home
/
Privacy Policy
Policy

Privacy Policy

Last Updated: 5 November 2025

1. Introduction and Purpose

Velto Technologies Ltd. (“Velto”, “we,” “our,” or “us”) is a provider of a non-custodial cryptocurrency application and interface (“app”) and is committed to protecting and respecting your privacy. This Privacy Policy (“Policy”) explains how we collect, use, disclose, and safeguard your information when you use our app and related services (collectively, the “Services”) in accordance with the Data Protection Act, 2021 (the “DPA”) of the British Virgin Islands (the “BVI”). Any terms in italics in this Policy have the meanings set out in the DPA unless the context otherwise requires. We are the Data Controller and may appoint other group companies, affiliates and/or other service providers from time to time, as Data Processors. By using our Services, you agree to the collection and use of information in accordance with this Policy, including the transfer of your Personal Data outside of the BVI.

 

At Velto, privacy is a core value. Key highlights of our privacy practices include:

  • Non-Custodial by Design: We do not hold or control your digital assets, and we never collect or store your private keys or seed phrases on our servers. These remain encrypted locally on your device under your sole control.
  • Data Minimization: We collect only the limited data needed to provide and improve our Services. You can use Velto’s core features without providing Personal Data like your name or address. We primarily collect an email address (e.g. for our waitlist or support) and basic device/usage data – and we do not collect wallet addresses, seed phrases, or track your on-chain transactions.
  • Privacy by Default: We do not track your blockchain activity or balances on our servers. Your public wallet addresses and transaction history remain on the blockchain and are not linked to any personal identity by us. We also do not use your IP address or device identifiers to try to identify you or associate you with your wallet. Any IP data is used only transiently to facilitate service connections and is not retained.
  • Transparent Analytics (No PII): We use third-party analytics services (such as Mixpanel and AppsFlyer) to collect anonymous usage statistics that help us improve the app. These analytics never include personal identifiers, wallet addresses, or transaction details – they focus on how features are used (e.g. button clicks, app version) to guide improvements. We do not sell your data or share it for advertising purposes.
  • Optional Communications: We may send you push notifications (via OneSignal) or emails to provide important updates (e.g. transaction alerts, security notices). You will receive marketing or promotional updates only if you opt in, and you can unsubscribe or disable such notifications at any time.
  • User Rights and Control: You retain rights to your data. You can contact us to access or delete the limited Personal Data we hold about you, and we honor all applicable privacy rights as described in this Policy. We aim to be transparent and responsive to any privacy concerns.

Below, we detail our privacy practices and your rights in full.

 

2. Information We Collect

We collect very limited Personal Data, and always with the principle of proportionality in mind. This section describes the categories of information  we collect and also what we do not collect.

2.1 Information You Provide to Us

You are not required to create a traditional user account or provide Personal Data in order to use the Velto app. However, you may choose to provide certain information in the following contexts:

  • Waitlist or Newsletter Sign-Up (Email Address): If you join our waitlist or subscribe to be notified about our launch and product updates, we collect your email address for the purpose of sending you those communications. We will use this email only to send you relevant updates and will not use it for unsolicited marketing. You can opt out of these emails at any time via the unsubscribe link or by contacting us.
  • Support Communications: If you contact us for support or with an inquiry, we will collect your contact information (such as your email address) and any information you choose to share about the issue. This may include your name (if provided in an email signature, for example) and the content of your communications. We use this information solely to assist you and improve our Services (for example, fixing bugs you report).

We do not ask for or collect any Personal Data such as your real name, physical address, government ID, or payment card details. Our app is intended to be used without needing to divulge your identity. Importantly, we never collect or store your wallet’s private keys, seed phrases, or passwords on our servers. This information remains on your device and is never shared with us.

 

2.2 Information We Collect Automatically

When you use our app or website, certain technical information is collected automatically in order to ensure the Services function properly and to help us understand usage. This information, listed below, is collected in a manner that does not directly identify you, and we do not link it to any personal identity or blockchain address.

