Legal

Privacy Policy

How the Velvet Elves application handles your information, in plain language.

Last updated: July 6, 2026

Who we are and what this covers

Velvet Elves is operated by Orange Door, LLP, doing business as Velvet Elves, organized in Indiana, USA. This policy covers the Velvet Elves application, the product you sign in to for transaction coordination. The marketing website you may have arrived from has its own, much shorter privacy note, because the website itself collects almost nothing.

What we collect

Account information. Your name, email address, role, and brokerage or team, provided when you or your workspace admin create your account.

Transaction records. The deals you and your team manage in Velvet Elves: contracts and documents you upload, parties and their contact details, dates, deadlines, tasks, notes, and the communication history logged to each transaction.

Google user data, only if you connect Google. Connecting Gmail or Google Calendar is optional and happens through Google’s own consent screen. What we access when you do is described in the next section.

Google user data (Gmail and Calendar)

When you connect your Gmail account, Velvet Elves requests the minimum access the features need:

  • Your connected address and basic profile, so the app can show which mailbox is connected and route mail correctly.
  • Reading incoming messages, so transaction-related email can be matched to the right deal, logged in that deal’s communication history, and used to prepare draft replies for your review.
  • Sending messages, used only when you click Approve & Send or Edit & Send on a specific message. The reply is sent from your own Gmail address and recorded on the transaction. Velvet Elves never sends email on its own.
  • Calendar events, only if you separately connect Google Calendar, so transaction deadlines you choose to sync appear in your calendar.

We do not request the ability to modify, label, archive, or delete anything in your mailbox. The sign-in tokens Google issues, and your connected address, are stored encrypted. Disconnecting in Settings stops all further access immediately.

Limited Use. Velvet Elves’ use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In practice that means Google user data is used only to provide the transaction features you see, and is never sold, never used for advertising or retargeting, never used to determine creditworthiness, and never used to train generalized or foundation AI models.

How AI features use your data

Velvet Elves drafts replies, summarizes correspondence, and reads uploaded contracts so you do not have to retype them. Everything the AI produces is a draft shown to you or your team for review; no email is sent and no record is changed without a person approving it.

To generate a draft or summary, the relevant content (for example, the message being answered and the transaction context) is processed by an AI model provider configured for the platform, currently OpenAI or Anthropic. Our use of these providers prohibits them from training their models on your data. We send only what the specific feature needs, never a bulk export of your mailbox or your account.

Who we share data with

We do not sell your information, and we do not share it with anyone for their own marketing. Velvet Elves runs on a small set of service providers that process data on our behalf:

  • Amazon Web Services, application hosting
  • Supabase, database and authentication
  • Stripe, payment processing (card details go to Stripe, not to us)
  • SendGrid, transactional email such as invitations and notifications
  • OpenAI or Anthropic, AI drafting and document reading, as described above
  • Google APIs, only for the Google account you chose to connect

Beyond these providers, we disclose information only if the law requires it, or with your direction (for example, when you invite a client or vendor into a transaction and they see what you share with them).

How we protect it

All traffic is encrypted in transit over HTTPS. Sign-in tokens for connected accounts and sensitive personal fields are encrypted at rest. Every workspace’s data is isolated by tenant and role, so members of one brokerage can never read another’s records, and each transaction keeps an audit trail of who changed what and when.

Retention and deletion

We keep your data while your account is active. Transaction records are business records for your brokerage, so they are retained for as long as your workspace needs them, including any retention your local regulations require.

You can disconnect Gmail or Google Calendar at any time in Settings, which stops all further access to that account. You can also revoke Velvet Elves’ access from your own Google Account security page. To request deletion of stored data, including Google-derived data, email support@velvetelves.com. We complete deletion requests within 30 days, except for specific records we must keep for legal, compliance, or transaction-record obligations, which we preserve only as long as those obligations require. The step-by-step process is on the data deletion page.

Contact

Questions about this policy or your data: email support@velvetelves.com. Orange Door, LLP dba Velvet Elves, Indiana, USA. We update this page when our practices change; the date at the top reflects the latest revision.