Privacy
Updated July 2026
The short version
VEIL is built so that the least possible amount of you exists anywhere. Rooms burn, coordinates never leave the server, faces stay veiled until two people agree otherwise, and deleting your account erases the entire graph.
What we collect
- Email — used only to sign you in with a one-time code and for account recovery. Never shown to other members; never used for marketing without consent.
- Approximate location — captured once each time you go live, used server-side to compute a coarse distance band (“< 2 km”). Raw coordinates are never visible to any member, including you, and expire with your presence.
- Profile — handle, age, intent, tease line, and optional tier claims (career, education, height). No legal names.
- Photos — stored privately. Another member can view your photo only across an open room where both of you chose to lift the veil.
- Messages — exist only while a room is open. When a room burns (by timer or by hand), its messages are permanently deleted.
- Purchases — handled by Apple. We never see your payment details.
The one exception: safety
If a member reports a room, a snapshot of that room's messages is preserved in a moderation-only store so the report can be reviewed even after the room burns. Members cannot access these snapshots — including the people in them.
What we never do
- No selling or sharing of personal data. No advertising SDKs. No trackers.
- No contact-list access, no social-graph matching, no public profiles.
- No precise-location display, ever — bands only.
Deletion
Delete your account from inside the app (You → Delete account). It removes your profile, photos, presence, knocks, rooms, messages, devices, and invitations in one cascade. There is no soft delete.
Contact
Questions: support.