Privacy Policy - Voleri

Last Updated: February 10, 2026
Effective Date: February 10, 2026

Languages: 🇬🇧 English | 🇵🇹 Português (use the toggle in the top bar to switch)

📱 About This Policy

This Privacy Policy explains how Voleri collects, uses, and protects your personal data when you use our life management application.

Your Privacy Matters: We are committed to protecting your privacy and being transparent about our data practices. Privacy, transparency, and user control are core to everything we build.

Alpha Testing Notice: Voleri is currently in public alpha testing. This policy will be updated as we introduce new features. We'll notify you of material changes.

🏢 Who We Are (Data Controller)

Legal Entity: Pedro Belchior Barreira - Empresário em Nome Individual
Business Name: Voleri
NIF (Portuguese Tax ID): 252616120
Registered Address: Rua Cimo de Vila, Número 214, 4480-777 Vila do Conde, Portugal

Contact Information:
Privacy Questions: hello@voleri.app
General Support: support@voleri.app
Data Protection Inquiries: hello@voleri.app

We are the data controller for the personal data you provide when using Voleri.

📊 What Data We Collect

Account Information

When you sign up for Voleri using Google Sign-In, we collect:

• Email address
• Google profile information (name, profile picture - displayed with your permission)
• Account creation date
• User ID (generated by our system)

User-Generated Content

We store the data you create in Voleri to provide the service:

📅 Planner Module:

• Tasks, events, and notes
• Due dates and time estimates
• Calendar entries
• Daily, weekly, and yearly planning

😌 Wellness Module:

• Mood entries (mood score, energy level, stress level, notes)
• Sleep logs (start/end time, sleep quality, notes)
• Habit tracking (habit completions and streaks)

🍎 Nutrition Module:

• Meal logs and food items
• Calorie and macro data
• Meal plans
• Hydration tracking
• Grocery lists

💰 Finance Module:

• Transaction records (amounts, categories, dates)
• Budget information
• Savings goals
• Expense categories

Usage Data (Only if You Opt-In to Analytics)

If you enable analytics in Settings → Privacy, we collect:

• Pages and modules you visit
• Features you use
• Time spent in app
• Navigation patterns
• Device type and browser information
• Country-level location (via IP address, anonymized)
• Session duration and frequency

Analytics Tools We Use:

• PostHog (privacy-friendly, EU-hosted) - anonymized product analytics [INSIDE APP ONLY]
• Google Analytics 4 (optional) - web analytics [LANDING PAGE ONLY]

⚠️ Important Distinction:

• Landing Page (voleri.app): Google Analytics 4 tracks anonymous visitors
• Inside the App (after login): Only PostHog tracks your app usage (if you opt-in)
• No advertising pixels inside the app - your in-app activity is NEVER shared with advertisers

Advertising & Conversion Data (Only if You Opt-In to Marketing)

If you enable marketing cookies when visiting our landing page, we collect:

• Page views and conversion events (signups, app installs)
• Ad clicks and campaign source
• Device and browser info
• Approximate location (country/city level)

Advertising Pixels We Use:

• Meta Pixel (Facebook/Instagram Ads) - conversion tracking, retargeting [LANDING PAGE ONLY]
• TikTok Pixel (TikTok Ads) - conversion tracking, retargeting [LANDING PAGE ONLY]
• X Pixel (X/Twitter Ads) - conversion tracking, retargeting [LANDING PAGE ONLY]

⚠️ Important Distinction:

• Landing Page (voleri.app): Advertising pixels track conversions from ads
• Inside the App (after login): NO advertising pixels - we don't track your in-app activity for ads
• Your privacy inside the app: What you do in Voleri (tasks, meals, mood, habits) is NEVER shared with Meta, TikTok, X, or any advertisers

Important: Advertising data is ONLY collected on our public landing page to measure ad effectiveness. Once you're logged into the app, we do NOT use advertising pixels. You can opt-out anytime via the cookie consent banner on the landing page.

Technical Data (Essential for Service)

To provide secure access and protect your account:

• IP address (for security and authentication)
• Browser type and version
• Device information (type, operating system)
• Cookies and session tokens (for authentication)

Feedback & Support Data

When you submit feedback or contact support:

• Your feedback message and type
• Bug reports and error logs
• Support correspondence
• Diagnostic information (with your consent)

We DO NOT Collect:

• ❌ Payment card information (handled by Stripe — we never store card details)
• ❌ Precise geolocation data
• ❌ Health records from other apps
• ❌ Your contacts or photos (unless you explicitly attach to feedback)
• ❌ Biometric data
• ❌ Data from other apps on your device

⚖️ Legal Basis for Processing (GDPR Article 6)

