Privacy Policy

Last updated: 27 April 2026

Vela is an iOS app that generates bespoke audio stories where you experience your dream life as if it's already happening. The stories are written for the specific dreams, people, and goals you share during onboarding. This policy explains what data we collect, what stays on your device, what is sent to third-party services to generate your stories, and the choices you have. We do not sell or rent your data.

The short version. Almost everything stays on your device — your reflections, your memory wall photos, your saved affirmations and favourite stories. When you ask Vela to write a story or anchor, a tailored snapshot of your profile (no name, no Apple ID) is sent to our backend, which uses Anthropic and ElevenLabs to write and narrate it. Once your device has downloaded the result, the backend deletes its copy within minutes — narrative text is never retained on our servers past delivery. We use Anthropic's and ElevenLabs' commercial APIs, whose published terms (linked in section 4) describe how each handles the inputs and outputs they receive; those terms are governed by the respective providers and may change over time, so check the linked pages for the most current statements. Anonymous analytics run only in App Store builds. Uninstalling the app deletes everything we hold for you locally.

1. Who we are

Vela is operated by the developer of the Vela iOS app (the data controller). In this policy, "we", "us", and "Vela" refer to us, and "you" refers to the person using the app. Once Vela's operating entity is incorporated, the legal name and registered address of the controller will be listed here.

You can contact us at [email protected] for any questions about this policy, to request your data, or to exercise any of the rights described below.

2. What we collect

Stored on your device only

The following information is stored locally on your iPhone and is not transmitted to us in a way that identifies you:

Your personalisation profile, captured during onboarding and editable any time from the Profile tab. Includes things like your first name, city, age, profession, relationship status, top life domains, the dream you are calling in, why it matters to you, your dream city and home, your hobbies, and the names (and optional relationship labels — e.g. "brother", "best friend") of important people in your life.
Your spiritual orientation, also captured in onboarding: which tradition (if any) you identify with, which spiritual "vibes" resonate with you, and how strongly you want that orientation to colour your stories. Skippable; editable any time in Profile. Under UK and EU data protection law this counts as special-category data (information revealing religious or philosophical beliefs); see section 7 for the lawful basis we rely on.
Sensitive optional fields you may choose to share, such as a description of yourself, something you have been through, or something you are struggling with. These are optional and skippable, and you can clear them in Profile at any time. Some of what you write here may also amount to special-category data (for example, references to health, mental health, or sexuality); we treat all of this content as special-category and rely on your explicit consent to process it (see section 7).
Your anchor: the persistent dream-life narrative Vela writes for you, played and refined over time. Stored locally with the rendered audio.
Your story library: stories you have played recently and stories you have saved as favourites, including their full narrative text and rendered audio.
Your verticals: the categories you organise your stories under (e.g. Career Success, Healing Relationships) and the menu of preview cards inside each.
Your affirmation deck: bespoke affirmations and which ones you have favourited or dismissed.
Your gratitude entries: the free-text reflections you write on the Gratitude tab.
Your manifestation memory wall: photos you add of things you have called in that arrived, with optional captions. Photos are stored in the app's local Documents folder and are included in your iPhone's standard backup.
Your "never include" list: words, names, and topics you have asked Vela to keep out of your stories.
App state: onboarding completion, subscription status cache, theme choice, voice choice, any preferences you set in Settings.

This data is stored in your device's user defaults and app sandbox. It is not synced to a cloud service controlled by us. Uninstalling the app deletes it.

Sent to our backend to generate a story, anchor, or affirmations

When you ask Vela to write a story (Today's Moment, a vertical card, or a Custom prompt), generate or refresh your anchor, or refresh your affirmation deck, the app sends the following to our Cloudflare Worker backend, which forwards it to AI models to produce the result:

A profile snapshot drawn from the fields above — what's relevant to writing one specific story or anchor (your dream, your dream setting, your spiritual orientation, your hobbies, your "never include" list, etc.). If you have filled in any of the special-category fields described above (spiritual orientation, sensitive optional fields), and they are relevant to the story you have asked for, that content forms part of the snapshot and is sent to Anthropic and ElevenLabs to generate the result. Free-text fields are sanitised before they are sent.
The request itself — which vertical, which preview title you tapped, what Custom prompt you typed, or (for an anchor refresh) any free-text refinements you have added.
Your selected voice ID — chosen from the fixed set of ElevenLabs voices we offer in the app.
A Sign in with Apple identity token — a short-lived token Apple issues when you sign in. Our backend verifies it cryptographically against Apple's public keys to confirm you are a signed-in user. We do not receive or store your name, email, or Apple ID.
For audio re-renders only (when your local audio cache has been evicted and you want to replay a story or anchor): the previously-generated narrative text is sent back inline, because our backend no longer keeps a copy after delivery. Your device is the canonical source.

