Privacy

Privacy policy.

Effective May 28, 2026

Veto is a small independent team building a group dining decision app for iOS. We try to write privacy policies the way we'd want to read them — plain language, no dark patterns, no padding. If anything here is unclear, email [email protected] and we'll explain.

Veto is operated by Veto LLC, a Virginia limited liability company. References to "we," "us," or "Veto" mean Veto LLC.

What we collect

From this website

When you sign up for the beta we store the email address you provide, the page that referred you (if any), and your browser's user-agent string. We use Cloudflare to serve the site; Cloudflare may log standard request metadata (IP address, timestamp) for security and performance. The marketing site uses no cookies and no tracking pixels.

From the iOS app

Account information. When you sign in with Apple or Google we receive the email address and display name those providers share with us, plus an authentication token used to keep you signed in. We do not see or store your Apple or Google password.

Location. Veto requests "while-in-use" location only — never background. Your coarse latitude and longitude are sent to Google's Places API to look up restaurants nearby, and are stored on our backend only for the duration of a session. We never sell, share, or use your location for advertising.

Your activity in the app. When you tap "log visit" on a restaurant we save the place identifier, restaurant name, and a timestamp so we can show you what you've eaten recently and offer to skip repeats. The restaurants you swipe away during a solo veto session are kept on your device only. Your filter preferences (meal time, radius, dietary tags) are also stored.

Anonymous product analytics. We use PostHog to collect anonymous, aggregated event data — things like "a session started," "a session completed," "the wider-search button was tapped." Events are not tied to your identity, contact information, or precise location. We use this only to learn what's working and what's broken.

Crash and performance data. While the app is in TestFlight, Apple collects crash logs and basic performance data and shares them with us so we can fix bugs. This is governed by Apple's Privacy Policy.

What we don't collect

We don't run third-party ad networks. We don't sell, rent, or share your personal data with advertisers or data brokers. We don't fingerprint your device. We don't track you across other apps or websites. We don't train AI models on your activity.

How we use it

• To send you a TestFlight invite and occasional product updates.
• To run the app's features — finding restaurants, logging visits, returning results.
• To keep the service secure and to investigate abuse.
• To understand how the product is used in aggregate so we can improve it.
• To meet legal obligations or respond to lawful requests, which we'll push back on when we think they're overbroad.

Who we share it with

We use a small number of vendors to operate Veto. Each one receives only the data they need to do their job:

• Supabase (database and authentication, runs on AWS).
• Google Places API (restaurant data; receives your coarse location and filter parameters for each search).
• Apple (Sign in with Apple, TestFlight delivery, crash logs).
• Google (Sign in with Google, if you choose it).
• Resend (transactional email).
• PostHog (anonymous product analytics).
• Cloudflare (marketing site hosting and edge security).

We do not sell your personal data. If we ever consider it, this policy will be updated and you'll be told first.

Where data is stored

Account and session data is stored in Supabase, which runs on AWS infrastructure in the United States. If you're using Veto from outside the United States, your data is transferred to and processed in the US. We rely on Standard Contractual Clauses where required.

How long we keep it

We keep your account data for as long as your account is active. Active sessions older than 30 minutes are automatically marked complete. Visit history persists until you delete your account. Anonymous analytics events are retained for up to 24 months. Beta signup emails are kept until you ask us to remove them.

Your rights

You can ask us at any time to:

• See what data we have on you.
• Correct or update anything that's wrong.
• Delete your account and associated data.
• Stop sending you product emails (the unsubscribe link in any email also works).
• Receive a copy of your data in a portable format.

To delete your account during the beta: email [email protected] from the address tied to your account with the subject line "Delete my account." We'll confirm and process the deletion within seven days. (An in-app delete button is coming in a near-term update; we're prioritising it for the App Store release.)

We'll respond to other requests within 30 days, usually much faster. If you're in the EU/UK you have additional rights under GDPR; in California, under CCPA/CPRA; in Virginia, under the Virginia Consumer Data Protection Act. Those laws apply whether or not we've spelled them out here.

Cookies and tracking

The marketing site uses no cookies and no analytics. If we ever add them, we'll use a privacy-preserving option (like Cloudflare Web Analytics) that doesn't drop cookies or identify individual visitors, and we'll update this page before doing so.

Children

Veto isn't directed at children. We don't knowingly collect data from anyone under 13 in the US (or under 16 in the EU). If you believe a child has signed up, email us and we'll delete the account.

Changes

If we change this policy in any way that matters, we'll update the effective date at the top and — for material changes — email beta participants. Continued use of Veto after the new date means you accept the changes.

Contact

Email [email protected]. A human reads it.

Read the terms of service →