Under GDPR, we process your personal data based on:

1. Consent (Article 6(1)(a)):

• When you sign up and accept our Terms & Privacy Policy
• When you opt-in to product analytics (default: OFF)
• When you submit feedback
• You can withdraw consent anytime in Settings

2. Contract Performance (Article 6(1)(b)):

• To provide the Voleri service you signed up for
• To sync your data across devices
• To enable core features (planning, tracking, analytics dashboards)

3. Legitimate Interest (Article 6(1)(f)):

• To improve service quality and fix bugs
• To prevent fraud and ensure security
• To analyze anonymized usage patterns (if opted in)
• Your rights and interests are not overridden by these purposes

4. Legal Obligation (Article 6(1)(c)):

• To comply with tax and accounting laws (invoicing, SAF-T reporting)
• To respond to valid legal requests

⚕️ Special Category Data - Explicit Consent (GDPR Article 9)

When you activate the Wellness module, we ask for your explicit, separate consent to process health-related data:

• Mood entries - emotional state, energy level, stress level
• Sleep logs - sleep times, quality ratings
• Habit tracking - daily habits and completion records

This data is classified as "special category data" under GDPR Article 9 because it relates to your health and well-being.

This consent is:

• Freely given: You can use Voleri without the Wellness module. Other modules (Planner, Nutrition, Finance) work independently.
• Specific: Covers only Wellness module health data, not other parts of Voleri.
• Informed: You understand exactly what data is collected and why before consenting.
• Unambiguous: Requires affirmative action (checking a checkbox and clicking "I Consent").
• Withdrawable: You can withdraw consent anytime in Settings → Privacy → Wellness Data Consent.

If you withdraw consent:

• Your Wellness data will be permanently deleted within 30 days
• The Wellness module will be locked until you provide consent again
• Other modules (Planner, Nutrition, Finance) are not affected
• You can re-activate Wellness later by providing consent again

Why we need explicit consent:

Under GDPR Article 9, processing health data requires one of the specific exemptions. We rely on:

Article 9(2)(a): "the data subject has given explicit consent to the processing of those personal data for one or more specified purposes"

This ensures you have full control over your sensitive health information.

🎯 How We Use Your Data

To Provide the Service:

• Store and sync your data across devices
• Display your tasks, meals, habits, mood logs, and transactions
• Calculate analytics and insights within each module
• Enable features like onboarding, module activation, and data export

To Improve Voleri (If You Opt-In to Analytics):

• Understand which features are most valuable
• Identify and fix bugs
• Optimize app performance
• Develop new features based on usage patterns
• We NEVER look at your personal content (task titles, meal details, mood notes, etc.)

To Communicate With You:

• Send transactional emails (account deletion confirmation, data export links)
• Respond to support requests and feedback
• Notify you about important service changes or security issues
• Send optional product updates (only if you subscribe to our newsletter)

To Process Payments:

• Process subscription payments via Stripe
• Generate invoices and receipts (Portuguese legal requirement)
• Manage billing, refunds, and cancellations

We Do NOT:

• ❌ Sell your data to third parties
• ❌ Use your personal content for advertising
• ❌ Share data with advertisers
• ❌ Train AI models on your personal data
• ❌ Track you across other websites

🔒 How We Store & Protect Your Data

Where Data is Stored:

• Infrastructure: Hosted on Supabase (PostgreSQL database)
• Location: EU data centers (GDPR compliant)
• Backups: Automated daily backups, encrypted at rest

Security Measures:

• ✅ Encryption in transit (HTTPS/TLS)
• ✅ Encryption at rest (database encryption)
• ✅ Secure authentication (OAuth 2.0 via Google)
• ✅ Row-level security (RLS) policies - users can only access their own data
• ✅ Regular security monitoring
• ✅ Access controls (only authorized personnel can access infrastructure)

Data Retention:

We only retain your personal data for as long as necessary for the purposes described in this policy. Here are our detailed retention periods and legal justifications:

User-Generated Content (Tasks, Meals, Habits, Mood, Sleep, etc.):

• Retention: While your account is active
• Justification: Contract performance (Article 6(1)(b)) - necessary to provide the Voleri service
• Deletion: Permanently deleted within 30 days after account deletion
• Grace Period: 30-day window allows recovery from accidental deletion

Support Correspondence & Feedback:

• Retention: 2 years from last contact
• Justification: Legitimate interest (Article 6(1)(f)) - customer service quality and product improvement
• Deletion: Automatic after 2 years of inactivity

Feedback Submissions:

• Retention: Personal identifiers anonymized after 12 months
• Justification: Legitimate interest - product improvement while protecting privacy
• What remains: Aggregated, anonymized feedback data (no personal identifiers)