We do not attach your name, email address, IP address (beyond standard request logging), or any persistent personal identifier to the generation payload itself. Per-user rate limiting uses the verified Sign in with Apple identifier rather than a separate device identifier.

Anonymous usage analytics

In production builds of the app downloaded from the App Store, Vela captures anonymous events through PostHog to understand how the product is used and where to improve it. Examples of events captured:

Which screen you are viewing
Whether you completed onboarding and which life domains you picked
When you start, complete, or abandon a story
When the paywall is shown, dismissed, or results in a purchase
When you sign in with Apple

These events are not linked to your name, email, or Apple ID. Development and TestFlight builds do not send analytics events at all — analytics is fully disabled in those builds.

Subscription and purchase data

Subscription status is managed by RevenueCat on top of Apple's in-app purchase system. RevenueCat receives an anonymous RevenueCat-generated user identifier and Apple's purchase receipt data. It does not see your name, email, payment method, or Apple ID. Apple handles the actual payment; we never see your payment details.

3. How we use your data

To write and narrate your story. Your profile snapshot and the story request are used by Anthropic's Claude to write the narrative, then by ElevenLabs to render it as audio in your chosen voice.
To produce your affirmation deck. The same profile snapshot is used to generate batches of bespoke affirmations.
To enforce fair use. The anonymous device identifier is used for per-user rate limiting against burst abuse.
To keep the product working. Cloudflare's edge network serves our backend; standard request logs exist for reliability and abuse prevention.
To improve the app. Anonymous analytics help us understand which features are used and where users drop off. We use this to fix bugs, improve onboarding, and prioritise development.

4. Who we share data with

Vela uses the following third-party processors to operate. Each is contractually limited to processing your data solely for the purposes described below:

Anthropic (story, anchor, and affirmation generation). Your profile snapshot and the generation request are sent to Anthropic's Claude API via our Cloudflare Worker backend. Anthropic's handling of API inputs and outputs — including their position on training, retention, and abuse monitoring — is governed by their own published policies, which we link below. Those policies are maintained by Anthropic and may change; please check the linked pages for the most current terms. See Anthropic's privacy policy and commercial terms.
ElevenLabs (text-to-speech). The narrative text is sent to ElevenLabs to render as audio in your chosen voice. ElevenLabs' handling of API inputs and outputs — including training, retention, and abuse monitoring — is governed by their own published policies. Those policies are maintained by ElevenLabs and may change; please check the linked page for the most current terms. See ElevenLabs' privacy policy.
Cloudflare (backend hosting). Our backend runs on Cloudflare Workers, and your audio is briefly cached on Cloudflare KV while it is delivered to your device. See Cloudflare's privacy policy.
Apple (Sign in with Apple, payments, app delivery). Apple verifies your identity for sign-in and handles all in-app purchase transactions. See Apple's privacy policy.
RevenueCat (subscription management). See RevenueCat's privacy policy.
PostHog (analytics, App Store builds only). See PostHog's privacy policy.

We do not sell or rent your data to anyone. We do not share your data with advertisers or use it for advertising purposes. We do not combine Vela data with data from any other source to build profiles about you.

5. How long we keep data

Our backend operates as a delivery buffer rather than a content store. Once your device has downloaded the result, our copies are deleted on a short timer. Specifically:

On-device data (profile, anchor, story library, affirmations, gratitude entries, memory wall photos): stored locally until you uninstall the app or clear it from Profile.
Generation requests sent to upstream providers: Anthropic and ElevenLabs each maintain their own retention windows for the API requests they receive. We do not control those windows. Please refer to the upstream policies linked in section 4 for current retention statements.
Rendered story audio: cached on our Cloudflare backend for up to 30 minutes while your device downloads it, then automatically deleted.
Rendered anchor audio: cached on our Cloudflare backend for up to 2 hours, then automatically deleted.
Narrative text (story or anchor): not retained on our backend after delivery. Once your device has the text, our copy is gone. If you later need to re-render the audio, your device sends the text back to us inline.
Story prompt preview lists: not retained on our backend. The list is generated on demand and held only on your device.
Job status records (used to coordinate the async generation pipeline): retained for up to 30 minutes (story) or 2 hours (anchor) past completion, then automatically deleted.
Idempotency tokens (used to prevent double-charging on a network retry): retained for up to one hour.
Analytics events: retained by PostHog according to our PostHog plan's retention window.
Subscription records: retained by RevenueCat for as long as your subscription is active plus an additional period for tax and accounting purposes.

