Privacy Policy

Last updated: 2026-06-10

Stellarium (“we”, “us”) sets out this Privacy Policy regarding personal data and other information handled in Velalix (the “Service”), an advertising analytics and reporting service.

1. Information We Collect

  • Account information: name, email, and authentication data (via Supabase Auth).
  • Advertising & analytics data: campaign, metric, and report data retrieved from Google Ads, Meta Ads, and Google Analytics 4 with your authorization.
  • Integration tokens: platform access/refresh tokens (stored server-side).
  • Billing data: plan and invoice history. Card details are processed by Stripe; we do not store card numbers.
  • Usage logs & cookies: access and operation logs, and cookies for session management.

2. How We Use Information

  • To provide the Service: analyzing, visualizing, and reporting advertising data.
  • Account management, billing, and support.
  • Fraud prevention, quality improvement, and legal compliance.

3. Subprocessors & Disclosure

We use the following providers as needed to operate the Service:

  • Supabase (authentication & database)
  • Vercel (hosting)
  • Stripe (payment processing)
  • Google (Ads/Analytics API) and Meta (Ads API): data retrieval with your authorization
  • Google Gemini (AI analysis and report commentary drafts): only aggregated advertising metrics are sent; inputs are not used to train models
  • Sentry (error monitoring): only pseudonymous user identifiers are sent
  • Upstash (caching & rate limiting)

We do not sell or share personal data with third parties without your consent, except as required by law.

4. Advertising Platform Data

Data obtained via Google and Meta APIs is used solely to provide the Service’s features, in accordance with each platform’s API policies. We do not sell or repurpose this data for advertising to third parties.

Velalix’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Data obtained via Meta’s Marketing API (ad account information, campaign/ad set/ad settings, and performance metrics) is used only to display analytics and reports to you and to perform actions you explicitly request (such as pausing a campaign).

5. Retention & Deletion

  • Daily advertising aggregates are retained for up to 13 months, AI analysis caches for 90 days, and read notifications for 30 days, after which they are automatically deleted.
  • On disconnection, the relevant platform access/refresh tokens are promptly deleted.
  • Upon account deletion request, related data is removed except where retention is legally required.

How to delete your data

  1. Delete connected data: sign in → “Settings” → open the menu of the platform card (Meta / Google / GA4) and select “Disconnect”. Tokens and connected data are deleted promptly.
  2. Delete your account and all data: email bluesnow@stellarium.jp from your registered address with the subject “Data Deletion Request”. We will delete your account information, integration tokens, and retrieved advertising data within 30 days and confirm completion.

6. Your Rights (GDPR / CCPA)

You may request access to, correction, restriction, or deletion of your personal data. EEA residents have rights under the GDPR; California residents have rights under the CCPA/CPRA. Contact us to exercise these rights.

7. International Data Transfers

The Service uses cloud providers that may process data outside your country, including outside Japan. We apply appropriate safeguards under applicable law (e.g. GDPR) for such transfers.

8. Cookies

We use cookies to maintain login state and understand usage. You can disable them in your browser, but some features may not work.

9. Security

We apply reasonable safeguards including encryption, access control (e.g. row-level security), and HTTPS.

10. Changes

We may update this policy; changes take effect when posted on the Service.

11. Contact

For privacy inquiries: bluesnow@stellarium.jp