Error Logs & Diagnostic Data:

• Retention: 90 days (rolling window)
• Justification: Legitimate interest - security monitoring, debugging, and system stability
• Deletion: Automatic rolling deletion after 90 days

Analytics Data (If You Opt-In):

• Retention: 12 months, then anonymized
• Justification: Consent (Article 6(1)(a)) - you control this via Settings
• Anonymization: Personal identifiers removed after 12 months, aggregate data retained

Backups:

• Retention: Deleted data removed from backups within 90 days
• Justification: Technical necessity for disaster recovery
• Note: Backups are encrypted and not used for any other purpose

Invoices & Payment Records:

• Retention: 10 years
• Justification: Legal obligation (Portuguese tax law - Article 6(1)(c))
• Legal Requirement: Portuguese businesses must retain invoices for tax compliance
• Deletion: After 10 years, unless involved in legal dispute

Wellness Data After Consent Withdrawal:

• Retention: 30 days after consent withdrawal
• Justification: GDPR "right to be forgotten" grace period
• Deletion: Automatic deletion via scheduled database job
• Notification: You're warned about this 30-day timeline when withdrawing consent

Your Responsibility:

• Keep your Google account secure (use strong password, 2FA)
• Sign out on shared devices
• Protect your device with lock screen/biometrics

🚨 Data Breach Procedures (GDPR Article 33)

We have comprehensive procedures in place to detect, respond to, and notify you of any data breaches that may affect your personal information.

In the Event of a Data Breach:

1. Detection & Assessment:

• We monitor our systems continuously for security incidents
• Upon detecting a potential breach, we immediately assess the scope and impact
• We determine within 24 hours whether it qualifies as a "personal data breach" under GDPR

2. Notification to Authorities:

• We will notify the CNPD (Portuguese Data Protection Authority) within 72 hours of becoming aware of the breach
• Notification includes: nature of breach, categories and estimated numbers of affected users, likely consequences, and mitigation measures taken
• CNPD Contact: https://www.cnpd.pt | geral@cnpd.pt | +351 21 392 84 00

3. Notification to You:

• If the breach poses high risk to your rights and freedoms, we will notify you directly via email
• You'll receive clear information about: what data was affected, what happened, potential consequences, and steps you should take
• Timeline: Without undue delay (as soon as we have confirmed details)

4. Remediation & Prevention:

• We take immediate action to contain and remediate the breach
• We investigate the root cause thoroughly
• We implement additional security measures to prevent similar incidents
• We document the entire incident for regulatory compliance and future prevention

If You Suspect Unauthorized Access:

Contact us immediately:

• Email: hello@voleri.app (monitored 24/7 for security issues)
• Subject line: "Security Incident - Urgent"
• Include: Your account email, when you noticed the issue, and any suspicious activity

Immediate steps you can take:

1. Change your Google account password
2. Enable 2-factor authentication on your Google account
3. Sign out from all devices in Settings → Account
4. Review your recent wellness/planner/finance data for unauthorized changes

Our Commitment:

• ✅ Transparency: We will be honest and clear about what happened
• ✅ Timeliness: We will notify you promptly, within legal deadlines
• ✅ Accountability: We take full responsibility for protecting your data
• ✅ Prevention: Every incident makes our security stronger
• ✅ Support: We're here to help you understand and respond to any security concerns

No breach is too small to report. If you notice anything suspicious, contact us. We'd rather investigate a false alarm than miss a real security issue.

🤝 Who We Share Your Data With

We DO NOT sell your data. Period.

Service Providers We Use:

1. Supabase (Database & Infrastructure):

• Purpose: Store and sync your data
• Location: EU data centers
• Safeguards: Data Processing Agreement (DPA), encryption, GDPR compliance
• Privacy Policy: https://supabase.com/privacy

2. Google (Authentication):

• Purpose: Sign-in via Google OAuth
• Data shared: Email, name, profile picture (you control via Google account settings)
• Privacy Policy: https://policies.google.com/privacy

3. PostHog (Analytics - Only if You Opt-In):

• Purpose: Product analytics to improve Voleri
• Data shared: Anonymized usage patterns (no personal content)
• Location: EU data centers
• GDPR Compliance: Yes
• Privacy Policy: https://posthog.com/privacy

4. Google LLC (Web Analytics - Only if You Opt-In):

• Purpose: Web analytics for landing page via Google Analytics 4 (GA4)
• Data shared: Page views, traffic sources, anonymized usage data
• Location: USA (covered by EU-US Data Privacy Framework + Standard Contractual Clauses)
• GDPR Compliance: Yes
• Privacy Policy: https://policies.google.com/privacy
• Your Control: Opt-in required (Settings → Privacy → Analytics)

