Plain-language privacy statement

Privacy

Last updated May 16, 2026

Quick version. Your file lives only in your browser until you click Share. Sharing uploads it to Vela Docs's servers so collaborators can open the same view. You can delete a shared file at any time from the files dashboard; deletion removes it from our servers and from collaborators' future loads. We don't sell, rent, or share your file contents with anyone.

What we store

  • Anonymous use: nothing leaves your browser. Files you drop on Vela Docs without signing in are stored in your browser's IndexedDB only. Closing the tab keeps them; clearing browser data removes them. We have no record they exist.
  • After you sign in and share: the file is uploaded to Firestore (Google Cloud, encrypted at rest and in transit). Stored fields: file name, content, owner uid, share-link policy, comments and replies, created and updated timestamps.
  • Account info: when you sign in (Google or magic-link email), we receive your email address and a Firebase user id. We don't request any other Google profile data.
  • Operational logs: Cloud Run keeps standard request logs (IP, user agent, response code) for 30 days. These are used to debug errors and detect abuse, not to profile users.

What we don't store

  • Third-party analytics. We don't run Google Analytics, Mixpanel, Segment, or any fingerprinting tool. Page-view tallies come from server logs only.
  • Advertising data. No ad networks. No tracking pixels. No cross-site identifiers.
  • Files you didn't share. If you drop a file anonymously and never click Share, we never receive it. There's nothing on our servers to leak.

Who can read a shared file

Two access tiers govern reads on a shared file:

  • Anyone-with-link viewers, if the owner enabled it. They see a read-only render. They don't need an account.
  • Per-user invitees, by email. They get view or edit access. Email magic-link sign-in establishes their identity; we don't store the magic-link password.

The owner controls who's in either tier from the share dialog. Revoke access at any time; revocation takes effect on the next session refresh.

Third-party services

We depend on a small set of platform services. Each handles a specific slice of the system and operates under its own terms:

  • Google Cloud (Firebase Auth, Firestore, Cloud Run). Hosts the editor, the document store, and the real-time collaboration server. SOC 2 / ISO 27001 certified.
  • Resend. Sends invitation emails when you invite a collaborator. Receives the recipient's email address and the email body; doesn't get your file contents.

We don't share your file contents with any third party for marketing, advertising, or model-training. We don't sell user data.

AI model training

We do not train AI models on your files. File contents are not piped to any AI training service. We don't use OpenAI's, Anthropic's, or Google's enterprise APIs against your stored documents. AI is the source of files our users upload; it is not a downstream consumer of what they store with us.

Deletion

You can delete any shared file from the files dashboard (hover a row, click the trash icon, confirm). Deletion removes the document, comments, replies, and share permissions immediately. Backups roll off within 30 days.

To delete your entire account, email privacy@vela.partners from the address on the account. We'll process within 7 business days.

Cookies

We use exactly one kind of cookie: the Firebase Auth session cookie that keeps you signed in. It's HTTP-only, Secure, and SameSite=Strict. We don't set tracking cookies, advertising cookies, or third-party cookies.

Contact

Vela Partners is the operator of Vela Docs. Privacy questions, access requests, and concerns: privacy@vela.partners.

This page describes how Vela Docs handles data as of May 16, 2026. Material changes will be announced at the top of this page; the previous version remains accessible for 12 months.