  • Device and App Information: We collect data about the device and app you use to access our Services. This includes your device type and model, operating system version, unique device identifiers or advertising IDs, browser type (if using a web interface), and general system information. For example, we may know that you are using “an Android phone with OS version X” or “Chrome browser version Y”. We also collect the Velto app version you are running, so we can troubleshoot and ensure compatibility.
  • Usage Data: We collect anonymous information on how you interact with our app. This includes which features or screens you access, buttons or links clicked, pages viewed, the date and time of activities, and other usage patterns. For instance, we might log that a user opened the app, created a new wallet, or enabled a certain setting. This data helps us understand what features are popular or if users encounter difficulties, so we can improve the user experience. This usage data does not include any details about your blockchain transactions or wallet contents – it is limited to actions within the app interface.
  • Log and Connectivity Data: Like most services, our servers automatically receive basic log information when you interact with the Services. This includes your device’s IP address, network type, timestamps of requests, and error logs. We use IP addresses and network information to enable communications between your device and blockchain networks or our service (for example, to route requests to the appropriate blockchain node or to detect and prevent malicious activity such as DDoS attacks). We do not use IP addresses to derive your precise location; at most, we may identify your general region (e.g. country or state) to optimize network routing or enforce geo-restrictions if required by law. We do not store or tie IP addresses to your wallet or other personal identifiers, and IP data is retained only temporarily for technical purposes.
  • Cookies and Web Tracking: If you visit our website, we may use cookies or similar technologies to remember your preferences and collect website analytics. Cookies are small text files stored on your browser. For example, a cookie might remember that you prefer a certain language on our website. We do not use tracking cookies for advertising. You can control cookies through your browser settings (e.g. to refuse or delete them), though note that certain website features might require essential cookies to function.
  • Security and Diagnostic Data: In order to keep our Services secure and reliable, we automatically collect information related to app performance and security. This includes data like crash reports (if the app crashes, we receive an anonymized report of the technical fault), error messages, and authentication or blockchain transaction failure logs. Collecting this information allows us to debug issues and protect against fraud or unauthorized access (for example, detecting multiple failed login or transaction attempts may alert us to potential abuse). This data does not include user content and is used only for maintaining the integrity of our Services.Third-Party Analytics: We use third-party analytics tools (notably Mixpanel and AppsFlyer) to help collect and analyze the usage and device data described above. These tools operate within our app and may automatically receive the information about your device and app interactions. Importantly, we have configured these analytics services not to collect any Personal Data (such as your name or email) or any sensitive wallet data (such as your wallet addresses or balances). The analytics data is aggregated and anonymized; for example, we might learn that “X% of users clicked Button A” or “N users created a wallet this week.” This information helps us improve features and fix problems. The analytics providers may use device identifiers (like the advertising ID on mobile devices) to distinguish unique installations of our app, but they cannot identify you personally from this. We do not combine analytics data with any Personal Data you provide. If you would like to opt out of non-essential analytics, you may adjust your settings in the app (if available) or contact us for assistance. We are transparent about our use of analytics and will update you if this practice changes.

 

2.3 Information We Do Not Collect or Access

For clarity, Velto does not collect certain types of data, in line with our privacy-focused approach:

  • No Personal Identifiers: We do not collect your personal identifiers such as full name, postal address, phone number, government-issued IDs, or financial account information by default. Unless you separately provide it for a specific reason (like contacting support), we have no knowledge of your real-world identity.
  • No Private Keys or Seed Phrases: We never ask for your wallet’s private key or recovery seed phrase, and we do not have access to them. Because Velto is a non-custodial app, you are solely responsible for your private keys; we cannot retrieve or reset them for you, and we do not store them on any server.
  • No Wallet Address Tracking: We do not collect or monitor your public wallet addresses, nor do we associate blockchain addresses with your personal identity in any way. Any public blockchain data (such as your wallet addresses, balances, or transaction history) is not sent to us; it stays on the public blockchain and in your app interface. While our app will display your blockchain transactions and balances to you, this information is fetched directly from the blockchain or third-party blockchain nodes into your device, and is not transmitted to Velto’s servers for storage. In other words, we do not maintain a separate database of which transactions or balances belong to which user. We also do not collect any metadata about your on-chain activity beyond what is necessary for providing the Service (for instance, we may temporarily cache a transaction ID to show you its status, but we don’t profile or analyze your on-chain behavior).
  • No On-Chain Activity Profiling: We do not use analytics or any other means to track your behavior on public blockchain networks. Some wallet providers or analytics might attempt to link a user’s blockchain transactions with their identity or app usage; Velto does not do this. Aside from facilitating the transaction you request, we do not log or profile which addresses you interact with or what transactions you execute.
  • No Sale of Personal Data: We never sell your Personal Data to third parties. We also do not share your Personal Data with third-party advertisers or data brokers. Any Personal Data we collect is used strictly as described in this Policy and for the purposes you expect.

