Scope of this policy
This policy applies to the Verevel mobile app (iOS / Android), the verevel.app website, and any related backend services provided by Verevel (collectively, the "Service").
By downloading, signing up, or using Verevel, you confirm that you have read and agree to this policy. If you do not agree, please stop using the Service.
What we collect
The data we collect falls into three categories:
A. Information you provide
- Account info: when you sign in through a third-party account, we receive your email address, display name and avatar URL.
- Profile (optional): age range and country. You can skip these or change them anytime.
- Saves: the social links you paste or share into Verevel (currently Instagram only — other platforms coming soon) along with your own tags and notes.
- Visit records: the ratings, photos, takes and recommendations you leave on places you have visited.
- Maps and invites: the maps you create, the friends you invite to collaborate, and the shared maps you join.
B. Information collected automatically
- Device & push: device model, OS version, app version, language settings, and (if you grant permission) a push-notification identifier used to deliver notifications to your device.
- Usage logs: sign-in times, feature usage counts, error and crash logs — used to diagnose issues and improve the product.
- Location (only when you allow it): when you use features like "nearby", map positioning, or check in at your current location. We do not track your location in the background.
C. Data derived from external sources
- When you share an Instagram link with Verevel, we use Meta's official public oEmbed endpoint to retrieve the post title and author name, and use AI to extract any place names, addresses and categories mentioned. We do not sign into your social accounts, scrape pages, fetch private content, store the original caption text, or cache images / videos — only the parsed location data (name, coordinates, category) plus the source URL (kept solely for attribution back to the creator). The raw caption is passed to the AI in-memory and discarded immediately after parsing.
- For places you save, we use third-party geographic services to enrich them with public information such as coordinates, addresses and categories.
How we use your data
We use your data only for the following purposes:
- Provide core features: parsing posts, generating map pins, saving places, planning trips, sharing maps.
- Personalize your experience: recommending similar places based on your saves, or computing the credibility score for KOL recommendations.
- Compute the KOL Credibility Score using aggregated, de-identified visit and rating data.
- Send notifications: when a friend joins your map, when a new visit is logged, or when a reminder you set up is due.
- Operate the service: detect abuse, prevent fraud, fix errors, run performance analytics.
- Comply with legal obligations, including responses to lawful requests from authorities.
We do not use your personal data for ad targeting, and we do not sell your saves to third parties.
Categories of service providers we use
To run the Service, Verevel relies on trusted service providers and shares only the data needed for them to do their job:
- Cloud infrastructure & database providers — store your account, saves, maps, ratings and related data.
- Identity / authentication providers — verify who you are when you sign in through a third-party account.
- Natural-language AI providers — parse the public text of posts you save to extract place information. We share only that public text — never your account or contact details.
- Social-media embed providers (Meta Platforms, Inc.) — render Instagram public posts you have saved inline (via Meta's oEmbed API or its public embed iframe) so you can revisit the original recommendation without leaving Verevel. Only the public post URL is sent to Meta; we do not transmit your Verevel account or any personal identifier. When you view an embedded post, Meta may collect standard web-log data (IP address, user-agent, cookies) governed by Meta's privacy policy.
- Maps & geographic-data providers — render maps and enrich places with coordinates and addresses.
- Push-notification providers — deliver notifications through your device's operating system.
- Mobile app stores — handle app distribution and updates through the device OS.
We only work with providers that maintain industry-standard security practices, and we contractually require them to protect your data. All providers are bound by the purposes and scope set in this policy.
Shared maps and what other members can see
When you invite friends to a shared map — or join someone else's — every member of the map can see its saves, places, takes and ratings. Other members see your display name and avatar, but not your email, age, country or any other personal data.
Invite links use a one-time token and only work while still valid and under the use limit. You can revoke an invite or remove a member at any time.
What we do not do
- We do not sell your personal data to any third party.
- We do not publish your private saves or unpublished notes anywhere on the internet.
- We do not track your location in the background.
- We do not post or interact on your behalf on social platforms.
Security and retention
Verevel follows common industry security practices, including transport-layer encryption (TLS), server-side row-level access control, API rate limits, identity checks for sensitive operations, and domain allow-lists for outbound calls.
No online service can be 100% secure, however. If we become aware of a security incident affecting your personal data, we will notify you through the App or by email within a reasonable timeframe, as required by applicable law.
We retain your data while your account is active. When you delete your account, we will remove your personally-identifiable data from production systems within a reasonable window (typically 30 to 90 days), although some data may be retained in de-identified form for legal, fraud-prevention or aggregate-statistics purposes.
Your rights over your data
Subject to applicable data-protection law, you have the following rights:
- Access: to find out what personal data we hold about you.
- Correction: to fix data that is inaccurate or incomplete (most of this can be edited directly in the App profile).
- Deletion: to request that we delete your account and associated personal data. You can also delete your account in the App settings, or email us.
- Export: to receive a copy of your personal data.
- Withdraw consent: for processing based on consent, you can withdraw at any time without affecting the lawfulness of prior processing.
- Restrict or object to processing, where the law allows.
- Complain: you can lodge a complaint with your local data-protection authority.
To exercise any of these rights, email verevel.support@gmail.com. For your safety, we may need to verify your identity first.
Children's privacy
Verevel is not designed for children under 13, and we do not knowingly collect personal data from anyone under 13. If you are a parent or guardian and become aware that your child has shared personal data with us without consent, please contact us — we will delete it promptly.
In some jurisdictions (for example the EU), this age threshold may be 16. We follow the applicable local rules.
Cross-border transfers
Some of our service providers may be located outside your country. When we transfer your personal data to those regions, we take reasonable safeguards — for example, we choose providers that meet industry-standard security practices and require them to protect your data accordingly.
Cookies and similar technologies
The Verevel mobile app does not use cookies. On the verevel.app website we only use essential local storage — for example, to remember your sign-in state and the state of deep-link flows. We do not use advertising or tracking cookies.
Changes to this policy
We may update this policy from time to time. For material changes (such as new categories of data or new uses), we will notify you through the App or by email, and update the "Effective" date on this page.
Continued use of the Service means you accept the updated policy.
Contact us
If you have any question about this policy or how we handle your personal data, please get in touch.