Privacy Policy

1. Introduction

Positive Bro, LLC (d/b/a Vaveo) ("Vaveo," "Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you access or use the Vaveo website, mobile application, and all related services (collectively, the "Platform").

This Privacy Policy applies to all users of the Platform, including Riders (guests who book experiences or purchase equipment), Vendors (hosts who list experiences, services, or equipment), Instructors (team members who conduct sessions), and visitors who browse the Platform without creating an account.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the practices described in this Privacy Policy, please do not access or use the Platform.

This Privacy Policy is incorporated into and forms part of our Terms of Service. Capitalized terms not defined in this Privacy Policy have the meanings given to them in the Terms of Service.

2. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings set forth below:

• "Personal Information" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
• "Sensitive Personal Information" means Personal Information that reveals government-issued identification numbers, financial account information, precise geolocation data, biometric information, or other categories of data subject to heightened legal protections.
• "Processing" means any operation performed on Personal Information, whether automated or manual, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, combination, restriction, erasure, or destruction.
• "Data Controller" means the entity that determines the purposes and means of processing Personal Information. Positive Bro, LLC is the Data Controller for Personal Information collected through the Platform.
• "Data Processor" means an entity that processes Personal Information on behalf of a Data Controller.
• "Service Providers" means third-party companies or individuals engaged by Vaveo to facilitate, provide, or perform services on behalf of the Platform.

3. Information We Collect

We collect various categories of Personal Information depending on how you interact with the Platform. Below is a comprehensive list of the types of information we may collect:

3.1 Personal Identifiers

• Full legal name (first and last name)
• Email address
• Phone number
• Profile photograph / avatar
• Mailing address (if applicable)
• Username or display name

3.2 Identity Verification Data

• Government-issued photo identification document (driver's license, passport, national ID)
• Selfie photograph for identity comparison
• Verification status and submission history
• Business registration documents (for Vendors)
• Insurance certificates (for Vendors)

3.3 Financial & Payment Information

• Payment card details (card brand, last four digits, funding type — processed and stored by Stripe, not on our servers)
• Billing address
• Transaction history (Booking amounts, refunds, payouts)
• Stripe Connect account information (for Vendors receiving payouts)
• Bank account information (processed by Stripe for Vendor payouts)
• Subscription and membership billing records

3.4 Booking & Transaction Data

• Booking details (dates, times, guest quantities, special notes)
• Booking status and lifecycle history
• Cancellation and rescheduling records
• Check-in and session progress data (arrival, start, completion times)
• Party member names and participation status
• Waiver signature data (digital signature, timestamp)

3.5 Equipment & Gear Data

• Equipment serial numbers and registration data
• Gear type, brand, model, and condition
• Maintenance logs and service intervals
• Flight logs (duration, distance, maximum speed, GPS track data)
• Battery verification data (brand, model, serial number, photos)
• Digital Asset Registry ownership and provenance history
• Component binding and modular configuration records

3.6 Location & Geolocation Data

• User-provided location (city, region, country)
• Listing location and meeting point coordinates
• Spot report location data (coordinates, address, access type)
• GPS track data from flight logs (if submitted by user)

3.7 Communications Data

• Direct messages between users
• System-generated notifications and alerts
• Customer support inquiries and correspondence
• Email and SMS notification delivery records

3.8 User-Generated Content

• Listing descriptions, photos, and pricing
• Reviews, ratings, and comments
• Community forum posts and thread content
• Spot reports (location, conditions, hazards, ratings)
• Session photos and videos uploaded by Vendors or Instructors
• Report and dispute submissions (including evidence photos and videos)

3.9 Device & Technical Data

• IP address
• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Unique device identifiers
• Referring/exit URLs
• Pages viewed and click patterns
• Date and time of access
• Session duration and interaction data

4. How We Collect Information

4.1 Information You Provide Directly

We collect information that you voluntarily provide when you register for an account, complete your profile, create a Listing, make a Booking, submit a Waiver, send messages, post community content, submit identity verification documents, complete guest checkout, contact customer support, or otherwise interact with the Platform.