 

3. How We Use Your Information

We and the Data Processors may Process your information (including Personal Data) for the following lawful purposes directly related to our provision of the Services:

  • Service Provision and Operation: To provide, maintain, and improve our Services. This includes using the information necessary to facilitate the features you use, such as creating and managing your cryptocurrency wallets, enabling transactions on various blockchain networks, and displaying your portfolio of assets. For example, device and log information is used to connect your app to blockchain nodes and ensure transactions are broadcast properly. Usage information helps us verify that the app is functioning as intended and allows us to troubleshoot issues you might encounter. Overall, this use of data is essential for us to deliver a secure and user-friendly app experience.
  • Communication and User Support: To communicate with you about the Services and respond to your inquiries. If you provide an email for the waitlist or contact us for support, we will use that email to send you relevant notices. For instance, we may send you an email to confirm your waitlist subscription or to respond to a support ticket you opened. We might also use push notifications (if you have enabled them) or in-app messages to inform you of important events: for example, confirming that a transaction has been processed, alerting you to a security update, or notifying you of new features. We will only send promotional or marketing communications (such as newsletters about new products or offers) if you have given us consent (e.g. by opting in via our website or app) – and you can opt out of these at any time. Our communications with you will always be respectful of your preferences and privacy.
  • Security and Fraud Prevention: To protect the security of our Services, our users, and their assets. We use data like security logs, IP addresses, and usage patterns to detect and prevent fraudulent, unauthorized, or illegal activities. For example, we may use IP or device information to identify a possible malicious actor attempting to brute-force into wallets, or to determine that a network request is suspicious (coming from an unusual location or a known malicious IP range). If we detect security threats or fraud, we may use the information to mitigate the issue (such as temporarily suspending transactions from a compromised device to protect the user’s assets). We will also use information as necessary to enforce our Terms of Use and other policies.
  • Analytics and Product Improvement: To analyze trends and usage of our Services in order to improve functionality and develop new features. This is primarily done through the analytics data described in Section 2.2 of this Policy. We aggregate and analyze this data to understand things like which features are most used, where users might encounter errors or drop off in a process, and what general improvements could be made. For example, analytics might tell us that a certain feature is rarely used, indicating it may be unclear to users – we can then focus on making it more accessible. It might also show us that a new update caused an increase in crashes on a particular device model, prompting us to fix compatibility. All such analysis is done on de-identified data. This helps us make informed decisions to enhance user experience, performance, and security.
  • Compliance with Legal Obligations: To comply with any applicable laws, regulations, legal processes or governmental requests. Although Velto provides a non-custodial service (meaning we generally do not hold Personal Data like a custodian would), there might be scenarios where we are legally required to use or retain certain information. For instance, if we receive a valid subpoena or mandatory request from law enforcement, or if regulations require us to implement sanctions screening, we will Process the necessary data to comply. Additionally, if in the future we introduce features that require identity verification or other compliance checks (e.g. if you choose to engage in regulated services through the app), we will use your data for those purposes in accordance with applicable law. In such cases, we will be transparent with you about any additional data collection and obtain your consent when required. We may also use information to exercise or defend legal claims, to audit our compliance with regulations, or to prevent fraud and illicit activity.
  • Push Notifications and Alerts: We may use your device token (provided by our push notification service, OneSignal) to send you notifications that are part of the Service if you enable push notifications on your device. For example, after a transaction is submitted, we might push an alert when it is confirmed on the blockchain, or send a reminder if you enabled price alerts or similar features. You control whether to allow push notifications via your device or app settings. We will not spam you with irrelevant alerts – notifications will be limited to important service-related messages or those you have opted into. You can silence or turn off push notifications any time, and we will only use the push service to deliver messages you are meant to receive.