5. Meta Platforms Inc. (Advertising Pixels - Only if You Opt-In to Marketing):

• Purpose: Ad conversion tracking, retargeting, campaign optimization
• Data shared: Page views, conversion events, device info, IP address, browser data
• Where: LANDING PAGE ONLY - Meta Pixel does NOT track you inside the app
• What we DON'T share: Your in-app activity (tasks, meals, mood, habits, transactions, etc.)
• Location: USA (covered by EU-US Data Privacy Framework + Standard Contractual Clauses)
• GDPR Compliance: Yes (Data Processing Agreement signed)
• Privacy Policy: https://www.facebook.com/privacy/policy/
• Your Control: Opt-in required (Settings → Privacy → Marketing)
• Important: Meta may combine landing page data with your Facebook/Instagram account if you're logged in
• Note: Meta has received GDPR fines in the past; we use Standard Contractual Clauses for data transfers

6. TikTok (ByteDance) (Advertising Pixels - Only if You Opt-In to Marketing):

• Purpose: Ad conversion tracking, retargeting, campaign optimization
• Data shared: Page views, conversion events, device info, IP address, browser data
• Where: LANDING PAGE ONLY - TikTok Pixel does NOT track you inside the app
• What we DON'T share: Your in-app activity (tasks, meals, mood, habits, transactions, etc.)
• Location: Singapore/USA (with EU data centers available, Standard Contractual Clauses)
• GDPR Compliance: Yes (Data Processing Agreement signed)
• Privacy Policy: https://www.tiktok.com/legal/privacy-policy
• Your Control: Opt-in required (Settings → Privacy → Marketing)
• Important: TikTok may use landing page data for ad targeting across TikTok platform

7. Stripe (Payment Processor):

• Purpose: Process subscription payments
• Data shared: Billing information (NOT stored by us)
• Compliance: PCI-DSS certified
• Privacy Policy: https://stripe.com/privacy
• Important: We do NOT store your credit card details

When We May Disclose Data:

• Legal obligations: If required by law, court order, or valid government request
• Safety: To protect rights, property, or safety of Voleri, users, or the public
• Business transfers: In case of merger, acquisition, or sale (with advance notice to you)

International Transfers:

Data Outside EU: Some service providers are located outside the European Union:

Meta Platforms Inc. (USA):

• Safeguards: EU-US Data Privacy Framework + Standard Contractual Clauses (SCCs)
• GDPR Compliance: Meta is certified under EU-US Data Privacy Framework
• Your Control: Opt-in only for marketing cookies
• Note: Meta has received GDPR fines in the past; we use all available safeguards

TikTok / ByteDance (Singapore/USA):

• Safeguards: Standard Contractual Clauses (SCCs)
• GDPR Compliance: TikTok maintains EU data centers and complies with SCCs
• Your Control: Opt-in only for marketing cookies

Google LLC (USA):

• Safeguards: EU-US Data Privacy Framework + Standard Contractual Clauses (SCCs)
• GDPR Compliance: Google is certified under EU-US Data Privacy Framework
• Your Control: Opt-in only for analytics/marketing

Your Rights:

• You can request a copy of safeguards at hello@voleri.app
• You can object to international transfers (opt-out of analytics/marketing)
• EU data centers used whenever possible (Supabase, PostHog)

🛡️ Your Rights Under GDPR (Articles 15-22)

As an EU citizen, you have the following rights:

1. Right of Access (Article 15)

Request a copy of your personal data

• How: Settings → Privacy → Export My Data (instant JSON download)
• Response time: Immediate via in-app export

2. Right to Rectification (Article 16)

Correct inaccurate or incomplete data

• How: Edit directly in the app, or contact hello@voleri.app
• Response time: Updates are immediate in-app

3. Right to Erasure (Article 17) - "Right to be Forgotten"

Request deletion of your data

• How: Settings → Account → Delete Account
• What happens: All your data is permanently deleted within 30 days
• Note: Some data may be retained for legal obligations (e.g., invoices for taxes)

4. Right to Data Portability (Article 20 GDPR + EU Data Act 2023/2854)

Export your data in machine-readable format

• How: Settings → Privacy → Export My Data
• Format: JSON (can be used in other applications)
• What's included: All your tasks, meals, habits, mood logs, transactions, etc.
• EU Data Act: Under Regulation 2023/2854 (effective September 2025), you also have the right to data portability at no cost, with no exit fees, and no minimum notice period required to terminate your account. Portability requests are fulfilled within 30 days.