4.2 Information Collected Automatically

When you access or use the Platform, we automatically collect certain technical and usage data, including your IP address, browser type, device information, pages visited, click patterns, referral sources, and session duration. This information is collected through cookies, log files, and similar tracking technologies.

4.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Stripe: Payment confirmation details, card brand and last four digits, funding type, and transaction status.
• Supabase Auth: Authentication tokens and session information when you sign in.
• Cal.com: Scheduling and calendar availability data for Vendors.
• Google Maps: Geocoding and location data when you search for Listings or submit location information.

4.4 Information from Other Users

Other users may provide information about you when they include you as a Party Member in a group Booking, send you a message, leave a review about you, or invite you to join a Vendor team. If another user provides your name or email address as part of a Booking, we will use that information solely to facilitate the Booking and related communications.

5. How We Use Your Information

We use the Personal Information we collect for the following purposes:

5.1 Platform Operations & Service Delivery

• To create, maintain, and secure your account.
• To process Bookings, payments, refunds, and payouts.
• To facilitate communication between Riders and Vendors.
• To provide check-in, session management, and QR code functionality.
• To generate and store digital Waivers and signatures.
• To manage the Digital Asset Registry and equipment verification.
• To operate the Battery Network and battery verification process.
• To process subscription billing and manage membership tiers.

5.2 Trust, Safety & Verification

• To verify user identities through government ID and selfie comparison.
• To verify Vendor business registration and insurance documents.
• To detect, prevent, and investigate fraud, abuse, and security incidents.
• To enforce our Terms of Service and community guidelines.
• To process reports, disputes, and moderation actions.
• To conduct server-side price validation and prevent payment tampering.
• To maintain activity logs for audit and compliance purposes.

5.3 Communications & Notifications

• To send booking confirmations, session reminders, and cancellation notices.
• To send waiver signature requests and reminders.
• To deliver new message notifications.
• To send review requests after completed sessions.
• To notify Vendors of new bookings and account status changes.
• To send subscription renewal, cancellation, and downgrade notices.
• To respond to your customer support inquiries.

5.4 Analytics & Platform Improvement

• To analyze usage patterns and improve Platform functionality.
• To generate aggregated, de-identified analytics (e.g., GMV, booking volume, category trends).
• To track Listing view counts and engagement metrics.
• To improve search results, recommendations, and content relevance.

5.5 Legal & Compliance

• To comply with applicable laws, regulations, and legal processes.
• To respond to lawful requests from law enforcement and government agencies.
• To establish, exercise, or defend legal claims.
• To protect the rights, property, and safety of Vaveo, our users, and the public.

6. Legal Bases for Processing

We process your Personal Information based on the following legal bases:

• Contract Performance: Processing necessary to perform our contract with you, including creating your account, processing Bookings and payments, facilitating communications, and delivering the services you request.
• Legitimate Interests: Processing necessary for our legitimate business interests, including fraud prevention, Platform security, analytics, and service improvement, where such interests are not overridden by your fundamental rights and freedoms.
• Consent: Processing based on your express consent, such as sending marketing communications, processing optional identity verification, or using location data for personalized recommendations. You may withdraw consent at any time.
• Legal Obligation: Processing necessary to comply with applicable laws, regulations, and legal processes, including tax reporting, law enforcement cooperation, and record retention requirements.
• Vital Interests: Processing necessary to protect the vital interests of you or another person, such as in emergency safety situations.

7. Information Sharing & Disclosure

We may share your Personal Information in the following circumstances:

7.1 With Other Users

When you make a Booking, we share your name, contact information, and booking details with the Vendor to facilitate the transaction. When you receive a Booking as a Vendor, we share your business name, listing details, and meeting point with the Rider. Profile information that you choose to make public (name, avatar, ratings, verification badges) is visible to other users.

