Terms and Privacy

Last updated: 27 April 2026

1. Agreement

By accessing or using any Veleriax product (including Frame and Brief, collectively "the Services"), you agree to these Terms of Service. If you do not agree, do not use the Services. The Services are operated by No 27 LLC FZ (trading as "Veleriax") from the United Arab Emirates.

2. The Services

No 27 LLC FZ operates a suite of products under the Veleriax brand:

Frame. A diagnostic intelligence platform that uses artificial intelligence to generate advisory reports. Frame processes user-submitted briefs through specialist AI agents and returns structured analysis.
Brief. A voice-first executive capture tool that structures spoken input into actions, decisions, and follow-ups.

Additional products may be added to the Services from time to time and will be covered by these terms.

Outputs are generated by AI and are advisory in nature. They do not constitute professional legal, financial, medical, or other regulated advice. You are responsible for any decisions made using the Services.

3. Accounts

You must provide accurate information when creating an account. You are responsible for maintaining the security of your account credentials. One account per person. Accounts are not transferable.

4. Subscriptions and Payment

Veleriax offers free and paid subscription tiers across its products. Paid subscriptions are billed monthly in AED through Stripe. Prices are displayed at the point of purchase and may change with 30 days' notice.

You may cancel at any time. Cancellation takes effect at the end of the current billing period. No refunds are issued for partial billing periods. Session and usage limits reset at the start of each billing period.

5. Acceptable Use

You may not use the Services to:

Generate content that is unlawful, harmful, threatening, or fraudulent
Attempt to circumvent session limits, rate limits, or access controls
Reverse-engineer, scrape, or extract the underlying models or prompts
Resell, redistribute, or commercially sublicence the outputs without written permission
Submit content containing personal data of third parties without their consent

We reserve the right to suspend or terminate accounts that violate these terms.

6. Intellectual Property

You own the content you submit and the outputs generated from it. No 27 LLC FZ retains ownership of the Services, their design, and the underlying agent architecture. You grant us a limited licence to process your submitted content solely to deliver the Services.

7. Limitation of Liability

The Services are provided "as is" without warranty of any kind. To the maximum extent permitted by UAE law, No 27 LLC FZ shall not be liable for any indirect, incidental, or consequential damages arising from your use of the Services.

Our total liability for any claim arising from the Services shall not exceed the amount you paid in the 12 months preceding the claim.

8. Governing Law

These terms are governed by the laws of the United Arab Emirates. Any dispute shall be resolved in the courts of the Emirate in which No 27 LLC FZ is registered.

9. Changes

We may update these terms from time to time. Material changes will be communicated via the email address associated with your account. Continued use of the Services after changes constitutes acceptance.

1. What We Collect

We collect the minimum data required to operate the Service:

Account data. Email address, name (as provided to your authentication provider — Sign in with Apple via Supabase Auth for Brief).
Session data. The content you submit, the outputs generated, and session metadata (timestamps, model used, token counts).
Payment data. Processed by Stripe. We do not store card numbers or bank details. We receive your subscription status and billing identifiers only.
Usage data. Session counts, tier, and rate-limiting information necessary to enforce subscription limits.

2. How We Use Your Data

To operate and deliver the Services
To process payments and manage subscriptions
To enforce session limits and acceptable use
To communicate service updates and material changes to these terms

We do not use your submitted content or session data to train AI models. Your sessions are private to your account.

3. Third-Party Processors

We use the following third-party services to operate Veleriax's products. Each processor handles data under its own privacy policy and applicable data-protection obligations. None of them use your content to train AI models per their current commercial API terms.

Sign in with Apple. Authentication for Brief. Apple issues an identity token; Apple does not receive your captured content. Privacy policy.
Clerk. Authentication for Frame. Privacy policy.
Stripe. Payment processing. Privacy policy.
Supabase. Database, file storage, and (for Brief) authentication session management. Privacy policy.
Groq. Voice transcription for Brief (primary). Receives audio of voice captures and returns text. Privacy policy.
OpenAI. Voice transcription fallback for Brief, and lightweight text classification (GPT-4o-mini). API data usage policy.
Anthropic. AI model provider for Brief and Frame. Processes transcripts and submitted content to generate structured outputs and briefs. Privacy policy.
Vercel. Application and proxy hosting. Privacy policy.