We will abide by the following data protection principles when Processing Personal Data:

(a)                        Your Personal Data will be Processed fairly.

(b)                       Your Personal Data will not be further Processed in any manner incompatible with the purpose or purposes for which it was collected and Processed.

(c)                        Your Personal Data will be adequate, relevant, and not excessive in relation to the purpose or purposes for which we collect or Process it.

(d)                       Your Personal Data will be accurate and, where necessary, kept up to date.

(e)                        We will not keep your Personal Data for longer than is necessary to satisfy the purpose or purposes for which it was collected or Processed.

(f)                          We will Process your Personal Data in accordance with the rights of Data Subjects under the DPA.

(g)                        We will ensure that appropriate technical and organizational measures are taken to safeguard against unauthorized or unlawful Processing of your Personal Data and against accidental loss or destruction of, or damage to, your Personal Data.

 

4. Information Sharing and Disclosure

We do not sell or trade your Personal Data to anyone. We only share your Personal Data with third parties other than our group companies and affiliates in a few select circumstances, outlined below, and always with adequate protections in place:

  • Service Providers: We engage a limited number of trusted third-party companies to help us operate and support our Services. These include, for example:
    • Analytics Providers: As noted, we use Mixpanel and AppsFlyer to provide analytics services, and OneSignal to send push notifications. These providers Process certain usage and device data on our behalf for the purposes described in this Policy. They act under our instructions and do not use your data for their own purposes. We have agreements in place with such providers to ensure they protect your information and comply with privacy laws.
    • Cloud Infrastructure: If our application interacts with any cloud servers (for instance, for transmitting push notifications or serving app updates), the cloud hosting providers may process network information (like IP addresses) temporarily to route data. They are not allowed to access or use Personal Data beyond what is necessary to perform their function.
    • Customer Support Tools: If we use any customer support management platform or email service to communicate with you, the information you provide (e.g. your email and support query) might be stored on their systems. These providers are contractually obligated to keep your data secure and confidential.

We ensure that all third-party service providers are bound by strict confidentiality and data protection obligations. They cannot use your data for anything other than assisting us with our Services. We also carefully limit the data shared to the fullest extent possible – for example, our analytics providers only get device and event information.

