veyn Home

Privacy Policy

Veyn — Palm Reading App

Effective Date: April 27, 2026 Last Updated: April 27, 2026

This document was prepared as a template. It is not legal advice. You should have a qualified attorney review this policy before publishing your app.

1. Who We Are

Veyn is operated by YA TSEEN LLC, a company organized under the laws of Alaska, United States.

Contact: Email: privacy@veyn.me Mailing address: [Street Address, City, State, ZIP]

When this policy says "we," "us," or "our," it means YA TSEEN LLC. When it says "you" or "your," it means you — the person using the Veyn app.

2. Scope

This Privacy Policy applies to the Veyn iOS application and any related services we operate (collectively, the "Service"). It does not apply to third-party websites or services that we link to.

3. Information We Collect

We collect only what we need to deliver the Service to you. Here is exactly what that means.

3.1 Palm Photos You Submit

  • What: When you request a palm reading, you submit a photo of your palm through the app.
  • How it's used: The photo is transmitted to our server-side AI pipeline (described in Section 5) for analysis. We do not store the image on our servers after inference is complete.
  • Retention: Palm photos are automatically deleted from our servers within 30 days of the inference request. In practice, deletion typically occurs within hours. Reading results (the text output) are stored only on your device and are not retained by us.
  • Important: We do not treat palm images as biometric identifiers, and we do not use them to identify you or build a profile about you. We do not sell, license, or share your photos with any third party except as necessary to perform the AI inference described in Section 5.

3.2 Device Identifiers

  • What: We use a device-level identifier (e.g., an anonymized device token or IP address hash) for rate limiting — to enforce the free-tier reading limit (3 readings) and to prevent abuse.
  • How it's used: Rate-limiting enforcement only. We do not link this identifier to your identity.
  • Retention: Rate-limit records are purged on a rolling 30-day basis.

3.3 In-App Purchase Data

  • What: When you purchase a credit pack or subscribe to Palm+, Apple processes the transaction. We receive from Apple a non-reversible purchase receipt confirming what was purchased and when.
  • What we don't receive: We never see your credit card number, Apple ID email, or billing address. Apple handles all payment processing.
  • Retention: Purchase receipts are retained for as long as your account exists (or up to 7 years for tax and legal compliance), whichever is longer.

3.4 Crash and Diagnostic Data

  • What: If the app crashes, Apple may collect crash logs and share them with us through App Store Connect. These logs contain device model, iOS version, and a stack trace.
  • How it's used: Debugging and fixing bugs only.
  • Retention: Crash logs are retained for 90 days and then deleted.

3.5 What We Do Not Collect

We do not collect:

  • Your name, email address, or any account credentials (there is no user account in Veyn)
  • Location data or GPS coordinates
  • Contacts, calendars, or any other device data
  • Sensitive personal information such as health data, financial data, racial or ethnic origin, or religious beliefs
  • Any data for advertising or behavioral profiling
  • Any data that is sold to third parties — we do not sell your data, period

4. How We Use Your Information

DataPurposeLegal Basis (GDPR)
Palm photosAI inference to generate your readingPerformance of service (Art. 6(1)(b)); Legitimate interest (Art. 6(1)(f))
Device identifiersRate limiting and abuse preventionLegitimate interest (Art. 6(1)(f))
Purchase receiptsDelivering purchased features; tax/legal record-keepingPerformance of contract (Art. 6(1)(b)); Legal obligation (Art. 6(1)(c))
Crash logsDebugging and quality improvementLegitimate interest (Art. 6(1)(f))

We do not use your information for:

  • Targeted advertising
  • Selling or renting to data brokers
  • Training AI models on your personal data
  • Any automated decision-making that produces legal or similarly significant effects on you

5. Third Parties Who Receive Your Data

We use a small number of third-party services to operate Veyn. Here is exactly what each one receives and why.

5.1 OpenAI, LLC

  • What they receive: Your palm photo (transmitted via our Cloudflare Worker proxy) for AI image analysis.
  • Why: OpenAI's GPT-4o vision model performs the palm reading inference.
  • Their policy: OpenAI Privacy Policy
  • Data handling: OpenAI processes the image to generate the reading. Per OpenAI's API terms, data submitted via the API is not used to train OpenAI's models by default. We transmit the minimum necessary data (the image and a system prompt).
  • Location: OpenAI operates in the United States. See Section 9 (International Transfers) for more.

5.2 Cloudflare, Inc.

  • What they receive: Your palm photo passes through a Cloudflare Worker (our server-side proxy) on its way to OpenAI. Cloudflare may also see your IP address as part of standard network routing.
  • Why: The Cloudflare Worker acts as our backend — it authenticates requests, enforces rate limits, and relays them to OpenAI so our API keys are never exposed in the app.
  • Their policy: Cloudflare Privacy Policy
  • Location: Cloudflare operates globally. Traffic routing depends on your location.