5. Right to Object (Article 21)

Object to certain processing activities

• How: Opt-out of analytics in Settings → Privacy
• Effect: We stop processing your data for analytics purposes

6. Right to Restrict Processing (Article 18)

Limit how we process your data

• How: Contact hello@voleri.app with your request
• We'll respond: Within 30 days

7. Right to Withdraw Consent (Article 7)

Withdraw consent for analytics or communications

• How: Toggle off in Settings → Privacy
• Effect: Immediate - we stop processing based on that consent

Response Time:

• We respond to GDPR requests within 30 days (may extend to 60 days for complex requests with notice)

No Cost:

• Exercising your rights is FREE unless requests are excessive or unfounded

Verification:

• We may ask you to verify your identity for security purposes

📝 Right to Complain (GDPR Article 77)

If you're unhappy with how we handle your data, you have the right to lodge a complaint with the supervisory authority:

🇵🇹 Portugal - CNPD (Comissão Nacional de Proteção de Dados):

• Website: https://www.cnpd.pt
• Email: geral@cnpd.pt
• Address: Av. D. Carlos I, 134, 1º, 1200-651 Lisboa, Portugal
• Phone: +351 21 392 84 00

EU Citizens: You can also complain to your local data protection authority.

We Encourage Contact First: Please contact us at hello@voleri.app before filing a complaint. We want to resolve your concerns directly.

🍪 Cookies & Tracking Technologies

Where We Use Cookies:

🌐 Landing Page (voleri.app - public website):

• Cookie consent banner appears on first visit
• You choose: Decline All / Analytics Only / Accept All
• Marketing cookies (Meta Pixel, TikTok Pixel, X Pixel) only load if you click "Accept All"
• Analytics cookies (PostHog, Google Analytics 4) only load if you click "Analytics Only" or "Accept All"

📱 Inside the App - Two Scenarios:

Scenario 1: You Visited Landing Page First

• NO in-app consent dialog (you already consented on landing page)
• Your landing page choice applies to in-app PostHog
• NO advertising pixels (Meta, TikTok, X) - we don't track you for ads
• Only PostHog analytics (if you chose "Analytics Only" or "Accept All" on landing page)

Scenario 2: You Installed Directly from Google Play Store

• Simple in-app consent dialog appears on first launch
• You choose: No Thanks / Allow Analytics (just for PostHog, no advertising)
• NO advertising pixels - Play Store installs bypass all marketing tracking
• Much simpler than landing page (only PostHog to consent to)

One Privacy Policy, All User Journeys: This Privacy Policy covers the landing page, the app, and Play Store installs. We make it clear where each tracking tool is used.

What Are Cookies?

Small text files stored on your device to enable functionality and remember your preferences.

Cookies We Use:

✅ Essential Cookies (No Consent Needed):

• Authentication: Session tokens to keep you signed in
• Security: CSRF protection tokens
• Preferences: Language selection, module state, theme preference
• Purpose: Enable core service functionality
• Duration: Session or up to 30 days
• Legal basis: Necessary for service (ePrivacy Directive exception)

🎯 Analytics Cookies (Require Your Consent):

• Usage tracking: Pages visited, features used, time spent
• Providers: PostHog (privacy-friendly, EU-hosted), Google Analytics 4 (web only)
• Purpose: Improve app, understand user behavior (anonymized)
• Duration: 12 months
• Your Control: Opt-in required (default: OFF)
• Legal basis: Your explicit consent

📱 Marketing/Advertising Cookies (Require Your Consent):

• Ad tracking: Conversion tracking, retargeting, campaign optimization
• Providers: Meta Pixel (Facebook/Instagram Ads), TikTok Pixel (TikTok Ads), X Pixel (X/Twitter Ads)
• Purpose: Measure ad effectiveness, show relevant ads, retargeting
• Duration: 90 days (Meta), 180 days (TikTok), 30 days (X)
• Your Control: Opt-in required (default: OFF)
• Legal basis: Your explicit consent
• Data Sharing: Yes - shared with Meta Platforms Inc. (USA), TikTok/ByteDance (Singapore/USA), and X Corp. (USA)
• Where Used: LANDING PAGE ONLY (not inside the app after login)
• Important: These companies may use your data for their own advertising purposes

How to Control Cookies:

• In-App: Settings → Privacy → Separate toggles for Analytics and Marketing
• Browser: Configure your browser to block/delete cookies (may affect functionality)
• Withdrawal: Turn off analytics or marketing anytime in Settings

Granular Cookie Control:

On Landing Page (Cookie Banner): You have three consent options when you first visit voleri.app:

1. Decline All: Just essential cookies (authentication, security - site works, no tracking)
2. Analytics Only: Essential + PostHog + GA4 (privacy-friendly web analytics, no advertising)
3. Accept All: Essential + PostHog + GA4 + Meta Pixel + TikTok Pixel + X Pixel (full tracking for ad optimization)

Inside the App (Settings → Privacy): After you sign up and log in, you can control:

• Analytics toggle: PostHog on/off (in-app product analytics)
• Your landing page consent: Already saved from when you visited landing page
• Change anytime: Toggle analytics or marketing cookies on/off

Consent Flows:

Flow 1: Landing Page → App

1. Visit voleri.app (landing page) → Cookie banner appears → Choose preference (3-button: Decline All / Analytics Only / Accept All)
2. Sign up / Log in → Enter app
3. Inside app: No consent dialog (already consented on landing page)
4. Settings → Privacy: Control PostHog + view/change landing page consent

Flow 2: Google Play Store → App

1. Install from Play Store → Open app (first launch)
2. Simple consent dialog appears → Choose preference (2-button: No Thanks / Allow Analytics)
3. NO advertising pixels (Meta, TikTok, X never used for Play Store installs)
4. Settings → Privacy: Control PostHog on/off anytime

Key Difference: Play Store users only consent to PostHog (in-app analytics), never to advertising pixels (Meta, TikTok, X), because they never visited the landing page.

👶 Children's Privacy

Age Requirement: Voleri is NOT intended for children under 16 years old (EU) / 13 years old (rest of world).

Parental Consent: If you are under 16/13, you must have parental/guardian consent to use Voleri.

No Knowing Collection: We do not knowingly collect personal data from children under the age limit.

If We Learn: If we discover we have collected data from a child without proper consent, we will delete it immediately.

Parents/Guardians: If you believe your child has provided us with personal data, contact hello@voleri.app and we will delete it promptly.

⚕️ Health Data & Medical Disclaimer

⚠️ NOT MEDICAL ADVICE

Voleri is for informational and organizational purposes ONLY. The Wellness module is NOT intended to:

• Diagnose, treat, cure, or prevent any disease
• Replace professional medical, psychiatric, or psychological advice
• Be used for medical decision-making
• Monitor critical health conditions
• Serve as a medical device

Consult Healthcare Professionals

Always consult qualified healthcare providers for:

• Medical advice and diagnosis
• Treatment plans and prescriptions
• Nutrition guidance (especially for medical conditions like diabetes, eating disorders)
• Mental health support and therapy
• Sleep disorders and serious wellness concerns

No HIPAA Coverage

Voleri is NOT a HIPAA-covered entity. Do not use this app to store Protected Health Information (PHI) as defined by HIPAA.

No Liability for Health Decisions

We are not responsible for any health decisions, outcomes, or consequences resulting from your use of Voleri's wellness features.

Use at Your Own Risk

Mood tracking, sleep logging, and habit tracking are self-reporting tools, not medical monitoring devices.

Emergency

If you are experiencing a medical or mental health emergency:

• Portugal/EU: Call 112 immediately
• Worldwide: Contact your local emergency services
• Do NOT rely on this app for emergency situations

💳 Subscriptions & Payments

Current Status (Alpha): Access to Voleri requires a paid Founders Program subscription. There is no free tier during alpha.

Current Pricing:

• Founders Program: Required paid subscription to access Voleri, active now via Stripe

Future Pricing (Post-Alpha):

• Premium Subscription(s): Full access to all modules and features
• Pricing: Monthly or annual billing options (pricing TBD)

Payment Processing:

• Handled by Stripe (our payment processor) — active now
• We DO NOT store your payment card information
• Stripe's privacy policy governs payment data: https://stripe.com/privacy
• PCI-DSS compliant processing

Billing Information Collected:

• Name (for invoicing)
• Billing address
• VAT number (if business)
• Payment method (processed by Stripe — not stored by us)

Invoices:

• Provided via email for all payments (Portuguese law requirement)
• Issued using AT-certified invoicing software with ATCUD code and QR code
• Voleri operates under the VAT special exemption regime (Art. 53 CIVA) — invoices show €0 VAT

Cancellation:

• Cancel anytime in Settings → Account → Manage Subscription
• Cancellation takes effect at end of current billing period
• No pro-rated refunds for partial periods

14-Day Right of Withdrawal (EU Consumer Protection):

• EU consumers can cancel within 14 days of purchase for full refund
• No questions asked (EU Directive 2011/83/EU)
• Must request via email: hello@voleri.app
• Digital services exception: By requesting immediate access after purchase, you acknowledge that your right of withdrawal is waived once the service has begun, in accordance with Article 16(m) of Directive 2011/83/EU.

