Legal · Your rights
Your rights
Depending on where you live, you have rights over personal data we hold about you. This page summarizes those rights, the request types we accept, what we will do with each, and the timelines we follow. Because Vaely holds very little data to begin with, most requests will be answered with a simple statement that we have no responsive records. The procedures still apply.
The fastest way
Email tezaapps@gmail.com with the subject line Privacy Request. State which right you are exercising and the jurisdiction (or "any applicable jurisdiction" if you are not sure). We acknowledge within 10 business days and respond fully within the timelines below.
1. Rights for everyone, regardless of jurisdiction
Even where the law does not require it, we extend the following to every user:
- The right to ask what personal data we hold about you and to receive a clear answer.
- The right to request deletion of personal data we hold about you.
- The right to opt out of any non-essential analytics on the website (which we do not perform if your browser sends a Do Not Track or Global Privacy Control signal).
- The right to a clear, prompt, honest answer.
For your data on your device: open the App; the data is yours to read directly. To delete it, delete the App from your device — iOS removes its sandboxed data. To revoke HealthKit permissions, go to iOS Settings → Privacy & Security → Health → Vaely. These actions do not require a request to us.
2. EEA, United Kingdom, Switzerland (GDPR / UK GDPR / Swiss FADP)
If you are in the EEA, the UK, or Switzerland, you have the following rights:
| Right | What it means | Article |
|---|---|---|
| Access | Confirmation of whether we process your data, plus a copy of it. | GDPR Art. 15 |
| Rectification | Correction of inaccurate or incomplete data. | GDPR Art. 16 |
| Erasure ("right to be forgotten") | Deletion of data that is no longer necessary, that was processed unlawfully, or that you withdraw consent for. | GDPR Art. 17 |
| Restriction of processing | Pause processing while we resolve a dispute. | GDPR Art. 18 |
| Data portability | Receive your data in a machine-readable format and transmit it to another controller. | GDPR Art. 20 |
| Object | Object to processing based on legitimate interests, including profiling. | GDPR Art. 21 |
| Not be subject to automated decision-making | We do not make automated decisions about you with legal or similarly significant effects. | GDPR Art. 22 |
| Withdraw consent | Withdraw any consent you previously gave, at any time. | GDPR Art. 7(3) |
| Lodge a complaint | File a complaint with your local supervisory authority (e.g., the Irish Data Protection Commission, Germany's BfDI, France's CNIL, the UK's ICO). | GDPR Art. 77 |
Timeline: we acknowledge within 10 business days and respond fully within 30 days, with one possible 30-day extension where reasonably necessary. We will notify you of any extension and the reason.
3. California (CCPA / CPRA)
If you are a California resident, you have the rights below.
| Right | What it means |
|---|---|
| Right to know | Categories of personal information collected, sources, purposes, and categories of recipients. |
| Right to access | A copy of personal information collected in the preceding 12 months (or longer, at your option). |
| Right to delete | Deletion of personal information, subject to statutory exceptions. |
| Right to correct | Correction of inaccurate personal information. |
| Right to opt out of sale or sharing | Opt out of any "sale" or "sharing" for cross-context behavioral advertising. We do not sell or share. The opt-out link confirms this. |
| Right to limit the use of sensitive personal information | Restrict use of sensitive personal information beyond what is permitted by California Civil Code 1798.121. Vaely does not use sensitive personal information for purposes that would require this opt-out. |
| Right to non-discrimination | We do not deny services, charge different prices, or provide different quality because you exercised a right. |
Authorized agents: you may designate an authorized agent to make a request on your behalf. We require written proof of authorization.
Timeline: we acknowledge within 10 business days and respond fully within 45 days, with one possible 45-day extension.
4. Washington (My Health My Data Act)
If you are a Washington resident, the My Health My Data Act (RCW 19.373) gives you specific rights with respect to consumer health data:
- Right to confirm whether we collect, share, or sell your consumer health data.
- Right to access your consumer health data.