4. Data Retention

Session data is retained for as long as your account is active. If you delete your account, your session data will be removed within 30 days. Payment records may be retained longer as required by UAE financial regulations.

5. Your Rights

You may request access to, correction of, or deletion of your personal data by contacting hello@veleriax.com. We will respond within 30 days.

6. Security

We use HTTPS throughout, enforce authentication on all API endpoints, and restrict cross-origin access to veleriax.com domains only. Session data is stored in a managed database with row-level access controls. No system is perfectly secure, but we take reasonable measures to protect your data.

7. Contact

For any questions about these terms or your data, contact us at hello@veleriax.com.

1. About this section

Brief is a voice-first capture and reflection app for iOS. You speak, Brief structures what you said into meetings, actions, notes, questions, and contacts, and surfaces what needs your attention. The reflective layer reads back what you have been thinking, what is recurring, and what you committed to but have not followed up on. This section explains exactly what that means for your data, over and above the general Privacy Policy on this page.

2. What Brief Collects

Voice recordings. Made when you tap the capture button. Each recording is streamed to a transcription provider and the resulting text is stored. The audio file itself is not retained server-side beyond what is needed to obtain the transcript.
Captured content. The structured records produced from your voice (meetings, actions, notes, questions, contacts) plus any text you add or edit by hand.
Vector embeddings. A numerical representation of each captured item, generated server-side and stored alongside it. Embeddings let Brief retrieve relevant items when you ask a question and let it identify recurring themes for the morning Reflection. They cannot be reversed back to text.
Attachments. Photos, PDFs, or other files you choose to attach to a captured item, plus a short AI-generated summary of each.
Calendar events. Read access to your iOS Calendar for the date range Brief shows; write access only when Brief creates a calendar event from a meeting you captured.
Account record. Your Apple Sign-In identifier, email (if you choose to share it), and a UUID Supabase issues to your account.

3. Where Brief's Data Goes

Voice recording → Speechmatics (live streaming) with Groq Whisper and OpenAI Whisper as fallbacks. Each provider returns text only; audio is not retained or used for training under their commercial API terms.
Transcript → OpenAI (GPT-4o-mini) for cleanup, date resolution, and a short classification of whether the input is a capture, a question, or a brief request.
Transcript → Anthropic (Claude Sonnet) for structured extraction (turning the spoken content into typed records), for generating briefs on people, companies, and meetings, for answering questions you ask of your own corpus, and for composing the morning Reflection.
Captured text → OpenAI (text-embedding-3-small) to produce the vector embedding for retrieval. Returns numerical vectors only.
All structured records, embeddings, and attachments → Supabase, scoped to your account. Other Brief users cannot read or write your data; database row-level security enforces this server-side.
Reflection voice playback stays on the device. The morning briefing and answer playback use Apple's on-device speech engine (Speech.speak). The text being spoken does not leave the phone for synthesis.

4. iOS Permissions

Microphone. Required. Brief cannot capture without it. Recording only happens while you hold the capture button.
Calendar (read and write). Optional. Used to show your meetings alongside captured ones, and to create a calendar event when you capture a meeting by voice.
Photo library and Camera. Optional. Used only when you attach an image to a captured item.
Notifications. Optional. Used to send daily-brief and reminder notifications you configure in Settings.

5. Training

None of the third-party processors named above use your content to train AI models, per their current commercial API terms. Brief itself does not train any model on your data.

6. Account Deletion

You can permanently delete your Brief account from Settings → Account → Delete Account. Deletion removes your authentication record and every captured item, action, note, question, and contact. It cannot be undone. Attachments stored in object storage are removed in a follow-up sweep.

7. Data Retention

Captured items live in your Brief account until you delete them individually or delete your account. Voice recordings are not retained beyond the transcription call. Server-side logs related to authentication are retained for 30 days.

8. Contact

Questions about Brief and your data: hello@veleriax.com. We respond to access and deletion requests within 30 days.