5.3 Apple, Inc.

  • What they receive: All in-app purchase and subscription transactions are processed directly by Apple through the App Store. Apple also collects crash data and app analytics as described above.
  • Why: Apple is the platform operator. We have no choice but to use their payment and distribution systems.
  • Their policy: Apple Privacy Policy

5.4 No Other Third Parties

We do not use:

  • Third-party analytics SDKs (e.g., Firebase, Mixpanel, Amplitude)
  • Third-party advertising networks
  • Social media tracking pixels
  • Any other data-collection SDKs in the app

6. Data Retention

Data typeRetention period
Palm photos (server-side)Deleted within 30 days of inference; typically within hours
Reading results (text)Stored on-device only; we hold no copy
Device identifiers (rate limiting)Rolling 30 days
Purchase receiptsDuration of account + up to 7 years
Crash logs90 days

When retention periods expire, we permanently delete the data.

7. Your Rights

For Everyone

You may:

  • Request access to data we hold about you
  • Request deletion of data we hold about you
  • Request correction of inaccurate data

To exercise any of these rights, email us at privacy@veyn.me. We will respond within 30 days.

Because Veyn does not require account creation, we may need a device identifier or purchase receipt to locate your data.

For California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to Know: You may request a list of the categories and specific pieces of personal information we have collected about you in the past 12 months, the sources, the business or commercial purpose, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt Out of Sale / Sharing: We do not sell or share personal information for cross-context behavioral advertising. There is nothing to opt out of, but you have this right.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary to provide the Service.

To submit a California privacy request: Email privacy@veyn.me with the subject line "California Privacy Request." We will verify your identity and respond within 45 days (extendable by another 45 days if we notify you).

For EU / EEA / UK Residents (GDPR / UK GDPR)

If you are located in the EU, EEA, or UK, you have the following rights:

  • Access (Art. 15): Request a copy of the personal data we hold about you.
  • Rectification (Art. 16): Request correction of inaccurate data.
  • Erasure (Art. 17): Request deletion ("right to be forgotten") subject to legal exceptions.
  • Restriction (Art. 18): Request that we limit processing of your data in certain circumstances.
  • Portability (Art. 20): Receive a machine-readable copy of data you have provided where processing is based on consent or contract.
  • Object (Art. 21): Object to processing based on legitimate interests.
  • Withdraw Consent: Where processing is based on consent, you may withdraw at any time.

To exercise these rights, email privacy@veyn.me. You also have the right to lodge a complaint with your local data protection authority (e.g., your EU Member State's DPA, or the UK ICO).

Legal Basis Summary: We process your data under Article 6(1)(b) (performance of contract), Article 6(1)(c) (legal obligation), and Article 6(1)(f) (legitimate interests) as described in Section 4. We do not rely on consent as our primary legal basis for any ongoing processing.

8. Children's Privacy

Veyn is rated 17+ on the App Store. We do not knowingly collect personal information from anyone under the age of 17. If you believe a child under 17 has submitted data to our Service, please contact us at privacy@veyn.me and we will delete it promptly.

We do not direct Veyn to children and take reasonable steps to ensure children do not access the Service.

9. Security

We implement the following measures to protect your data:

  • Palm photos are transmitted over HTTPS (TLS 1.2+) between the app, our Cloudflare Worker, and OpenAI.
  • Our Cloudflare Worker validates requests before forwarding them, preventing unauthorized API access.
  • We do not store palm photos in a persistent database — they are processed in memory and discarded.
  • Purchase receipts are stored in an encrypted database with access controls.
  • We conduct periodic security reviews of our infrastructure.

No system is 100% secure. If you discover a security vulnerability, please report it to privacy@veyn.me.

10. International Data Transfers

Veyn is operated from the United States. If you use the Service from outside the United States, your data (including palm photos) will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

For users in the EU/EEA/UK:

  • Transfers to the United States are made on the basis of Standard Contractual Clauses (SCCs) adopted by the European Commission, where applicable, or other lawful transfer mechanisms.
  • OpenAI and Cloudflare maintain their own transfer mechanisms. See their respective privacy policies linked in Section 5.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  1. Update the "Last Updated" date at the top of this document.
  2. Notify you through a notice within the app.

Your continued use of the Service after the effective date of the updated policy constitutes acceptance of the changes. If you do not agree to the updated policy, you should stop using the Service.

12. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please contact us:

Email: privacy@veyn.me Mailing address: YA TSEEN LLC, [Street Address, City, State, ZIP]

We aim to respond to all inquiries within 30 days.

Veyn Privacy Policy — © YA TSEEN LLC. All rights reserved.