6. Your rights

Depending on where you live, you may have some or all of the following rights:

Access a copy of the data we hold about you.
Correct data that is inaccurate.
Delete your data. Most data lives on your device — uninstalling the app removes it entirely. Data held by processors can be deleted on request.
Object to processing based on legitimate interest (this includes our analytics).
Withdraw consent for anything you previously consented to.
Complain to a data protection authority if you are in the EU or UK.

To exercise any of these rights, email [email protected]. If you want us to delete data held by our processors (for example, to have your anonymous story requests removed from Anthropic's or ElevenLabs' retention windows), include enough context (approximate dates, device type) that we can identify which records to remove.

Deleting your account from inside the app

Settings → Account → Delete account triggers a server-side wipe in addition to clearing your local data. We delete idempotency tokens we hold for you immediately. We retain daily usage counters (which contain only the opaque Sign in with Apple identifier and a per-day request count, no other data) for up to 25 hours after deletion before they auto-expire — this is the minimum needed to prevent a delete-and-re-sign-in cycle from being used to bypass per-user rate limits. We rely on legitimate interest (cost control and abuse prevention) as the lawful basis for this short retention window. Uninstalling the app additionally removes everything held on your device.

7. Lawful basis (for users in the UK, EU, and similar jurisdictions)

Where GDPR or a similar law applies, we process your data on the following lawful bases:

Contract: to deliver the core story-generation feature you requested when you tap a story or refresh your affirmations.
Legitimate interest: to run anonymous analytics (PostHog) in order to measure feature usage, improve the product, and diagnose issues; and to enforce per-user rate limits and short post-deletion retention of usage counters for cost control and abuse prevention. You can object to this processing by contacting us.
Explicit consent (Article 9): where you choose to fill in spiritual orientation or any of the sensitive optional fields described in section 2, you are giving explicit consent for that content to form part of the profile snapshot used to generate your stories. You can withdraw this consent at any time by clearing those fields in Profile, which prevents them from being included in future requests.
Legal obligation: to respond to valid legal requests where we are required to.

If you prefer not to participate in analytics at all, contact us to request an opt-out.

8. Children

Vela is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe a child has used the app, contact us and we will take appropriate steps, including deletion of any applicable data.

9. Security

Communication between the app and our backend is encrypted over HTTPS/TLS. Data cached on our backend is held on Cloudflare's infrastructure and expires automatically. The Sign in with Apple identity token is verified cryptographically against Apple's public keys on every request. No internet-connected system is perfectly secure; we do our best to protect your data.

Notifying you of a data incident

Because we deliberately do not collect email addresses or other direct contact information (see section 2), we cannot send you a personal message if a data incident occurs. If we become aware of an incident that affects you, we will notify you through:

An in-app banner shown the next time you open Vela. The banner appears at the top of the Home screen and explains the incident in plain language. You can dismiss the banner once you have read it.
A persistent record in Settings → Notices inside the app. Even after you dismiss the banner, the full text of every active notice remains available there for as long as the notice is published — typically 30 to 60 days for an incident — so you can re-read it any time.
A prominent notice published on this website, which serves as the permanent public record. The in-app notices link to this page when more detail is needed.

Where the law requires us to notify a supervisory authority (for example, under GDPR Article 33, which requires notification of qualifying breaches within 72 hours), we will do so within the required time window. Where the law allows public communication as an equivalent measure to direct notification (GDPR Article 34(3)(c)), we rely on the combination of in-app banner, Settings → Notices archive, and public notice on this site as that equivalent measure.

10. International transfers

Our processors (Anthropic, ElevenLabs, Cloudflare, Apple, RevenueCat, PostHog) operate globally. Your data may be processed in the United States, the European Union, or other jurisdictions depending on the processor and your location. Each processor maintains its own safeguards for international transfers, typically via Standard Contractual Clauses or equivalent.

11. Changes to this policy

We may update this policy when we add features, change processors, or clarify how we handle data. The "Last updated" date at the top of this page reflects when the current version took effect. Material changes will be announced in the app or by email where we have one.

12. Contact

For any questions about this policy, to exercise your rights, or to report a concern, email [email protected].