Privacy Policy

Last updated: May 16, 2026

Vely Stealth is built on a simple principle: Your location data never leaves your device. This privacy policy explains how we handle your information and protect your rights.

1. Introduction

Vely Stealth ("the App," "we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains our data practices for the iOS application and any related services.

We operate on a local-first, privacy-first architecture. Your sensitive data—location logs, trip histories, receipt photos, and passport metadata—are encrypted on your device using SwiftData and never transmitted to our servers without your explicit action.

2. Data We Collect

2.1 Location Data

Significant Location Changes: We use Apple's Significant Location Change API to detect border crossings and country/region changes. This data is collected passively in the background.
Cellular Country Code (MCC): When your device switches cellular networks, we log the Mobile Country Code to infer country transitions.
Manual Corrections: You can manually adjust or correct location records if automatic detection misses a border crossing (e.g., ferry travel, VPN usage).
Storage: All location data is stored locally on your device in an encrypted SwiftData database. No location history is sent to Vely Stealth servers.

2.2 Trip and Compliance Data

Trip Logs: Entry dates, exit dates, country/jurisdiction, and calculated day counts for tax residency compliance.
Visa Information: Visa type, expiration dates, and visa category (Digital Nomad, Tourist, Residency, etc.)—entered manually by you.
Personal Profile: Your nationality, tax home country, and citizenship status—used for compliance rule calculations.
Storage: All trip data is encrypted locally on your device.

2.3 Receipt and Evidence Vault

Photo Upload: You can voluntarily upload photos of boarding passes, passport stamps, receipts, and invoices to the Evidence Vault for audit purposes.
OCR Processing: We use on-device Vision OCR to extract text from photos (merchant name, date, location). No photos leave your device.
Hashing: Photos are cryptographically hashed (SHA-256) and linked to trip records for tamper-evidence. The hash, not the image, is signed.

2.4 Vely AI Assistant (Optional)

Prompt Submission: When you use the Vely AI feature to ask compliance questions (e.g., "What is the FEIE rule for US citizens in Portugal?"), your question and relevant trip context are sent to OpenAI's API via a secure proxy.
Proxy Processing: Your prompt is anonymized before transmission. We do not log your identity alongside your question.
OpenAI Terms: OpenAI's own privacy policy and data retention terms apply to prompts you submit. Review openai.com/privacy for details.
Opt-In Only: Using Vely AI is entirely optional. You can use all core features of the App without ever submitting a prompt.

3. How We Use Your Data

Compliance Tracking: To calculate your tax residency status, Schengen 90/180 rolling window, and visa compliance alerts.
Audit Reports: To generate PDF audit reports with your trip logs and evidence for submission to tax authorities.
Alerts & Notifications: To notify you of approaching 183-day limits, Schengen overstay risks, visa expiration, and insurance coverage gaps.
App Improvement: To identify crashes, performance issues, and feature usage patterns (anonymized, aggregated data only).

4. Data We Do NOT Collect or Share

❌ No Account Registration: Vely Stealth does not require a login, username, or password. No account database exists.
❌ No Cloud Backup: Your trip logs and location data are not backed up to iCloud or any cloud service.
❌ No Third-Party Tracking: We do not use cookies, analytics trackers, or ad networks to track your behavior.
❌ No Data Sales: We never sell, rent, or lease your personal data to advertisers, data brokers, or other companies.
❌ No Location History Shared: Your location data is never shared with tax authorities, governments, or corporations—even with a subpoena or court order (absent extraordinary legal compulsion).

5. Data Security

On-Device Encryption: All sensitive data (location logs, trip records, photos) are encrypted using iOS's native CryptoKit framework.
SwiftData: Trip and compliance data use SwiftData's built-in encryption at rest.
Biometric Lock: PDF exports of audit reports are cryptographically signed using a key bound to your device's FaceID or TouchID.
No Network Transmission: Your data does not leave your device except when you explicitly request an AI query or export an audit report.

6. Data Retention

Local Storage: Your trip logs and location data remain on your device indefinitely until you delete them manually or uninstall the App.
Evidence Vault Photos: Photos in your vault are stored locally on your device and are never automatically deleted.
AI Query Logs: Prompts submitted to Vely AI may be retained by OpenAI according to their data retention policy (typically 30 days for API non-abuse purposes). We do not retain copies.
Audit Reports: PDF exports are generated on-device and stored in your device's file system or email. We do not retain copies on our servers.

7. Your Rights (GDPR & CCPA)

7.1 GDPR (EU Users)

If you are in the EU, you have the following rights:

Right to Access: You can export all your trip data, location logs, and evidence from the App at any time.
Right to Deletion: You can delete individual trips, photos, or all data by uninstalling the App or using the in-app deletion tools.
Right to Rectification: You can edit trip dates, locations, and personal profile information directly in the App.
Right to Data Portability: You can export your trip logs and audit reports in PDF format.

To exercise these rights, contact us at: hello@virtusop.us

7.2 CCPA (California Users)

If you are in California, you have the following rights:

Right to Know: You can request what personal information we collect about you.
Right to Delete: You can request deletion of your data by uninstalling the App or contacting us.
Right to Opt-Out: Since we don't collect data for sale or use third-party analytics, there is no "sale" of data to opt out of.

To exercise these rights, contact us at: hello@virtusop.us

8. Children's Privacy

Vely Stealth is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information and terminate the child's use of the App.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this page. Continued use of the App constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: hello@virtusop.us
Website: https://virtusop.us

11. Disclaimer

Vely Stealth is an administrative tool designed to help you track your location and calculate tax residency status. It is not a substitute for professional tax or legal advice. Always consult with a qualified tax accountant or immigration attorney before making decisions based on Vely Stealth's outputs.