VedalityLast updated: May 2025
What we collect
Account data (email, display name), the entries and moods you create, and minimal device data needed to keep the app working (app version, OS).
What we never collect
We don't read your journal entries. They are encrypted at rest. No third-party advertising trackers. No data sold to anyone — ever.
How we use & retain your data
Use: to sync your content across your devices, send the reminders you ask for, and — only if you opt in — produce anonymous aggregated stats to improve the product. Retention periods: • Account data (email, display name, password hash): kept for as long as your account is active, deleted within 24 hours after account deletion. • Mood entries, journal entries, emotional scores, AI chat history: kept for as long as your account is active, deleted within 24 hours after account deletion. • Subscription & billing records (invoices, transaction IDs): retained for 10 years after the transaction, as required by French commercial and tax law (Code de commerce art. L.123-22). • Technical & security logs (IP, device, errors): retained for a maximum of 12 months, then deleted. • Cookie consent proofs: retained for 13 months (CNIL recommendation), then deleted. • Anonymous opt-in analytics: retained for up to 25 months in aggregated, non-identifying form. • Backups: rolling 30-day encrypted backups; deleted data disappears from backups within 30 days at the latest. When you delete your account, all personal data is wiped within 24 hours from active systems and within 30 days from backups. Only data we are legally required to keep (e.g. billing records) is retained beyond that, in restricted-access archives.
Your rights
Under GDPR (art. 15-22) you have the right to: • access your data and obtain a copy, • rectify any inaccurate information, • request erasure ("right to be forgotten"), • restrict or object to processing, • withdraw consent at any time, • portability (export in JSON), • define post-mortem directives for your data. Most of these are available directly from Settings › Your data. For others, write to privacy@vedality.app — we reply within 30 days. You also have the right to lodge a complaint with your supervisory authority (in France: CNIL — www.cnil.fr).
Sub-processors
• Hosting and database: Supabase (EU region, Frankfurt) — under EU Standard Contractual Clauses. • Email delivery: Resend (EU/US) — under SCCs + EU-US Data Privacy Framework. • AI coaching and insights: Lovable AI Gateway, which routes prompts to OpenAI and Google (Gemini). Prompts may be processed in the United States under SCCs + DPF. No personal identifier is sent — only the content strictly needed to generate the response. No other third party receives your data.
Data controller
CATROLEM, 134 rue Louise Michel, 59290 Wasquehal, France, registered under SIREN 531 538 122. Publication director: Christophe Melin. Contact: privacy@vedality.app. No Data Protection Officer (DPO) has been appointed; for any GDPR request, use the contact above.
Sensitive data (GDPR art. 9)
Mood entries, journal content and emotional scores you create may reveal information about your mental health. We treat these as sensitive data and process them solely on the basis of your explicit consent (art. 9.2.a), given when you create your account. You can withdraw this consent at any time by deleting your account — all sensitive data is erased within 24 hours.
Automated processing and profiling
Insights, emotional scores and AI coaching suggestions are generated automatically. These are informational only and never produce legal effects or significant impact on you within the meaning of art. 22 GDPR. You can ignore any suggestion and ask a human (privacy@vedality.app) to review automated outputs at any time.
Required vs optional data
Email and password are required to create and secure your account — without them, the service cannot work. Mood entries, journal, display name and notification preferences are optional; not providing them only limits the corresponding features. Anonymous analytics are strictly opt-in.
Minors
Vedality is not intended for users under 15. If you are under 15, you must obtain consent from a parent or legal guardian before creating an account. If we learn that we have collected data from a minor without valid parental consent, we delete it without delay.
Contact
Questions? Reach us at privacy@vedality.app — we reply within 7 days.