VELTU
DE | EN

Privacy Policy

Last updated: 3 July 2026

1. Controller

Markus Eggenreiter (EGM Digital Solutions), Alexander-Girardi-Straße 5/13, 4820 Bad Ischl, Austria. Full provider details are available in the imprint.

Contact for data protection matters:

2. Website Visits and Server Logs

When you access this website (veltu.app), our hosting provider Cloudflare, Inc. processes technically necessary data such as IP address, date and time of access, the page accessed and browser information (server logs). The logs are not merged with other data. This website uses no cookies and no tracking.

3. Data Processed and Purposes

The legal basis for the processing described below is the performance of the user agreement (Art. 6(1)(b) GDPR) as well as our legitimate interest in secure and stable operation (Art. 6(1)(f) GDPR).

Contact form: If you use the contact form, we process your name, email address and message in order to handle your enquiry. Delivery takes place via Resend (see processors). The enquiry is deleted once it has been finally dealt with.

4. Legal Bases

Processing takes place in order to perform the user agreement (Art. 6(1)(b) GDPR — provision of the account, note storage, premium features) and on the basis of legitimate interests (Art. 6(1)(f) GDPR — security and operation of the app).

5. Processors and Service Providers

We use the following service providers to operate the app:

6. Transfers to Third Countries

Some of the service providers used (including OpenAI, Anthropic, Cloudflare, Google) process data in the USA. For these transfers we rely on the European Commission's Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR. Insofar as the respective provider is certified under the EU-US Data Privacy Framework (DPF), the transfer additionally takes place on the basis of the European Commission's adequacy decision.

A residual risk remains that US authorities may access data under US law (e.g. FISA 702, CLOUD Act). We transmit only the data technically required for the respective feature. Note content is transmitted solely for the AI features (embeddings, summary) and only where premium is actively used. To assess these transfers we carry out a Transfer Impact Assessment (TIA) in line with the recommendations of the European Data Protection Board and review it regularly.

7. Security and Access

Your data is stored encrypted in transit and at rest. End-to-end encryption is not in place: note content must be processed technically for the AI features, which means the operator can technically access content. Content is not disclosed beyond the purposes set out in this policy.

8. Your Rights

You have the rights to access, rectification, erasure, restriction, data portability and objection. Within the app you can export your notes and delete your account together with all data.

You also have the right to lodge a complaint with the supervisory authority — in Austria the Austrian Data Protection Authority.

9. Retention Periods

Notes you move to the trash are permanently deleted after 30 days. Account and note data are removed in full when you delete your account.

We store personal data for as long as a lawful purpose exists. Data relevant to billing and accounting is retained for seven years due to tax retention obligations under § 132 BAO (Austrian Federal Fiscal Code). Deleted notes remain in the trash for 30 days and are then permanently removed. Once the purpose ceases to apply and statutory periods have expired, the data is deleted.

10. Contact

For questions about data protection:

← Back to home