Price Changes:

• We may change subscription prices with 30 days advance notice
• Existing subscribers: Price changes apply at next renewal
• You can cancel before price increase takes effect

Alpha Tester Benefits:

Alpha supporters may receive special benefits (details TBD):

• Preferential pricing
• Extended free trial
• Lifetime discounts

No Surprise Charges:

We will NEVER charge you without:

• Explicit subscription signup
• Clear price disclosure
• Your payment authorization

📱 Mobile Application (Google Play Store)

Install Attribution & Google's Tracking:

What Google Tracks (Not Us): When you install Voleri from Google Play Store, Google automatically tracks:

• App install event
• Install source (organic search, ads, recommendations)
• Device information (Android version, manufacturer, model)
• Your country/region
• App uninstalls

This is Google's tracking, not ours:

• Covered by Google Play Store Terms of Service
• Covered by Google's Privacy Policy
• We see aggregated stats in Google Play Console (e.g., "100 installs from USA")
• We do NOT see your personal information
• You do NOT need to consent to Google's tracking (it's Google's platform, governed by their policies)

What We Track (Requires Your Consent): After you install and open Voleri:

• PostHog analytics (only if you consent via in-app dialog on first launch)
• NO advertising pixels (Meta, TikTok, X never used for Play Store installs)
• NO Google Analytics inside the app (only on landing page)

Play Store Install = Privacy-Friendly Path:

• You bypass all advertising pixels (Meta, TikTok, X, GA4)
• Only PostHog to consent to (privacy-friendly, EU-hosted)
• Simpler consent: Just "No Thanks" or "Allow Analytics"

📱 Mobile Application (Google Play Store) - Permissions

Availability:

• Android App: Available on Google Play Store (Alpha)
• iOS App: Planned for future release

Mobile Permissions:

When you use the Voleri mobile app, we may request:

Android Permissions:

• Internet (Required): To sync data with our servers
• Storage (Optional): To export data locally when you use the export feature
• Notifications (Optional): For habit/task reminders (only if you enable them)
• Camera (Optional, Future): For barcode scanning in nutrition module

Why We Need These:

• Internet: Essential for syncing and real-time updates
• Storage: To save exported files to your device
• Notifications: To send reminders you configure
• Camera: To scan product barcodes (future feature)

You Control Permissions:

• Deny any optional permission in device settings
• App core features work without optional permissions
• Revoke permissions anytime in device settings

Google Play Store Compliance:

• Your use of the mobile app is subject to Google Play Terms of Service
• In-app purchases (future) are processed by Google
• Their privacy policies govern in-app billing

Push Notifications:

• Opt-in only (you must enable)
• Types: Habit reminders, task due notifications, goal nudges
• Frequency: Based on your settings (maximum: daily)
• Control: Disable in app Settings or device settings
• No marketing: We do NOT send promotional notifications without consent

Data Syncing:

• Data syncs between web and mobile automatically
• Requires internet connection
• You may use app offline (limited features)
• Changes sync when reconnected

Updates:

• Automatic updates via Google Play Store (recommended)
• Manual updates available
• Some updates may be mandatory for security

Mobile Data Charges:

• You are responsible for mobile data charges from your carrier
• Use WiFi to minimize data usage
• Estimated data usage: ~5-10 MB per typical session

📊 Analytics & Advertising Tracking (If You Opt-In)

Two Types of Tracking:

1. Analytics (Privacy-Friendly):

• Purpose: Understand how you use Voleri and improve the app
• Tools: PostHog, Google Analytics 4
• Control: Settings → Privacy → Analytics toggle

2. Advertising (Marketing Pixels):

• Purpose: Measure ad effectiveness, retargeting, show relevant ads
• Tools: Meta Pixel, TikTok Pixel, X Pixel
• Control: Settings → Privacy → Marketing toggle

Your Choice:

Both analytics and marketing tracking are opt-in (default: OFF in Settings → Privacy).

You can choose:

• Analytics only (privacy-friendly, no advertising)
• Marketing only (just ad tracking, no product analytics)
• Both (full tracking for best ad optimization)
• Neither (essential cookies only)

What We Track with Analytics (Only if You Enable):

PostHog (Inside the App Only):

• Module usage: Which modules you open (Today, Planner, Nutrition, Wellness, Finance)
• Feature usage: Which features you use (analytics views, onboarding, exports)
• Session data: How long you use the app, how often you return
• Navigation: How you move between pages/modules
• Errors: Crashes, failed requests (to fix bugs)
• Device info: Browser type, device type, screen size (anonymized)
• Approximate location: Country-level only (via IP address)

Google Analytics 4 (Landing Page Only):

