Last updated: March 2026
1. Introduction
Velmigo ("we", "us", "our") operates the Velmigo sports platform and mobile application (the "App"). Velmigo is a multi-sport platform that currently supports skiing and snowboarding, with plans to expand to cycling, running, and other sports. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the App. We are committed to protecting your privacy and complying with applicable data protection regulations, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) where applicable.
2. Information We Collect
We collect the following categories of information: Account Information: • Name, email address, and profile photo (provided during registration). • Date of birth, nationality, skill level, and preferred activity locations (optional profile data). • Authentication data via Google Sign-In or Apple Sign-In. Location Data: • GPS coordinates collected during active activity recording (e.g. ski runs, cycling, running). • Venue and resort proximity detection data. • Optional real-time location sharing with other users (controlled by your visibility settings). Usage & Performance Data: • Activity statistics: speed, distance, elevation, duration, and route data. • Achievement progress and leaderboard rankings. • App interaction data: screen views, feature usage, and session duration. • Device information: device model, operating system version, app version. Communications: • Text messages, voice messages, and photos sent through in-app chat. • Walkie-talkie voice transmissions (transmitted in real-time, not stored). Push Notification Tokens: • Device tokens for delivering push notifications (stored per-device). Payment Information: • Subscription status and type. All payment processing is handled by Apple App Store or Google Play Store — we do NOT collect, store, or process payment card numbers, bank details, or billing addresses.
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds: • Contract Performance: processing necessary to provide the App's services (account management, activity tracking, messaging). • Legitimate Interest: analytics to improve the App, fraud prevention, and security. • Consent: location sharing with other users, push notifications, and marketing communications. You may withdraw consent at any time. • Legal Obligation: processing required to comply with applicable laws.
4. How We Use Your Information
We use your information to: • Provide, maintain, and improve the Velmigo service. • Track activities (ski runs, cycling, running, and more) and calculate performance statistics. • Power leaderboards, achievements, streaks, and social features. • Enable communication between users (chat, voice messages, walkie-talkie). • Detect venue and resort proximity and verify visits via GPS. • Manage subscriptions and promotional access codes. • Send push notifications for messages, friend requests, achievements, and walkie-talkie requests (if enabled). • Analyze app usage to improve features and user experience. • Detect and prevent fraud, abuse, and security incidents. • Comply with legal obligations. We do NOT use your data for: • Targeted advertising or ad profiling. • Sale to third-party data brokers. • Automated decision-making that produces legal effects.
5. Location Data — Special Provisions
Location data is central to Velmigo's functionality. We handle it with particular care: • Activity Tracking: GPS coordinates are collected only during active activity recording (e.g. ski runs, cycling, running). Data is stored to calculate statistics and populate leaderboards. • Location Sharing: Real-time location sharing with other users is entirely optional. You control visibility in Settings (options: no one, friends only, or everyone). Default is friends only. • Venue Detection: We use GPS to detect when you are near a partnered venue or resort. • No Background Tracking: We do not continuously track your location in the background when you are not actively recording an activity. • You can disable location services at any time in your device settings. This will prevent activity tracking and venue detection but will not affect messaging or other features.
6. Data Sharing & Disclosure
We do NOT sell, rent, or trade your personal information to third parties. We may share data with: • Other Users: your name, profile photo, activity statistics (on leaderboards), and optionally your location (based on your visibility settings). You control what is shared. • Infrastructure Providers: services that process data on our behalf under strict data processing agreements: — Convex (backend database and serverless functions) — Vercel (web hosting and CDN) — Firebase Cloud Messaging (push notification delivery) — RevenueCat (subscription management) — Apple / Google (authentication and payment processing) — Google Sheets (business analytics and user data reporting) — Trigger.dev (background task processing and data synchronization) — Resend (transactional email delivery, e.g. password resets) • Legal Requirements: we may disclose your data when required by law, subpoena, court order, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others. • Business Transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. You will be notified of any such change.
