Your data, explained plainly.

We collect data in these categories:

• Identity. Your display name, email address, and profile photo, pulled from your Google (or LinkedIn) OAuth login. We never see your Google password.
• Listings. Title, description, price, category, and metro-level location (city/suburb) for items you post. You may optionally add a cross-street or neighborhood hint. This is never required and never auto-populated from GPS.
• Messages. The text content of conversations between members. Messages are stored on our servers (Firestore); they are not end-to-end encrypted. Before a message is saved, we mask only financial identifiers that match a Social Security number or 16-digit payment-card pattern; we do not redact names, phone numbers, emails, messaging-app links, or social profiles, since sharing those to arrange a real meetup is intended behaviour. Stored messages can be accessed by authorized Veklo moderation for safety, fraud, and abuse investigation. For more on our trust system, see the Sentinel page.
• Reviews. Star ratings (1–5) and written feedback you leave for other members. These are associated with your account.
• SOS check-in.If you use the safety check-in feature, we store your emergency contact's name and phone or email, plus the scheduled meeting location and time. This data is used solely to escalate to your contact if you don't confirm safety by the deadline.
• Student verification. A cryptographic hash of your university email address and your institution name. We store the hash, not the email itself.
• Subscription tier. Whether your account is on the Free, Kaapi or Reserve plan.

• To operate the marketplace: matching listings to buyers, enabling messages.
• To display trust signals: verification badges, review counts, trust scores.
• To screen listings for fraud and prohibited content via Sentinel.
• To send transactional emails: student verification OTPs, saved-search alerts, SOS escalations. We send very little marketing email.
• To enforce community guidelines and respond to reports.

We do notsell your data or use it for advertising or cross-context behavioural profiling. We do use Google Analytics to measure aggregate, non-identifying site usage (such as page views and traffic sources) so we can improve the platform — see Third-party services below.

We also collect our own first-party, cookieless page-view analytics: no cookies are set, and we identify visits only by a rotating, non-identifying hash (it changes daily and cannot be traced back to you) purely to measure aggregate traffic.

Your public profile shows: display name, profile photo, trust score, review count, and verification badges (Google-verified, student, LinkedIn).

Your email address, subscription tier, SOS contacts, and private account details are never visible to other members.

We use a small set of infrastructure and measurement providers, including Google Analytics (described below). We do not use ad networks or advertising trackers, and we do not sell your data.

• Google Analytics 4 (Google): cookieless-friendly, first-party web analytics on chaiandcity.com. We use it to understand aggregate usage (page views, sessions, traffic sources, device/browser type, and approximate region). Google Analytics sets cookies / uses local storage on your device and processes this data on our behalf. We do not enable Google Signals or advertising features. Governed by Google's Privacy Policy; you can opt out with the Google Analytics Opt-out Browser Add-on.
• Firebase (Google Cloud, US region): authentication, database (Firestore), and file storage. All data at rest is encrypted with Google-managed keys. Data in transit uses TLS.
• Google Identity Services: OAuth sign-in UI hosted on accounts.google.com. Governed by Google's Privacy Policy.
• LinkedIn (OAuth): optional sign-in and identity verification. When you connect LinkedIn, we receive your basic profile (name and profile photo) to issue a LinkedIn verification badge. Governed by LinkedIn's Privacy Policy.
• Stripe: subscription checkout and the customer billing portal for paid plans. Stripe processes your payment details directly; we do not store full card numbers. Governed by Stripe's Privacy Policy.
• Google Gemini / Generative AI: listing text and uploaded listing images are sent to Google's Generative AI service to screen for fraud, scams, and prohibited content. Governed by Google's Privacy Policy.
• Email delivery (Firebase Trigger Email / SMTP): used to send transactional email such as student-verification codes, saved-search alerts, and SOS escalations. The recipient email address and message content pass through this delivery infrastructure.
• IP-based location (in-house): we approximate your city to pre-fill your metro and to confirm you are in the United States. This lookup runs entirely on our own servers against a local geolocation database (MaxMind GeoLite2) — your IP address is not sent to any third party and we do not store the raw IP.
• OpenStreetMap: map tiles for the safety-zones map. Tile requests include your IP but no account data.
• Google Fonts: Inter typeface loaded from fonts.googleapis.com. Standard font request, no personal data beyond IP.