7.2 With Service Providers

We share information with third-party service providers who perform services on our behalf, subject to contractual obligations to protect your data. See Section 9 for details on specific Service Providers.

7.3 For Legal Reasons

We may disclose your information if required to do so by law, or in the good-faith belief that such disclosure is necessary to: (a) comply with a legal obligation, court order, or subpoena; (b) protect and defend the rights or property of Vaveo; (c) prevent or investigate possible wrongdoing in connection with the Platform; (d) protect the personal safety of users or the public; or (e) protect against legal liability.

7.4 Business Transfers

If Vaveo is involved in a merger, acquisition, asset sale, corporate reorganization, bankruptcy, or similar transaction, your Personal Information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Platform of any change in ownership or uses of your Personal Information.

7.5 Aggregated & De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for any purpose, including industry analysis, marketing, analytics, and research.

8. Data Shared Between Users

The Platform is a marketplace that facilitates connections between Riders and Vendors. As such, certain Personal Information is necessarily shared between users to enable transactions:

8.1 Information Visible to All Users

• Public profile information (display name, avatar, verification badges, membership tier)
• Listing details (descriptions, photos, pricing, general location, ratings)
• Community posts, reviews, and comments
• Vendor business name and vendor tier badge

8.2 Information Shared Upon Booking

• Rider to Vendor: Full name, email address, phone number, booking details, special notes, party member names.
• Vendor to Rider: Business name, meeting point address and coordinates, booking instructions, Vendor contact information.

8.3 Information Shared in Messaging

When you send a direct message through the Platform, the recipient can see your display name, avatar, and the content of your message. Messages related to a specific Listing may include the Listing context.

9. Third-Party Service Providers

We use the following third-party service providers to operate the Platform. Each provider processes data as described below and subject to their own privacy policies:

10. Cookies & Tracking Technologies

10.1 What Are Cookies

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and to provide information to the website owners.

10.2 Types of Cookies We Use

• Essential Cookies: Required for the Platform to function properly, including authentication tokens, session management, and security features. These cannot be disabled.
• Functional Cookies: Used to remember your preferences, such as language settings, notification preferences, and display options.
• Analytics Cookies: Used to understand how users interact with the Platform, including pages visited, session duration, and navigation patterns. This helps us improve the Platform experience.

10.3 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling essential cookies may prevent you from using certain features of the Platform, including account login and Booking functionality.

11. Data Storage & Security

11.1 Storage Infrastructure

Your Personal Information is stored on secure servers operated by our infrastructure providers (Supabase and Cloudflare). Data is stored primarily in the United States. Media files (photos, videos, documents) are stored in Cloudflare R2 storage with access controlled by signed URLs with time-limited access.

11.2 Security Measures

We implement industry-standard security measures to protect your Personal Information, including:

• Encryption of data in transit using SSL/TLS protocols.
• Encryption of sensitive data at rest.
• Row-level security (RLS) policies to ensure users can only access data they are authorized to view.
• Secure authentication via Supabase Auth with token-based session management.
• Payment data processed exclusively by PCI DSS-compliant Stripe — we never store full card numbers.
• Time-limited, signed URLs for accessing stored media files.
• Admin access controls with role-based permissions.
• Activity logging for security audit trails.

11.3 Security Limitations

While we strive to protect your Personal Information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your information. In the event of a data breach that affects your Personal Information, we will notify you and applicable regulatory authorities as required by law.

12. Data Retention

12.1 Retention Periods

We retain your Personal Information for as long as necessary to fulfill the purposes for which it was collected, including:

• Active Account Data: Retained for the duration of your account plus a reasonable period after account closure.
• Booking & Transaction Records: Retained for a minimum of seven (7) years for tax and financial compliance purposes.
• Waiver & Signature Data: Retained for a minimum of seven (7) years or as required by applicable statute of limitations.
• Identity Verification Documents: Retained for the duration of your account; deleted within ninety (90) days of account closure, except as required for legal proceedings.
• Communications: Message history is retained for the duration of the associated accounts. Users may delete conversations from their own view.
• Listings: Archived Listings are retained for sixty (60) days before permanent deletion. Soft-deleted Listings follow a sixty (60) day retention period before purging.
• Activity Logs: Retained for a minimum of two (2) years for security and compliance auditing.
• Session Media: Photos and videos are retained for the duration of the associated Vendor's account.

