Privacy Policy

This Privacy Policy applies to the Velvet mobile application (iOS and Android), the website velvet-meet.com, and all related features, digital services, communication channels, moderation systems, in-app functionalities, and support processes (collectively, the “Service”). This Privacy Policy explains how Velvet collects, processes, stores, protects, shares, and otherwise handles personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the revised Swiss Federal Act on Data Protection (“revFADP”), where applicable.

By accessing, installing, registering for, or otherwise using the Service, you acknowledge that you have read and understood this Privacy Policy. Where legally required, you consent to the processing of your personal data as described herein. If you do not agree with this Privacy Policy, you must discontinue use of the Service immediately.

1. Identity of the Data Controller

Velvet, a sole proprietorship based in Switzerland, acts as the data controller responsible for the processing of personal data in connection with the Service. At launch, the Service is operated by Giordano Rausa, located at Bellevuestrasse 1A, 9400 Rorschach, Switzerland. The official legal entity name, registered address, and registration number will be published in the imprint once finalized.

Velvet reserves the right to appoint data protection representatives within the European Union or other jurisdictions where required under applicable data protection laws, including Article 27 of the GDPR. These representatives will serve as points of contact for regulatory authorities and data subjects regarding data protection matters.

Velvet may process and store personal data across borders, including in countries outside Switzerland or the European Economic Area, for operational, technical, and legal purposes. In all cases, Velvet ensures that appropriate safeguards are implemented to maintain adequate protection of personal data, including compliance with Swiss data protection law, the GDPR, and other applicable privacy requirements.

Velvet also reserves the right to engage affiliates, contractors, and service providers to assist with the provision, maintenance, and improvement of the Service, provided that such parties adhere to strict confidentiality and data protection obligations.

All privacy-related inquiries, requests for information, access, correction, or deletion of personal data, and other data protection concerns may be directed to info@velvet-meet.com , which serves as the official contact for all privacy and compliance matters.

2. Categories of Personal Data Processed

Velvet processes personal data necessary for the operation, security, and lawful management of the Service. This includes account-related data such as phone number, Google account identifiers, email address (if provided through third-party login), date of birth, username, and authentication tokens.

Profile data voluntarily provided by users may include photographs, descriptions, interests, optional lifestyle information, and other content made visible to other users. Velvet does not require users to provide more personal data than necessary for basic account functionality, but users may voluntarily disclose additional information at their own discretion and risk.

Velvet processes user-generated content including chat messages, group communications, uploaded media, Pins, comments, reactions, and other interactions. Such data is processed to provide core social features and to enforce community standards.

Private user communications are processed only to enable technical transmission, storage, and delivery of messages. Velvet does not interpret, read, or analyze the content of messages unless required following a user report, legal notice, or where mandated by applicable law. Velvet may also access specific communications where reasonably necessary to investigate suspected violations of the Terms, abuse of the Service, or threats to user safety. Users are solely responsible for the content they share. Velvet does not endorse or assume responsibility for private communications between users.

Velvet cannot prevent users from taking screenshots or redistributing content outside the Service, and is not liable for such external sharing.

Technical and device data such as IP address may be processed automatically at the infrastructure or hosting level for security monitoring, fraud prevention, system integrity, and technical diagnostics. The Service does not intentionally track or profile users via IP address at the application level. IP data is not used for behavioral profiling, advertising personalization, or user tracking purposes and is retained only for short-term security logging.

Only the most recent push notification token is stored for delivering service notifications and messages. Push tokens are not used for advertising, behavioral profiling, or third-party tracking.

In addition, Velvet may generate internal moderation records, enforcement decisions, risk assessments, audit logs, and safety-related documentation necessary for investigating reports, enforcing policies, preventing repeated violations, protecting users, and defending legal claims.

Age verification is primarily based on user declaration, unless further verification becomes reasonably necessary.

3. Purposes and Legal Bases for Processing

Personal data is processed primarily for the performance of the contractual relationship between the user and Velvet, including account management, authentication, provision of app features, enabling communication between users, processing digital purchases, and providing customer support.

Velvet also processes data based on its legitimate interests, including maintaining platform security, preventing fraud and abuse, protecting intellectual property, ensuring service continuity, conducting internal analytics, improving functionality, and defending legal claims. Velvet conducts internal balancing assessments to ensure that such interests do not override fundamental user rights.

Where required by law, Velvet relies on user consent for specific processing activities, such as enabling precise location access or push notifications. Users may withdraw consent at any time through device settings or by contacting support, without affecting prior lawful processing.

Processing may also occur where necessary to comply with legal obligations, including responding to lawful requests by courts or authorities, fulfilling regulatory requirements, or cooperating with law enforcement investigations. In exceptional circumstances, processing may occur to protect vital interests where there is a serious and imminent threat to safety.

4. Special Categories of Data

Velvet does not intentionally request or require special categories of personal data as defined under Article 9 GDPR. However, due to the nature of a social and connection platform, users may voluntarily disclose sensitive information, including data relating to sexual orientation, personal relationships, health matters, or other intimate details within profiles or communications.

Where users voluntarily disclose special categories of data, processing is based on Article 9(2)(a) GDPR (explicit consent) and, where applicable, Article 9(2)€ GDPR (data manifestly made public by the data subject). Velvet does not independently collect, analyze, or profile special categories of data beyond what users choose to disclose within the Service.

Such data is processed solely for the purpose of providing the Service, enabling user interaction, moderating content, enforcing platform policies, and complying with legal obligations. Users are strongly encouraged to exercise discretion when sharing sensitive information.

Users voluntarily determine what information to share and may control visibility through available privacy settings.