ChaiandCity works at metro level: city and suburb. We do not collect GPS coordinates from your device.

Listings may include an optional free-text address or cross-street field, entered manually by the seller. Safe Zones (suggested meeting locations) are publicly known locations like police stations and malls, not your home address.

If you use SOS check-in, your emergency contact's details (name plus phone or email) are stored in your private account data, readable only by Veklo systems. They are used exclusively to send an alert if an SOS check-in is not confirmed by the deadline. They are never shared with other users or used for any other purpose. You can update or remove them at any time from your profile.

We do not use advertising cookies or third-party tracking cookies. Firebase Authentication stores a session token in your browser's localStorage to keep you signed in between visits. This token identifies your session with Firebase and is never shared with advertisers. Clearing your browser storage will sign you out.

We keep each category of data only as long as needed for the purpose it was collected, then delete or de-identify it. The retention periods we commit to are shown below.

After you delete your account

After you delete your account, we remove your public profile and listings promptly and complete deletion of your personal data within 30 days. For up to 30 days following deletion (and longer only where an open safety, fraud, or legal matter requires it), we retain a minimal set of records — such as account and device identifiers, enforcement history, and a record of the deletion request — in a restricted, non-public state. We keep these limited records to investigate and prevent abuse, detect banned users returning under new accounts, comply with legal obligations, and resolve disputes. Billing records held by our payment processor or required for tax and accounting purposes may be retained for the period required by law.

Account deletion removes your profile and listings. See Your rights for how to request deletion or export.

You can exercise the rights below either through self-service controls in the app, where available, or by submitting a request to hello@veklo.io. For requests we handle manually, we acknowledge receipt and respond within the timelines noted below.

• Access and export. Request a copy of your personal data. Where available, you can start an export from your account settings; otherwise email us and we will respond to verified access and data-export requests within 45 days of receipt. Where reasonably necessary (for example, due to the complexity or volume of requests), we may extend this period by an additional 45 days and will notify you of the extension and the reason within the initial 45-day window.
• Correction. We action verified correction requests within 45 days of receipt. Many corrections (such as your display name and profile details) can be made immediately through your account settings; for other personal data, email hello@veklo.io and we will correct it within the same 45-day window, extendable by 45 days where reasonably necessary.
• Deletion. Request deletion of your account, which removes your profile and listings. Where available you can begin this from your account settings; otherwise email us. We action verified deletion requests within 45 days of receipt and complete deletion across our systems within 30 days of confirming the request, extendable by an additional 45 days where reasonably necessary, with notice to you. Certain records may be retained where law permits or requires (see Data retention and the post-deletion window).
• Identity verification. To protect your account, we verify your identity before fulfilling access, correction, or deletion requests. We will generally require that the request come from, or be confirmed via, the email address associated with your account, and we may ask for additional information reasonably necessary to confirm you are the account holder (or an authorized agent). We use this verification information only to process your request. If we cannot verify your identity, we may decline to act and will tell you why.
• Opt-out of marketing email. Use the unsubscribe link in any email we send, or contact us directly.
• California residents (CCPA). You have the right to know what personal data we hold, request deletion, and opt out of any sale of personal data. We do not sell personal data. Submit requests to hello@veklo.io.

ChaiandCity is intended only for users aged 18 and older. We do not knowingly collect personal data from anyone under 18. If you believe someone under 18 has created an account, contact us at hello@veklo.io and we will remove the account.

When we make material changes, whether to data collected, how it is used, or retention windows, we will notify members by email and post an update notice at the top of this page. Changes are not effective until 14 days after notice.