12.2 Deletion

When Personal Information is no longer needed for the purposes described above, we will securely delete or anonymize it. You may request deletion of your data as described in Section 13 (Your Privacy Rights). Certain data may be retained after deletion requests where we have a legal obligation or legitimate need to do so (e.g., financial records, dispute evidence, fraud prevention).

13. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your Personal Information:

• Right to Access: You have the right to request a copy of the Personal Information we hold about you, including the categories of data collected, the sources, the purposes of processing, and the third parties with whom it has been shared.
• Right to Correction: You have the right to request correction of inaccurate or incomplete Personal Information. You can update most account information directly through your account settings.
• Right to Deletion: You have the right to request deletion of your Personal Information, subject to certain exceptions (legal obligations, ongoing disputes, financial record retention).
• Right to Restriction: You have the right to request that we restrict the processing of your Personal Information in certain circumstances.
• Right to Data Portability: You have the right to receive your Personal Information in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to Object: You have the right to object to processing of your Personal Information based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing performed before withdrawal.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

13.1 How to Exercise Your Rights

To exercise any of the above rights, please contact us at privacy@vaveo.io or legal@vaveo.io. We will verify your identity before processing your request and respond within the timeframe required by applicable law (generally within thirty (30) days, with possible extensions for complex requests).

13.2 Authorized Agents

You may designate an authorized agent to make a request on your behalf. To do so, provide the agent with written permission signed by you and have the agent submit proof of authorization along with the request. We may still require you to verify your identity directly with us.

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

14.1 Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected the following categories of Personal Information as defined by the CCPA:

• Identifiers: Name, email, phone, IP address, account name.
• Customer Records: Name, address, phone, financial information.
• Commercial Information: Transaction records, booking history, purchase history.
• Internet/Network Activity: Browsing history, search history, Platform interaction data.
• Geolocation Data: User-provided location, listing locations, spot report coordinates.
• Sensory Data: Photos, videos (session media, listing images, verification selfies).
• Professional Information: Vendor business registration, insurance, instructor qualifications.
• Inferences: Preferences, characteristics, and behavior drawn from the above categories.

14.2 Sale & Sharing

We do not "sell" or "share" (as defined by the CCPA/CPRA) your Personal Information for monetary or other valuable consideration. We do not use or disclose Sensitive Personal Information for purposes other than those permitted under the CPRA.

14.3 Right to Limit Use of Sensitive Personal Information

You have the right to limit our use and disclosure of Sensitive Personal Information to only what is necessary to perform the services or provide the goods you request, or as otherwise permitted by law.

14.4 Exercising Your California Rights

California residents may exercise their CCPA/CPRA rights by contacting us at privacy@vaveo.io or by calling 1-747-FLY-FOIL (747) 359-3645. We will verify your identity using at least two pieces of Personal Information before fulfilling your request.

15. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and applicable local data protection laws:

• All rights described in Section 13, including access, correction, deletion, restriction, portability, and objection.
• The right to lodge a complaint with your local data protection supervisory authority.
• The right to be informed about the legal basis for processing (see Section 6).
• The right to be informed about international data transfers and safeguards (see Section 16).

15.1 Data Controller

Positive Bro, LLC is the Data Controller for Personal Information collected through the Platform. For questions about our data processing practices, contact our designated privacy contact at privacy@vaveo.io.

15.2 Data Protection Officer

If required by applicable law, Vaveo will appoint a Data Protection Officer (DPO) and provide their contact information on this page. For all privacy-related inquiries, you may contact us at privacy@vaveo.io.

