Legal

GDPR

Last updated: April 2026

Vela is committed to full compliance with the General Data Protection Regulation (GDPR). This page explains your rights under GDPR and how we handle your personal data.

Lawful basis for processing

We process your personal data under the following lawful bases:

• Contract: Processing necessary to provide the Vela service you have signed up for
• Legitimate interests: Product analytics and security monitoring to maintain and improve the service
• Consent: Marketing communications (you can withdraw consent at any time)

Your rights under GDPR

• Right of access: Request a copy of all personal data we hold about you
• Right to rectification: Request correction of inaccurate personal data
• Right to erasure: Request deletion of your personal data ("right to be forgotten")
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to restrict processing: Request that we limit how we use your data in certain circumstances
• Right to object: Object to processing based on legitimate interests

How to exercise your rights

To exercise any of the above rights, contact us at gdpr@vela.fit. We will respond within 30 days. For account deletion, you can also do this directly within the app under Profile → Settings.

Data transfers

Vela stores data in Supabase infrastructure located in the EU (eu-west-1, Ireland). Where we use third-party processors outside the EU, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent).

Data Protection Officer

For GDPR-specific enquiries: gdpr@vela.fit

Vela is operated as a UK/EU service. This document reflects our obligations under UK GDPR and EU GDPR as applicable.