7. Data Storage, Security & Transfer
Your data is stored using Convex's cloud infrastructure with industry-standard security measures including: • Encryption in transit (TLS/HTTPS). • Encryption at rest. • Access controls and authentication. • Regular security monitoring. Your data may be transferred to and processed in countries outside your country of residence, including the United States. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses). While we take reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
8. Data Retention
• Active Accounts: we retain your data for as long as your account is active and as needed to provide the service. • Automatic Cleanup: location data is automatically deleted after 30 days. Analytics events are deleted after 1 year. System logs are deleted after 90 days. • Account Deletion: if you delete your account (via Settings → Delete Account), we will delete your personal data within 30 days. Some data may be retained longer where required by law or for legitimate business purposes (e.g., fraud prevention). • Messages: when you delete a message "for everyone", it is permanently removed. Messages deleted "for me only" are hidden from your view but remain visible to other participants. • Anonymized Data: aggregated, anonymized data that cannot be used to identify you may be retained indefinitely for analytics and service improvement.
9. Your Rights
Depending on your jurisdiction, you have the following rights regarding your personal data: • Right of Access: request a copy of the personal data we hold about you. • Right to Rectification: request correction of inaccurate or incomplete data. • Right to Erasure ("Right to Be Forgotten"): request deletion of your personal data. • Right to Restrict Processing: request that we limit how we use your data. • Right to Data Portability: receive your data in a structured, machine-readable format. • Right to Object: object to processing based on legitimate interests. • Right to Withdraw Consent: withdraw consent at any time where processing is based on consent. • Right to Lodge a Complaint: file a complaint with your local data protection authority. To exercise any of these rights, contact us at privacy@velmigoapp.com. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.
10. Children's Privacy
Velmigo is not intended for unsupervised use by children under 16. Users under 16 require parental or guardian consent to use the App. During registration, users under 16 must confirm that a parent or guardian has reviewed and approved their use of the App. If we become aware that we have collected data from a child without appropriate consent, we will delete that data promptly. If you believe a child has provided us with personal data without proper consent, please contact us at privacy@velmigoapp.com.
11. Push Notifications
If you grant permission, we send push notifications for: • New chat messages. • Friend requests. • Achievement unlocks and personal bests. • Walkie-talkie requests and incoming transmissions. You can control notification preferences within the App's Settings or through your device's notification settings. You can also mute individual users or conversations within the App, which will suppress push notifications from those sources even when notifications are otherwise enabled. We use Firebase Cloud Messaging (FCM) to deliver push notifications. Your device push token is stored on our servers and is used solely for delivering notifications.
12. Third-Party Services
Velmigo integrates with the following third-party services, each governed by their own privacy policies: • Apple App Store / Google Play Store — payments and subscriptions. • RevenueCat — subscription lifecycle management. • Firebase Cloud Messaging — push notification delivery. • Google Sign-In / Apple Sign-In — authentication. • Convex — backend database and serverless compute. • Vercel — web application hosting. • Google Sheets — business analytics and reporting. • Trigger.dev — background task processing and data synchronization. • Resend — transactional email delivery (e.g. password resets). We encourage you to review the privacy policies of these services. We are not responsible for the data practices of third-party services.
13. Cookies & Local Storage
The App uses browser local storage (IndexedDB and localStorage) to: • Maintain your authentication session. • Store your preferences (language, measurement units, theme). • Queue messages for offline delivery. • Cache run data for offline access. We do NOT use tracking cookies, third-party advertising cookies, or cross-site tracking technologies. We do not participate in ad networks or behavioral advertising.
14. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the CCPA: • Right to Know: what personal information we collect, use, and disclose. • Right to Delete: request deletion of your personal information. • Right to Opt-Out: we do not sell personal information, so this right does not apply. • Right to Non-Discrimination: we will not discriminate against you for exercising your rights. To exercise these rights, contact us at privacy@velmigoapp.com.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated through the App or via email. The "Last updated" date at the top of this policy indicates the most recent revision. Your continued use of the App after changes constitutes acceptance of the revised policy.
16. Data Protection Officer & Contact
For privacy-related questions, data access requests, or concerns: Email: privacy@velmigoapp.com Website: https://www.velmigoapp.com If you are in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.