• Page views: Which pages on landing page (home, pricing, about)
• Traffic sources: How you found us (search, social, direct)
• Session data: Time on site, bounce rate, pages per session
• Demographics: Approximate age, gender, interests (Google's estimates, not your personal data)
• Device info: Browser, device type, screen size
• Conversion events: Signups, newsletter subscriptions

What We Track with Marketing Pixels (Landing Page Only):

• Page views: Which pages you visit on landing page/website
• Conversion events: Signups, app installs, key actions
• Ad interactions: Which ads you clicked to reach Voleri
• Device info: Browser, device type, operating system
• IP address: For approximate location (Meta/TikTok may use for targeting)
• Campaign source: Which Meta/TikTok ad campaign brought you

⚠️ NEVER Tracked with Marketing Pixels:

• ❌ Your in-app activity (tasks, meals, mood, habits, transactions)
• ❌ Logged-in user behavior inside the app
• ❌ Personal content you create in Voleri
• Marketing pixels ONLY fire on landing page, not inside the app

What We DON'T Track:

• ❌ Your personal content (task titles, meal details, mood notes, etc.)
• ❌ Personally identifiable information (beyond anonymized user ID)
• ❌ Activity outside Voleri (no cross-site tracking beyond ad platforms)
• ❌ Sensitive personal data from the app (wellness data NOT shared with advertisers)

Providers:

Analytics:

• PostHog (https://posthog.com) - GDPR compliant, EU-hosted, privacy-friendly [INSIDE APP ONLY]
• Google Analytics 4 (https://analytics.google.com) - GDPR compliant, EU-US Data Privacy Framework [LANDING PAGE ONLY]

Advertising (Landing Page Only):

• Meta Pixel (https://www.facebook.com/business/tools/meta-pixel) - Meta Platforms Inc. (USA) [LANDING PAGE ONLY]
• TikTok Pixel (https://ads.tiktok.com/help/article/standard-events-parameters) - ByteDance (Singapore/USA) [LANDING PAGE ONLY]
• X Pixel (https://business.x.com/en/help/campaign-measurement-and-analytics/conversion-tracking-for-websites) - X Corp. (USA) [LANDING PAGE ONLY]

Clear Separation:

• Landing page tracking: GA4 + Meta Pixel + TikTok Pixel + X Pixel (to measure ad effectiveness)
• Inside app tracking: PostHog ONLY (privacy-friendly product analytics)
• Your in-app activity is NEVER shared with advertisers

Data Retention:

• Analytics data: 12 months, then anonymized or deleted
• Marketing pixels: 90 days (Meta), 180 days (TikTok), per their policies

Withdraw Anytime:

• Analytics: Settings → Privacy → Analytics toggle (OFF)
• Marketing: Settings → Privacy → Marketing toggle (OFF)
• Past data is anonymized or deleted per provider's policies

Legal Basis:

Your explicit consent (GDPR Article 6(1)(a)).

🔄 Changes to This Privacy Policy

Right to Change:

We may update this Privacy Policy to reflect:

• Changes in our practices
• New features or services
• Legal requirements

How We Notify You:

• Minor changes: Update "Last Updated" date at top of this page
• Material changes: Email notification + in-app notice at least 30 days before changes take effect
• Continued use: Using Voleri after changes = acceptance

Your Options:

• Accept: Continue using Voleri (deemed acceptance)
• Disagree: Delete your account before changes take effect
  • If subscriber (future): Cancel for refund within 30 days

Version History:

Available upon request at hello@voleri.app

Last Updated: February 10, 2026

📞 Contact Us

How to Reach Us:

Privacy Questions: hello@voleri.app
General Support: support@voleri.app
Data Requests (Export, Delete, etc.): hello@voleri.app

Mailing Address:
Pedro Belchior Barreira
Rua Cimo de Vila, Número 214
4480-777 Vila do Conde
Portugal

Response Time: We aim to respond within 2 business days for general inquiries, 30 days for GDPR requests.

🇵🇹 Versão em Português / Portuguese Language Version

This Privacy Policy is available in both English and Portuguese. Use the 🇬🇧 EN / 🇵🇹 PT toggle in the top bar to switch languages.

Para utilizadores portugueses: A versão portuguesa desta Política de Privacidade está disponível através do botão de idioma no topo da página. Em caso de conflito entre as versões, a versão portuguesa prevalece para utilizadores com sede em Portugal.

For Portugal-based users: The Portuguese version is legally binding and governs your use of Voleri.

🔐 Your privacy is our priority. If you have any questions or concerns about this policy, please don't hesitate to contact us at hello@voleri.app.

This Privacy Policy is effective as of January 29, 2026, and governs your use of Voleri during the alpha testing phase and beyond.