  • Third-Party Integrations and Decentralized Services: When you use Velto to interact with third-party services or decentralized applications (DApps), such as an integrated trading protocol, decentralized exchange, or other smart contracts not operated by Velto, any data you share in that interaction is provided directly to those third parties, not to Velto. For example, if our app allows you to access a DeFi protocol via a built-in webview or API, the information and transactions you submit go to that protocol and are subject to its own privacy practices. We do not receive or collect the Personal Data you might provide to such third-party services. Similarly, any on-chain activity you perform (trades, swaps, etc.) through an integration is recorded on the blockchain and potentially seen by the third-party protocol and blockchain observers, but not stored by us. We may facilitate the connection (e.g. passing your transaction along to the smart contract), but we do not intercept or store the details. Please note that these third-party platforms or protocols are independent data controllers of any Personal Data they Process about you; their handling of your information is governed by their own privacy policies, not ours. We encourage you to review the terms and policies of any third-party service you access through Velto, and exercise caution when sharing your data with them.
  • Legal Requirements and Safety: We may disclose information about you if we are legally required to do so, or if we have a good-faith belief that such disclosure is reasonably necessary to (a) comply with a legal obligation, subpoena, or request from government authorities; (b) enforce our Terms of Use or other agreements; (c) investigate or protect against legal claims or allegations, or otherwise in connection with legal proceedings; or (d) protect the rights, property, or safety of Velto, our users, or the public. For example, if we are compelled by law enforcement with an appropriate warrant to provide information (and we have any relevant data to provide), we will comply with applicable law. If allowed, we will notify affected users of such requests. Additionally, if we detect fraud or security issues, we might share relevant data with law enforcement or specialists as needed to address the threat.
  • Business Transfers: If Velto is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your data may be transferred as part of that transaction. We would only transfer the data necessary and would seek to require the successor entity to uphold the same privacy standards stated in this Policy. In the event of a business transfer, we will notify you (for example, via a notice on our website or within the app) if your Personal Data becomes subject to a new Privacy Policy or materially different practices.
  • Public Blockchain Data: As noted, any transaction data broadcast using Velto is recorded on public blockchain networks by the nature of blockchain technology. For example, if you send cryptocurrency to another address, the details of that transaction (your blockchain wallet address, the receiver’s address, the amount, timestamp, transaction ID, etc.) are visible on the blockchain’s public ledger. This information is not private and can be seen by anyone with access to the blockchain. Velto does not control that data or how it’s used, since it is inherent to the decentralized network. We want to remind you that blockchain transactions are irreversible and public. While this is not “information sharing” by us, it is a form of data disclosure that occurs whenever you use a public ledger. Please exercise caution with your blockchain addresses – since they are pseudonymous, if you post your address publicly or associate it with your identity elsewhere, someone could tie the publicly visible transactions to you. Velto will not link your blockchain activity to your identity, and we do not share your Personal Data with any blockchain network beyond what is necessary to perform transactions.

 

5. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it. Our security program includes:

  • Encryption: All data transmissions between your app and our servers (or third-party services) are encrypted using SSL/TLS protocols. Additionally, any sensitive data that we store (for example, if you provide an email or any logs) is encrypted on our systems. Within the Velto app, your private keys and seed phrases are encrypted on your device using strong cryptography and/or protected by secure elements of the device, where available.
  • Access Controls: We limit access to Personal Data strictly to authorized personnel who need it to perform their job duties. For example, if you contact support, only trained support staff who are handling your request will have access to your support ticket details. Our internal databases and systems require authentication and follow the principle of least privilege – team members only access what is necessary for their role. Administrative access to servers is protected via multi-factor authentication and strict network controls. We regularly review and update permissions.
  • Security Monitoring: We continuously monitor our infrastructure and app for potential security vulnerabilities and intrusions. We employ intrusion detection systems, anti-malware tools, and other security software to alert us of suspicious activities. Our team actively reviews logs and has procedures for responding to unusual events. We also utilize third-party security services and audits to complement our monitoring.
  • Regular Audits and Testing: We subject our platform to regular security audits and assessments. This can include code reviews, penetration testing by independent security experts, and security evaluations of our cloud environment. By proactively finding and fixing vulnerabilities, we aim to prevent security issues before they impact users. We keep our software dependencies up-to-date with security patches and follow best practices in secure software development. In addition, we maintain compliance with any applicable security standards or regulatory security requirements relevant to our services.
  • Backup and Recovery: We perform encrypted backups of critical system data to ensure we can recover in case of a disaster or data loss scenario. These backups are protected and stored in geographically redundant locations. This refers to service data like server logs or configurations – your wallet keys are not stored on our servers, so we do not back those up; it is your responsibility to safely back up your own seed phrase. We will never ask you for your seed phrase, even in a recovery scenario.
  • Employee Training and Policies: All Velto team members are trained on data privacy and security practices. We have internal policies to ensure confidentiality of user data and to prevent social engineering or human error-related breaches. Employees are required to adhere to these policies and are subject to disciplinary measures if they fail to do so.

While we employ robust protections, it’s important to understand that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your data. However, we will continue to evolve our security practices to meet or exceed industry standards. In the unfortunate event of a security breach affecting your Personal Data, we will promptly inform affected users and take all necessary steps to mitigate the impact, in accordance with applicable laws and regulations.

