Last updated: May 2025
What we collect
Account data (email, display name), the entries and moods you create, and minimal device data needed to keep the app working (app version, OS).
What we never collect
We don't read your journal entries. They are encrypted at rest. No third-party advertising trackers. No data sold to anyone — ever.
How we use your data
To sync your content across your devices, to send the reminders you ask for, and — only if you opt in — anonymous aggregated stats to improve the product.
Your rights
Under GDPR (art. 15-22) you have the right to: • access your data and obtain a copy, • rectify any inaccurate information, • request erasure ("right to be forgotten"), • restrict or object to processing, • withdraw consent at any time, • portability (export in JSON), • define post-mortem directives for your data. Most of these are available directly from Settings › Your data. For others, write to privacy@vedality.app — we reply within 30 days. You also have the right to lodge a complaint with your supervisory authority (in France: CNIL — www.cnil.fr).
Sub-processors
• Hosting and database: Supabase (EU region, Frankfurt) — under EU Standard Contractual Clauses. • Email delivery: Resend (EU/US) — under SCCs + EU-US Data Privacy Framework. • AI coaching and insights: Lovable AI Gateway, which routes prompts to OpenAI and Google (Gemini). Prompts may be processed in the United States under SCCs + DPF. No personal identifier is sent — only the content strictly needed to generate the response. No other third party receives your data.
Data controller
CATROLEM, 134 rue Louise Michel, 59290 Wasquehal, France, registered under SIREN 531 538 122. Publication director: Christophe Melin. Contact: privacy@vedality.app. No Data Protection Officer (DPO) has been appointed; for any GDPR request, use the contact above.
Sensitive data (GDPR art. 9)
Mood entries, journal content and emotional scores you create may reveal information about your mental health. We treat these as sensitive data and process them solely on the basis of your explicit consent (art. 9.2.a), given when you create your account. You can withdraw this consent at any time by deleting your account — all sensitive data is erased within 24 hours.
Automated processing and profiling
Insights, emotional scores and AI coaching suggestions are generated automatically. These are informational only and never produce legal effects or significant impact on you within the meaning of art. 22 GDPR. You can ignore any suggestion and ask a human (privacy@vedality.app) to review automated outputs at any time.
Required vs optional data
Email and password are required to create and secure your account — without them, the service cannot work. Mood entries, journal, display name and notification preferences are optional; not providing them only limits the corresponding features. Anonymous analytics are strictly opt-in.
Minors
Vedality is not intended for users under 15. If you are under 15, you must obtain consent from a parent or legal guardian before creating an account. If we learn that we have collected data from a minor without valid parental consent, we delete it without delay.
Contact
Questions? Reach us at privacy@vedality.app — we reply within 7 days.