5. Location Data

Location data is accessed only while the application is actively in use. The Service does not perform background location tracking. Only the most recent location point is stored, and each new update overwrites the previous location. No movement history or historical location tracking is retained. The system is designed to prevent precise real-time tracking; users cannot determine another user’s exact residence or continuous movement path. Exact geographic coordinates are not visible to other users; only approximate distance indicators are displayed. Disabling location access may limit or disable certain proximity-based features of the Service. Location access is controlled entirely by device permission settings and can be revoked by the user at any time through system settings.

6. Data Sharing and Disclosure

Velvet does not sell personal data to third parties. However, personal data may be shared with trusted service providers who assist with hosting, cloud infrastructure, content moderation, analytics, technical maintenance, payment validation, legal compliance, or IT security. Such providers operate under contractual confidentiality and data protection obligations.

Payments are processed via third-party providers including Stripe (credit card transactions), Apple In-App Purchases, and Google Play Billing. Each provider acts as an independent controller for payment processing. Velvet normally receives only transaction confirmations and reference information necessary to validate purchases and does not store full credit card details.

Personal data may be disclosed where required or legally permitted to competent authorities for the prevention of crime, protection of users, enforcement of legal rights, or compliance with regulatory obligations. In the event of merger, acquisition, restructuring, or asset transfer, personal data may be transferred as part of the transaction, subject to appropriate safeguards. Velvet may share limited transaction-related data with payment providers where necessary to investigate fraud, payment abuse, or unauthorized transactions.

7. International Data Transfers

Personal data may be processed outside Switzerland or the European Economic Area. Where cross-border transfers occur, Velvet implements appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or transfers to jurisdictions benefiting from adequacy decisions. Users acknowledge that certain jurisdictions may not provide identical levels of data protection.

8. Data Retention & Chat Persistence

Velvet retains personal data only as long as necessary for contractual, operational, security, and legal purposes. Account data is generally retained for the duration of the user relationship.

Upon account deletion, user profiles and uploaded media are removed from active display and the account is anonymized so that it no longer maintains an accessible public profile. Uploaded media is permanently removed and is not retained in permanent backup systems, except where temporary retention is technically necessary or legally required.

After account deletion, conversations no longer provide access to previous messages or media. Remaining chat entries function only as technical placeholders indicating that a user account no longer exists and contain no readable content. These placeholders do not contain personal data of the deleted user. Certain data may be retained after account deletion where necessary for fraud prevention, enforcement of Terms, compliance with legal obligations, or defense of legal claims. Moderation and enforcement records may be retained to prevent repeated abuse and protect platform integrity. Such records may be retained for extended periods where necessary to enforce permanent restrictions and prevent repeated violations.

Inactive accounts may be deleted or anonymized after a prolonged period of inactivity unless legal retention obligations require longer storage. Aggregated or anonymized data may be retained indefinitely for analytical and business purposes. Velvet does not retain long-term location history.

9. Emergency & Law Enforcement Disclosure

Velvet may disclose personal information without prior notice where necessary to prevent harm, protect user safety, investigate illegal activity, or respond to requests from emergency authorities or law enforcement, in accordance with applicable law.

10. Automated Decision-Making and Enforcement

At launch, moderation is primarily report-based and subject to manual review. Velvet does not use automated decision-making that produces legal or similarly significant effects without human review. Limited automated tools may assist in detecting spam, abuse, or suspicious behavior; however, enforcement decisions involve human assessment where appropriate.

11. Security Measures

Velvet implements technical and organizational security measures appropriate to the risk level associated with the processing of personal data. These measures include controlled access permissions, encrypted data transmission where appropriate, system monitoring, logging, internal confidentiality obligations, and incident response procedures. Despite these safeguards, no digital infrastructure can guarantee absolute security. Velvet disclaims liability for breaches resulting from force majeure events, sophisticated cyberattacks beyond reasonable control, or user negligence in safeguarding credentials or devices.

For fraud prevention and abuse mitigation, short-term security logs (approximately 24 hours) may be maintained. In cases of account bans, limited identifiers such as phone numbers may be retained to prevent re-registration and protect platform integrity.

12. Data Subject Rights

Subject to applicable law, users may have the right to request access to their personal data, request correction of inaccurate data, request deletion, restrict processing, object to processing based on legitimate interests, request data portability, or lodge complaints with competent supervisory authorities. Velvet reserves the right to verify the identity of any individual submitting a request and may refuse or limit requests that are manifestly unfounded, excessive, repetitive, or legally restricted. Requests may be submitted to info@velvet-meet.com .

In Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC). EU residents may contact the supervisory authority in their country of residence.

Users may also request a review of moderation decisions in accordance with the Terms & Conditions.

13. Minors and Illegal Content

Velvet is strictly limited to individuals aged 18 years or older. Velvet does not knowingly collect personal data from minors. If Velvet becomes aware of underage use, the account will be immediately suspended or deleted. Where legally required, relevant information may be preserved and reported to competent authorities. Where illegal content involving minors is identified or reported, Velvet may be legally obligated to preserve relevant information and report such content to competent authorities in accordance with applicable law.

14. Limitation of Liability

To the maximum extent permitted by applicable law, Velvet is not responsible for voluntary disclosures of personal data made by users to other users, or for redistribution of such content by third parties beyond Velvet’s control. Nothing in this Privacy Policy limits or excludes liability where such limitation is prohibited under applicable data protection law.

15. Amendments

Velvet reserves the right to amend or update this Privacy Policy at any time to reflect legal, technical, or business developments. The most recent version published within the app or on the website shall apply. Continued use of the Service after changes become effective constitutes acceptance where legally permissible.

16. Contact

For privacy, legal, or compliance inquiries, please contact:

Velvet Privacy & Legal Department
info@velvet-meet.com