We encourage you to take steps to protect yourself, such as using a strong PIN or biometric lock for the Velto app, safeguarding your devices from unauthorized access, and never sharing your wallet’s seed phrase or private keys with anyone. Velto will never ask you for your seed phrase, even for support purposes. If you suspect any unauthorized access to your account or wallet, please contact us immediately.

 

6. Data Retention

We retain Personal Data only for as long as necessary to fulfill the purposes described in this Policy, or as required by law. Since we minimize what we collect, our retention periods are also minimal in most cases. Below is an overview of how long we keep different types of data:

  • Waitlist/Newsletter Emails: If you provided your email to join our waitlist or receive updates, we will retain your email address until we have delivered the information or launch announcement you requested. After such communications, we may keep your email on file to send further product updates or newsletters, but only if you continue to consent to such emails. You can unsubscribe at any time, and if you do so (or if the emails bounce repeatedly), we will remove your email from our active mailing list. We may retain a suppressed copy of your email (marked as “unsubscribed”) to ensure we honor your opt-out and do not accidentally re-add you.
  • Support Communication Records: If you contact us, we may retain correspondence (such as emails, support tickets, and chat logs) and our responses for a certain period in order to effectively manage your account and improve our support processes. These records are typically kept for as long as you are an active user of the Services and for a reasonable period thereafter in case you reach out again or if needed for any follow-up. This retention allows us to have context on prior issues when helping you, and to monitor support quality. We will purge or anonymize old support records that are no longer needed. If you want us to delete a specific support conversation, please let us know.
  • Usage Analytics: Aggregated anonymized usage data (which contains no personal identifiers) may be retained indefinitely. We store analytics on an ongoing basis to observe long-term trends and product performance. Since this data does not identify you and is pooled with data from many users, retaining it presents minimal risk to your privacy. It helps us, for example, compare feature adoption over time or analyze the success of improvements. We may also retain certain aggregated metrics for historical record-keeping and to support business decisions. This data cannot be traced back to any individual user.
  • Device/Log Data: Our server logs (including IP addresses and device identifiers) are retained only for short periods, primarily for troubleshooting and security monitoring. Typically, raw logs are kept for a few weeks to a few months, after which they are automatically rotated or deleted. In an aggregated form (e.g. number of requests from a region per day), we might retain them longer for analytics as mentioned above. If any log data is required to investigate fraud or a security incident, we might retain specific logs until the issue is resolved.
  • Legal Compliance Records: If any data is collected or retained for legal compliance reasons (for example, documentation of a transaction for tax or regulatory reasons, or records required by anti-fraud laws), we will retain that data for as long as the law prescribes. We aim to avoid collecting such data altogether, but in the rare case we must (e.g. due to a future feature that involves regulated activity), we will abide by the legally mandated retention period and securely delete the data when it no longer must be kept.
  • Blockchain Data: We want to reiterate that Personal Data deletion requests cannot affect data stored on the blockchain. Any transactions you have done via the Velto app are on public blockchains and cannot be erased or changed by us (or anyone). This data is outside of our control and persists indefinitely on the blockchain, even if you stop using Velto or request data deletion.

When we no longer have a legal basis to retain your Personal Data, we will securely delete or anonymize it.

If deletion is not immediately possible (for instance, because the Personal Data is stored in backup archives), we will ensure it is isolated from further active Processing until deletion is possible.

7. Your Rights and Choices

 

We respect your rights to control your Personal Data. Under the DPA, you have the following rights regarding the Personal Data we hold about you:

  • Right of Access: You have the right to request confirmation of whether we are Processing your Personal Data, and if so, to access your Personal Data.
  • Right to Rectification: If any of your Personal Data that we have is inaccurate or incomplete, you have the right to request that we correct or update it. For instance, if you believe we have an incorrect email address for you, or if you want to update your contact details for our waitlist, you can ask us to fix it.
  • Right of Erasure: You have the right to request that we delete your Personal Data in certain circumstances. For example, if you had signed up to the waitlist and later decide you don’t want us to hold your email anymore, you can request deletion and we will remove it from our systems.
  • Right to Restrict or Object: You have the right to restrict or object to our Processing of your Personal Data in certain circumstances. For example, you have a right to object to your Personal Data being used for direct marketing – if we were sending you marketing emails and you object, we will stop.
  • Right to Withdraw Consent: In cases where we rely on your consent to Process Personal Data (for example, if you gave consent to receive promotional emails or to collect certain analytics), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any Processing we already did while we had your consent, but it will mean we stop the consent-based Processing going forward. For instance, if you consented to optional analytics and later change your mind, you can disable the analytics option (if available in-app) or contact us to opt out, and we will cease collecting your Personal Data for that purpose.
  • Right to Submit a Complaint: You have the right to lodge a complaint with the BVI Information Commissioner under certain circumstances.

These rights may be subject to certain limitations and exceptions under applicable law. For example, if a request is unfounded or excessive, we might charge a reasonable fee or refuse to act on it. We might also need to keep some data if required by law even if you request deletion (e.g. retention of transaction records for anti-fraud purposes), but we will inform you if so.

Depending on your jurisdiction of residence, you may have additional rights which may, for example, include the right to request portability of your information in a structured format.

Marketing Communications and Notification Choices:

  • If you no longer wish to receive marketing emails or newsletters from us, you can opt out at any time by clicking the “unsubscribe” link in any such email, or by contacting us to remove you from our distribution list. Once you opt out, we will stop sending you promotional communications. Do note that we may still send you service-related communications that are necessary for the app’s operation or for security, such as a notice of an update or alert about an important change, even if you opt out of marketing messages.
  • If you have enabled push notifications on our app but later wish to stop receiving push notifications, you can disable them at any time in your device settings or within the app’s settings (if available). For example, you can revoke the permission for our app to send notifications in your phone’s notification settings. This will stop those push alerts from reaching you. You can also typically customize which types of notifications you want to receive in the app (e.g. enable transaction alerts but disable promotional notifications). We give you control so you can tailor your notification preferences.
  • If our app offers any in-app analytics or data sharing settings (such as a “Help Improve Velto” toggle), you can adjust those settings to your comfort. We will honor such preferences and either stop or reduce data collection accordingly. If you have any trouble finding these settings or have questions about opting out, contact us for guidance.

Cookies: You can control or delete cookies through your browser settings. If you do so, note that certain of our website’s features (like remembering your language or pre-filled form info) might not function as conveniently, but the core informational parts of the website should still be accessible.

Do Not Track: Currently, our systems do not respond to “Do Not Track” (DNT) signals from browsers. DNT is a setting that allows you to signal that you don’t want to be tracked across websites. Given we do not engage in cross-site tracking or behavioral advertising, and due to the lack of an industry standard for DNT, we don’t specifically act on DNT headers. However, we treat all users’ data with the same high level of privacy protection, whether or not a DNT signal is present.

 

8. International Data Transfers

Velto offers a global service, and the limited data we collect may be Processed in various countries. This means your information could be transferred to or stored on servers in a country different from your home country.

Where a Personal Data transfer is made to a jurisdiction which provides a level of data protection lower than that prescribed by the DPA, we will take steps to ensure the security and confidentiality of your Personal Data in accordance with the DPA.

Our approach to international data transfers includes:

  • Adequacy and Safeguards: When we transfer Personal Data out of the EEA/UK or other regions with data export restrictions, we will do so in compliance with applicable laws. For instance, we may rely on the European Commission’s adequacy decisions (if transferring to a country deemed to have adequate protections) or implement Standard Contractual Clauses (SCCs) – which are approved contractual commitments to protect data – with the recipient entity. We might also rely on other lawful transfer mechanisms as available, such as binding corporate rules or consent, depending on the situation.
  • Service Providers: All our third-party service providers and partners are vetted for strong security and privacy practices. If they will handle Personal Data internationally, we will ensure they contractually commit to GDPR-equivalent data protection standards. For example, our analytics or push notification providers, if transferring data from the EU to the U.S., will have appropriate legal frameworks in place (like participation in the EU-U.S. Data Privacy Framework or SCCs) to lawfully receive that data and keep it safe.
  • Data Localization: Where feasible and appropriate, we strive to localize data Processing. For instance, if we have EU-based servers or options, we might Process EU user data within the EU to minimize cross-border transfer. This may not always be practical, so safeguards as mentioned above are used when data does flow internationally.