16. International Data Transfers

Vaveo is headquartered in the United States. If you access the Platform from outside the United States, please be aware that your Personal Information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

These countries may have data protection laws that are different from the laws of your country. By using the Platform, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy.

Where required by applicable law (such as the GDPR), we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognized transfer mechanisms.

17. Children's Privacy

The Platform is not intended for use by children under the age of eighteen (18). We do not knowingly collect Personal Information from children under 18. If you are a parent or guardian and believe your child has provided us with Personal Information, please contact us at privacy@vaveo.io and we will promptly delete such information.

Minors under 18 may participate in eFoil activities only under the direct, in-person supervision of a parent or legal guardian who has accepted the Terms of Service and signed the applicable Waiver. In such cases, the parent or guardian provides any necessary information on the minor's behalf.

18. Identity Verification Data

When you submit identity verification through the Platform, we collect and process sensitive information that warrants special attention:

• What We Collect: A photo of your government-issued ID and a selfie for comparison. We also record your verification status, submission count, and any rejection reasons.
• How We Use It: Solely to verify your identity and enhance trust and safety on the Platform. Verification documents are reviewed by authorized Vaveo administrators only.
• How We Store It: Verification documents are stored in secure, access-controlled cloud storage with time-limited signed URLs. Access is restricted to authorized personnel with specific admin permissions.
• Retention: Documents are retained for the duration of your active account. Upon account deletion, verification documents are deleted within ninety (90) days, except where required for pending legal proceedings or disputes.
• Sharing: Verification documents are never shared with other users, third parties, or service providers. Only the verification status (verified, pending, etc.) and associated badge are visible to other users.

19. Payment & Financial Data

19.1 Payment Processing

All payment transactions are processed by Stripe, Inc., a PCI DSS Level 1 certified payment processor. When you enter your payment information, it is transmitted directly to Stripe's servers. Vaveo does not store your full credit card number, CVV, or complete payment card details on our servers.

19.2 What We Store

We store limited payment reference data received from Stripe for record-keeping purposes, including: card brand (e.g., Visa, Mastercard), last four digits of the card number, card funding type (credit, debit), Stripe payment intent IDs, and transaction amounts and statuses.

19.3 Vendor Financial Data

Vendors who receive payouts through Stripe Connect provide their bank account information directly to Stripe. Vaveo does not have access to full bank account numbers. We may receive limited information from Stripe about the status of Vendor accounts for compliance and payout management purposes.

20. Waiver & Signature Data

When you sign a digital Waiver through the Platform, we collect and store:

• Your digital signature (captured as a base64-encoded image).
• The exact timestamp of your signature.
• The full text of the Waiver you signed (including any personalized variables such as your name, booking date, and equipment type).
• The Waiver template version and ID used.
• Your party member slot index (for group Bookings).

Waiver signature data is used to create a binding record of your acknowledgment and acceptance of the risks associated with the activity. A PDF copy of the signed Waiver may be generated and stored for legal record-keeping.

Waiver records are retained for a minimum of seven (7) years or the applicable statute of limitations period, whichever is longer, to protect both you and the Vendor in the event of a legal claim.

21. Location & Geolocation Data

21.1 User-Provided Location

You may voluntarily provide location information when setting up your profile, creating a Listing, or submitting a spot report. This location data is used to display relevant Listings and connect you with nearby Vendors and experiences.

21.2 Meeting Point Data

Vendors provide meeting point addresses and GPS coordinates for their Listings. This precise location data is considered private and is only shared with Riders who have a confirmed Booking. Meeting point data is not displayed publicly.

21.3 Flight Log GPS Data

If you choose to log flights through the Platform's gear management tools, you may submit GPS track data including coordinates, speed, and distance. This data is stored as part of your personal equipment records and is not shared with other users unless you choose to do so.

21.4 Spot Report Locations

Location data submitted as part of community spot reports (coordinates, address, access information) is shared publicly with all Platform users. Do not submit location data for private or restricted-access areas without proper authorization.