- Right to a list of all third parties and affiliates with whom we have shared or sold your consumer health data, with active contact information for each.
- Right to withdraw consent for collection and sharing.
- Right to deletion of consumer health data.
- Right to be free from discrimination for exercising any of these rights.
The dedicated Consumer Health Data Privacy Policy covers the seven RCW 19.373.020 disclosure elements in full. We respond to verified requests within 45 days, with one possible 45-day extension.
5. Other US states with comprehensive privacy laws
Residents of Colorado (CPA), Connecticut (CTDPA), Delaware (DPDPA), Indiana (CDPA), Iowa (ICDPA), Kentucky (KCDPA), Maryland (MODPA), Minnesota (MCDPA), Montana (MTCDPA), Nebraska (NDPA), New Hampshire (NHPA), New Jersey (NJDPA), Oregon (OCPA), Rhode Island (RICDPCA), Tennessee (TIPA), Texas (TDPSA), Utah (UCPA), and Virginia (VCDPA) have rights closely paralleling those in Sections 2 and 3 above — typically access, correction, deletion, portability, and opt-out of targeted advertising, sale, and certain profiling.
Connecticut residents: as of 1 July 2026, "neural data" is treated as sensitive data under the CTDPA, requiring opt-in consent. Vaely does not collect or process neural data.
Texas residents: the TDPSA applies to us regardless of revenue or volume thresholds. You have rights of access, correction, deletion, portability, and opt-out of sale, targeted advertising, and certain profiling.
Timeline: 45 days, with one possible 45-day extension, in line with the most common timeline across these statutes.
6. Brazil (LGPD)
If you are in Brazil, you have the rights set out in Article 18 of the Lei Geral de Proteção de Dados (LGPD) — confirmation, access, correction, anonymization, portability, deletion, information about sharing, and revocation of consent. Timeline: 15 days where the LGPD specifies it, otherwise reasonable in the circumstances.
7. Canada (PIPEDA, Quebec Law 25)
If you are in Canada, you have the rights of access and correction set out in PIPEDA. Quebec residents have additional rights under Law 25, including data portability and information about automated decision-making (which we do not perform about you).
8. How to make a request
Email tezaapps@gmail.com. In the subject line, please include one of the following so the request is routed correctly:
Privacy Request(general)GDPR Access Request(EEA / UK / Swiss residents)CCPA Request(California residents)MHMDA Request(Washington residents)Deletion RequestPortability RequestWithdraw ConsentAppeal(if we previously denied a request)
In the email, please include:
- Your name (if you have given it to us in past correspondence) and the email address you have used with us.
- The right you are exercising.
- The jurisdiction whose law you rely on (or "any applicable jurisdiction").
- Any specific period or category of data you are interested in.
- Whether you are using an authorized agent and, if so, written proof of authorization.
9. Identity verification
We will verify your identity before fulfilling a request. For email-based requests, we will normally verify by replying to the email address from which the request was sent and asking you to confirm. If we cannot verify identity, we will tell you and ask for additional information. We will not ask for more than is necessary to verify, and we will delete identity-verification information once the request is fulfilled.
10. Fees
We do not charge a fee for verified requests. Where applicable law permits a reasonable fee for excessive or repetitive requests, we may charge such a fee — but we will tell you in advance and offer you the chance to revise the request to avoid the fee.
11. Appeals
If we deny your request and you are a resident of a jurisdiction that grants an appeal right, you may appeal by replying to our denial email with "Appeal" in the subject line. We will respond to appeals within 60 days. If you remain dissatisfied, you may contact your local data-protection authority or, in the United States, your state attorney general.
12. Non-discrimination
We do not, and we will not, deny services, charge different prices, provide different quality, or otherwise discriminate against you for exercising any right under this page.
Effective 6 May 2026. Version 1.0.0. This is the first version of this page.
The architecture is the point.
The legal documents above describe what we do, what we never do, and the rights you have. The proof is in the App Store privacy label and the source code, not the paragraphs.