We collect only what helps the platform work well for you:
- Account information — name, email, profile photo, and authentication identifiers.
- Provider details — services offered, bio, availability, and (for providers) payout information.
- Booking & rewards activity — sessions booked, attendance, streaks, and points earned.
- Payment metadata — Stripe transaction IDs and last-four card digits. We never store full card numbers.
- Communications — messages exchanged through the platform and support requests.
- Device & usage data — IP address, browser, device type, and pages visited.
- To deliver the core platform — bookings, payments, notifications, and rewards.
- To keep accounts secure and prevent fraud or abuse.
- To send transactional notifications (booking confirmations, reminders, payout updates).
- To improve the product through aggregated, de-identified analytics.
- To comply with legal obligations such as tax reporting and lawful requests.
Payments are processed by Stripe, a PCI-DSS compliant payment provider. Stripe receives card details directly — Veyla servers never see or store them. See Stripe’s privacy policy for details.
Sign-in is handled through our managed authentication system. Passwords are stored as one-way salted hashes. If you sign in with Apple or Google, we receive a stable identifier and your email — never your social account password.
We send email and in-app notifications for account, booking, payment, and rewards events. You can adjust most notification preferences from your account settings. Transactional messages required to deliver the service cannot be disabled.
We use first-party analytics to understand which features are useful and where the experience can be calmer. Analytics are aggregated and do not sell or share personal data with advertising networks.
Cookies and local storage keep you signed in and remember preferences. You can clear them at any time through your browser.
We share data only with:
- The provider you book with, so they can deliver the session (name, contact, booking notes).
- Service providers we rely on to operate Veyla — hosting, payments (Stripe), email delivery, analytics.
- Authorities when required by valid legal process.
- A successor entity in the event of a merger, acquisition, or sale of assets, with notice to you.
We do not sell personal data.
We keep data for as long as your account is active, plus a limited period afterwards for legal, tax, and dispute resolution reasons. Backups are rotated on a regular cadence and securely deleted.
Wherever you live, you can ask us to:
- Access the personal data we hold about you.
- Correct inaccurate information.
- Export your data in a portable format.
- Delete your account and associated personal data.
- Object to or restrict certain processing.
- Withdraw consent for optional notifications.
To exercise any of these, email privacy@veyla.app. We respond within 30 days.
You can request deletion from your account settings or by emailing privacy@veyla.app. Once verified, we delete personal data within 30 days, except where retention is required by law (for example, transaction records for tax).
We use encryption in transit (TLS) and at rest, principle of least privilege for staff access, and row-level security on our database to keep your data scoped to you. No system is perfectly secure, but we work hard to keep yours safe.
If we make material changes, we’ll notify you by email or in-app at least 14 days before they take effect.
We’re here to help, gently.
If anything in this policy is unclear, reach out and a real person will respond. We believe transparency is part of the rhythm.