Velocity Privacy Policy

Effective Date: February 15, 2026

1. Introduction

Camellia Studio ("Company," "we," "our," or "us") operates the Velocity mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you download, install, access, or use the App and its related services (collectively, the "Services").

Please read this Privacy Policy carefully. By using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

This Privacy Policy applies only to information collected through the App and does not apply to information collected offline, through other applications, or through third-party websites that may be linked from or accessible through the App.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Effective Date" of this Privacy Policy and, for material changes, by providing notice through the App.

2. Information We Collect

We collect information in the following ways when you use the App. We are committed to collecting only what is necessary to provide and improve the Services.

2.1 Information Collected Automatically

When you use the App, certain information is collected automatically through analytics and infrastructure services:

Device and Technical Information

• Device type and model
• Operating system and version
• Device platform (iOS or Android)
• App version
• Time zone and locale settings

Push Notification Token

If you grant permission for push notifications, we collect your Expo push notification token, which is a unique identifier used solely to deliver push notifications to your device. This token is stored alongside your device platform (iOS or Android).

Usage and Analytics Data

• Screens and pages viewed within the App
• Stories you interact with (tap, open, close), including story identifiers, company names, story types, and headlines
• Search queries you enter and the number of results returned
• Story type filters applied during search
• Bookmark actions (save and unsave events)
• Source links tapped within stories
• Company profile views
• Feed refresh actions
• Onboarding progress (steps started, topics selected, role selected, completion status)
• Session information and app launch events

Anonymous Subscription Identifiers

An anonymous user identifier generated by our subscription management provider (RevenueCat) to verify your subscription status. This identifier is not linked to your name, email, or any other personally identifiable information.

2.2 Information You Provide Voluntarily

User Preferences (Stored Locally)

Topics of interest you select during onboarding (e.g., AI, Fintech, Healthcare, Climate, E-Commerce, SaaS) and your self-identified role (e.g., Founder, Investor, Operator, Enthusiast). These preferences are stored locally on your device using on-device storage and are not transmitted to our servers.

Story Feedback

If you report an issue with a story, we collect the type of feedback (e.g., inaccurate, outdated, poor quality, broken links), any optional message you provide, the associated story identifier, and an anonymous device identifier.

2.3 Information We Do NOT Collect

We want to be transparent about the data we do not collect:

• Names, email addresses, or phone numbers — The App does not require account registration for end users, and we do not collect any personal contact information.
• Location data — We do not collect GPS coordinates, precise location, or coarse location data.
• Financial or payment information — All subscription payments are processed entirely by the Apple App Store or Google Play Store. We never receive, process, or store your credit card numbers, bank account details, or other payment information.
• Photos, contacts, or other device data — We do not access your camera, photo library, contacts, calendar, or any other personal data stored on your device.
• Advertising identifiers (IDFA/GAID) — We do not collect or use advertising identifiers. The App does not serve advertisements.
• Biometric data — We do not collect fingerprints, facial recognition data, or any other biometric information.
• Health, fitness, or sensitive personal data — We do not collect any health, fitness, genetic, racial, ethnic, political, religious, sexual orientation, or other sensitive personal information.
• Social media account information — The App does not include social login or any integration with social media platforms.

3. How We Use Your Information

We use the information we collect for the following purposes:

(a) To Provide and Maintain the Services

• Deliver news content and company profiles to you
• Process and manage your subscription status
• Send push notifications about new stories (if you have opted in)
• Display your saved bookmarks and preferences

(b) To Improve the Services

• Analyze usage patterns to understand how users interact with the App
• Identify popular content, features, and story types
• Monitor and improve App performance, stability, and reliability
• Identify and fix bugs and technical issues
• Inform editorial and product decisions

(c) To Respond to User Feedback

• Review and address reported content issues
• Improve content quality based on user feedback

(d) To Protect the Services

• Detect, investigate, and prevent fraudulent, unauthorized, or illegal activity
• Enforce our Terms of Service
• Protect the rights, property, and safety of our users and the Company

(e) To Comply with Legal Obligations

• Respond to lawful requests from public authorities, including law enforcement
• Comply with applicable laws, regulations, and legal processes

4. Legal Bases for Processing (EEA, UK, and Similar Jurisdictions)

If you are located in the European Economic Area ("EEA"), the United Kingdom ("UK"), or another jurisdiction that requires a legal basis for processing personal data, we rely on the following:

• Legitimate Interests: Analytics and usage data collection to improve the App; detecting and preventing fraud; ensuring App security and stability
• Performance of a Contract: Providing the Services as described in our Terms of Service; managing subscriptions; delivering push notifications you have opted into
• Consent: Sending push notifications (you grant explicit permission through your device's notification settings); collecting and processing story feedback you voluntarily submit
• Legal Obligation: Responding to lawful requests from authorities; complying with applicable data protection laws

Where we rely on consent, you may withdraw it at any time (see Section 9). Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal.

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We share information only in the following limited circumstances:

5.1 Service Providers

We work with third-party service providers who assist us in operating the App and delivering the Services. These providers process data on our behalf and are contractually obligated to use your information only for the purposes we specify.