 

By using our Services, you understand that your data may be transferred to our facilities and those third parties with whom we share it as described in this Policy, even if they are located in other countries. We will always protect your data , no matter where it is stored.

 

9. Children’s Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect Personal Data from children under 18 years old. If you are under 18, you should not use our app or submit any Personal Data to us (for example, do not join the waitlist or contact support with Personal Data).

If we become aware that we have inadvertently collected Personal Data from a person under 18, we will take steps to promptly delete such information from our records in accordance with all applicable law.

Parents or guardians: If you believe that a child under 18 may have provided us with Personal Data, please contact us immediately. We will investigate and, if found true, ensure that the Personal Data is erased in accordance with all applicable law and that no further communications occur with the underage individual.

We encourage parents and legal guardians to be involved in their children’s online activities and to help enforce this Policy by instructing minors never to provide Personal Data on our Services or any other online service without parental permission.

 

10. Changes to This Policy

We may update this Privacy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make changes, we will notify you by updating the “Last Updated” date at the beginning of this Policy and, in the case of significant changes, providing a more prominent notice (such as a notice on our website homepage or an in-app alert).

Material changes will typically be communicated in advance when possible. For example, if in the future we decided to collect additional Personal Data beyond what is described here, we would update this Policy and likely prompt you to review the changes or seek your consent if required.

We encourage you to review this Policy periodically to stay informed about how we are protecting your data. Your continued use of our Services after any changes to this Policy constitutes your acceptance of the updated terms, to the extent permitted by law. If you do not agree with a change, you should discontinue use of the Services or exercise any applicable rights (such as withdrawing consent).

For historical reference, we will keep prior versions of this Policy available (for example, via our website or upon request) so you can see how our privacy practices have evolved.

11. Governing Law and Compliance

This Policy and any disputes related to it or our handling of Personal Data are subject to the laws of the BVI, unless otherwise required by applicable law. In practice, this means that we will comply with all applicable data protection and privacy laws, which may include the laws of your country of residence if they apply to us.

Velto is committed to adhering to frameworks like the EU General Data Protection Regulation (GDPR) and other privacy regulations as relevant. We act as the “data controller” of the Personal Data described in this Policy, which means we determine the purposes and means of Processing that information.

If you are located in certain jurisdictions (for example, the European Economic Area, United Kingdom, etc.), you may have additional rights or protections under the law. Notably, if you are in the EEA or UK, you also have the right to lodge a complaint with your country’s Data Protection Authority (DPA) or supervisory authority if you believe we have infringed your privacy rights. We kindly ask that you contact us first so we can address your concerns directly, but you are within your rights to contact a DPA at any time.

 

12. Contact Information

If you have any questions, concerns, or requests regarding this Policy or our privacy practices, including if you wish to exercise any of your rights hereunder, please do not hesitate to contact us:

Email: support@velto.com (Please use the subject line “Privacy Policy Inquiry” for faster routing)

We will respond to your inquiries as promptly as possible, typically within a few business days and in any event as prescribed by applicable law. For requests to exercise your rights, we will confirm receipt and let you know the estimated timeline for our response (generally within 30 days and in any event as prescribed by applicable law).

We are committed to resolving any privacy-related issues. If you have a concern about how we handle your data, we welcome the opportunity to make things right. Your trust is extremely important to us, and we will do our best to address your inquiry to your satisfaction.

Thank you for trusting Velto. We value your privacy and are continuously working to ensure that we deserve that trust. If you ever feel that something in this Policy is unclear or that we’re not living up to our commitments, please let us know so we can improve. Your privacy, security, and satisfaction are our priorities.

 

Velto © all rights reserved