needed to publish content on your behalf and to read performance metrics. We do not request follower lists, friend lists, or messages.

Usage and log data. Like any web app, our servers log standard request metadata (IP, user agent, timestamps) for security and abuse prevention. We do not use third-party analytics that fingerprint individual users.

2. How we use your information

To deliver the core Vela service: account login, workspace management, content generation, scheduling, publishing, performance reporting.

To improve the product: aggregate, de-identified usage patterns tell us where workflows fall short. We never look at a named customer's workspace to debug a prompt without their permission.

To communicate with you: transactional emails (sign-up confirmation, payment receipts, post-publishing notifications) and product announcements. You can opt out of marketing emails at any time; transactional emails are required for the service to function.

3. AI training and your content

Vela does not train, fine-tune, or otherwise improve generative AI models on customer content. Your briefs, generated copy, and brand voice guidelines remain yours.

We use third-party generative AI providers (currently Google Gemini) to produce output on your behalf. These providers process your prompts under their own data-use terms — and we configure them to disable data-use-for-training wherever that control is available.

4. Data storage, hosting, and international transfers

Our application database runs on Supabase, hosted in AWSap-southeast-2(Sydney). Workspace assets — uploaded images, generated media — are stored in the same region.

Our application code runs on Vercel's global edge network. Edge requests are routed to the nearest region for performance, but no persistent customer data is stored at the edge.

Generative AI calls (Google Gemini) may be processed in the United States or another non-Australian region. We minimise what we send (no account passwords, no connection tokens) and rely on Google's enterprise data-use commitments.

5. Sharing and third parties

We share the minimum data necessary with a small set of subprocessors to operate the service:

  • · Supabase (database, auth, storage) — AWS Sydney region.
  • · Vercel (application hosting) — global edge.
  • · Resend (transactional email) — global, US-default.
  • · Google Gemini (AI generation) — global, configurable.
  • · Meta & Google (publisher platforms) — region configured by you.

We do not sell, rent, or trade customer data. We do not share data with advertising networks or data brokers. If a regulator or law enforcement body compels disclosure, we will notify affected customers unless legally prohibited from doing so.

6. Your rights under the Australian Privacy Principles

Under the Privacy Act 1988 (Cth) you have the right to:

  • · Request a copy of the personal information we hold about you.
  • · Request correction of inaccurate or out-of-date information.
  • · Request deletion of your account and workspace data.
  • · Opt out of direct marketing communications.
  • · Lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

We respond to all verified requests within 30 days. To exercise any of these rights, email privacy@vela-demo.io.

7. Cookies and local storage

Vela uses cookies and browser local storage for two narrow purposes: keeping you signed in, and remembering workspace preferences. We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies on the authenticated product.

On the marketing site (this page) we may use privacy-respecting analytics that do not identify individual visitors. You can opt out of any non-essential cookie by clearing it from your browser — the app will continue to function.

8. Data retention after account closure

When you close your account, your workspace data is scheduled for permanent deletion within 30 days. We retain minimal account records (name, email, transaction history) for seven years to satisfy tax and accounting obligations.

If you only need a break, you can deactivate your workspace without deleting it — your data stays in place and can be reactivated by signing in.

9. Changes to this policy

If we make a material change to this policy, we will email all active users at least 14 days before the change takes effect and show an in-product banner on first sign-in.

Non-material changes (clarifications, typo fixes, new subprocessors of the same kind) are logged in the in-product changelog without prior notice.

10. Contact us

For any privacy question, request, or complaint, email privacy@vela-demo.io. Our privacy contact will respond within five business days. If we're missing the mark, you can escalate to the OAIC at oaic.gov.au.

Privacy question or request?

We respond to all verified requests within 30 days, and usually much faster.

privacy@vela-demo.io