22. Communications & Messaging Data

22.1 Platform Messages

Direct messages sent between users through the Platform are stored on our servers. While we do not actively monitor the content of private messages, we reserve the right to review message content in connection with safety investigations, dispute resolution, or legal proceedings.

22.2 Email & SMS Communications

We send transactional emails and SMS messages related to your account activity (booking confirmations, reminders, notifications). These communications are processed through our email (Resend/Mailgun) and SMS (Twilio) service providers. Delivery status and metadata may be logged.

22.3 Communication Preferences

You can manage your notification preferences through your account settings, including opting in or out of email notifications and SMS notifications. Transactional messages directly related to your Bookings (confirmations, cancellations, safety notices) cannot be opted out of while you have active Bookings.

23. Community & User-Generated Content

When you post content in community forums, leave reviews, submit spot reports, or engage with other community features, please be aware that:

• Community posts, reviews, and comments are publicly visible to all Platform users and may be indexed by search engines.
• Your display name and avatar will be displayed alongside your content.
• Community content may include voting data (upvotes/downvotes) associated with your account.
• Spot reports may include location data, condition assessments, and safety ratings that you voluntarily provide.
• Reviews are linked to specific Bookings to verify authenticity.

Do not include sensitive personal information (such as financial details, government ID numbers, or private addresses) in community posts, reviews, or other publicly visible content. Once posted, community content may be difficult to fully remove, as other users may have viewed or referenced it.

24. Gear, Flight Logs & Equipment Data

The Platform provides tools for managing your personal equipment inventory and tracking your eFoil activities:

• Gear Registry Data: Equipment serial numbers, brand, model, condition, purchase information, and ownership history stored in the Digital Asset Registry. Serial numbers and registry status may be visible to potential buyers when equipment is listed for sale.
• Maintenance Logs: Service records, maintenance intervals, and repair history for your equipment. This data is private by default.
• Flight Logs: Session data including duration, distance, maximum speed, and optional GPS track data. This data is private by default and used for personal statistics.
• Usage Statistics: Aggregated data about your equipment usage (total flights, total hours, rental count, earnings). Certain aggregate statistics may be visible to other users in the context of fleet or Listing information.

Equipment data stored in the Digital Asset Registry may be shared with Vaveo administrators for title verification, dispute resolution, and safety compliance purposes.

25. Notification Preferences

You have control over many of the communications you receive from the Platform:

25.1 What You Can Control

• Email Notifications: You can opt in or out of email notifications for new bookings, messages, review requests, and promotional updates through your account notification preferences.
• SMS Notifications: You can opt in or out of SMS notifications for booking alerts, session reminders, and other updates through your account notification preferences.

25.2 What You Cannot Opt Out Of

• Account security notifications (password resets, suspicious activity alerts).
• Booking confirmation and cancellation notices for active Bookings.
• Legal and policy update notices.
• Waiver signature requests for upcoming Bookings.
• Dispute resolution communications.

26. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no uniform standard for how DNT signals should be interpreted, the Platform does not currently respond to DNT signals. However, you can manage your cookie preferences and tracking settings through your browser settings as described in Section 10.3.

27. Links to Third-Party Websites

The Platform may contain links to third-party websites, services, or applications that are not operated by Vaveo. If you click a third-party link, you will be directed to that third party's website. We strongly advise you to review the privacy policy of every website you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. This includes, without limitation, the websites of our service providers listed in Section 9.

28. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" and version number at the top of this Privacy Policy.
• Notify you via email (if you have an account) or through a prominent notice on the Platform.
• Provide a summary of material changes.

Your continued use of the Platform after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the revised Privacy Policy, you should stop using the Platform and contact us to close your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Previous versions of this Privacy Policy are available upon request by contacting us at privacy@vaveo.io.

29. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, your Personal Information, or our data practices, please contact us at:

For CCPA/CPRA requests, California residents may also call our toll-free number above. We will respond to all verifiable privacy requests within thirty (30) days.