• Supabase: Cloud infrastructure, database, serverless functions — Push notification tokens, story feedback, anonymous device identifiers
• PostHog: Product analytics and error tracking — Usage events, device information, anonymous identifiers
• RevenueCat: Subscription management and entitlement verification — Anonymous user identifier, subscription status, platform
• Expo (EAS): Push notification delivery, over-the-air updates — Push notification tokens, device platform
• Logo.dev: Company logo delivery — No user data (logos fetched by URL)
• Perplexity AI: AI content generation (news discovery and summarization) — No user data (used solely for content creation on our servers)

5.2 App Store Providers

Your subscription is managed through Apple Inc. (App Store) or Google LLC (Google Play). These providers collect and process payment information directly. We do not receive your payment details. Please refer to Apple's and Google's respective privacy policies for information on how they handle your data.

5.3 Legal Requirements and Protection

We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with a legal obligation, protect and defend the rights or property of the Company, prevent or investigate possible wrongdoing, protect the personal safety of users or the public, or protect against legal liability.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, dissolution, or other sale or transfer of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via a prominent notice within the App of any change in ownership or use of your information.

5.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for analytics, research, business, or other purposes.

6. Data Storage and Security

6.1 Where Your Data Is Stored

Information collected through the App is stored on servers operated by our service providers, primarily located in the United States. If you are accessing the App from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities.

For transfers of personal data from the EEA or UK to countries not deemed to provide an adequate level of data protection, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission or UK equivalent.

6.2 On-Device Storage

Certain data is stored locally on your device and is never transmitted to our servers:

• User preferences (topics and role selections)
• Bookmarked stories
• Cached news content (for offline viewing)
• Onboarding completion status
• App launch count

This data remains on your device and is deleted when you uninstall the App or clear the App's data.

6.3 Security Measures

We implement commercially reasonable administrative, technical, and physical security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL)
• Row-level security on database tables
• Access controls and authentication for internal systems
• Regular security reviews of our infrastructure

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee its absolute security.

7. Data Retention

We retain your information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Push notification tokens: Until the token becomes invalid (e.g., app uninstalled, token expires, or device no longer registered)
• Story feedback: Up to 2 years from submission, or until the feedback is no longer needed for content improvement
• Analytics data (PostHog): In accordance with PostHog's data retention settings, typically up to 1 year
• Subscription data (RevenueCat): For the duration of your subscription plus a reasonable period for record-keeping
• On-device data: Until you uninstall the App or clear App data

After the applicable retention period, your information is deleted or anonymized so that it can no longer be used to identify you.

8. Children's Privacy

The App is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information as promptly as possible.

If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us at support@camellia.studio so that we can take appropriate action.

9. Your Rights and Choices

9.1 All Users

Regardless of your location, you have the following choices:

• Push Notifications: You may opt in or out of push notifications at any time through your device's system settings.
• Uninstall: You may stop all data collection by uninstalling the App from your device. All locally stored data will be deleted upon uninstallation.
• Feedback: You may choose not to submit story feedback. Any feedback you do submit is voluntary.

9.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You have the right to request that we delete the personal information we have collected about you, subject to certain exceptions.
• Right to Correct: You have the right to request that we correct any inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your rights, please contact us at support@camellia.studio. We will verify your identity before processing your request.

9.3 Residents of the European Economic Area and United Kingdom

If you are located in the EEA or UK, you have the following rights under the General Data Protection Regulation ("GDPR") and UK GDPR:

• Right of Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
• Right to Erasure ("Right to Be Forgotten"): You have the right to request deletion of your personal data where there is no compelling reason for its continued processing.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis.
• Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the EU or UK member state where you reside, work, or where the alleged infringement occurred.

To exercise any of these rights, please contact us at support@camellia.studio. We will respond to your request within one (1) month, as required by applicable law.

10. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. As the App is a mobile application and does not operate in a web browser environment, DNT signals are not applicable. However, we do not track users across third-party websites or services for advertising purposes.

We honor the Global Privacy Control (GPC) signal where applicable by law.

11. Third-Party Links and Services

The App may contain links to third-party websites and services, including news source URLs referenced in stories and company websites. These links are provided for your convenience and informational purposes only. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.

We strongly advise you to review the privacy policy of every third-party website or service you visit or interact with.

12. AI-Generated Content and Data Processing

The App uses artificial intelligence technologies, including third-party AI services, to generate news content, summaries, and company information. It is important to understand the following about AI processing in relation to your privacy:

• No User Data in AI Processing: Our AI content generation pipeline does not use any user data as input. The AI systems process publicly available news information to create content. Your personal information, usage data, and preferences are never fed into AI models.
• No AI Training on User Data: We do not use your personal information, usage data, feedback, or any other data collected from you to train, fine-tune, or improve any AI or machine learning models.
• Content Generation: AI-generated content is based on publicly available information from news sources and public company data. The generation process occurs on our servers and does not involve any user-specific data.

13. Notification of Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this Privacy Policy;
• Provide notice through a prominent disclosure within the App;
• Where required by applicable law, obtain your consent to material changes.

We encourage you to review this Privacy Policy periodically. Your continued use of the App after the posting of changes constitutes your acceptance of such changes.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Camellia Studio
Email: support@camellia.studio

For data protection inquiries specifically, you may also reach us at: privacy@camellia.studio

If you are located in the EEA or UK, you have the right to lodge a complaint with your local data protection supervisory authority. However, we would appreciate the opportunity to address your concerns before you approach a supervisory authority, so please contact us first.

15. Summary of Data Practices

For your convenience, the following summarizes our key data practices:

This Privacy Policy was last updated on February 15, 2026.