Trust & Safety

Private by design.
Compliant by law.

VELA is built on the principle that privacy and compliance are not opposites. You can have both โ€” and you deserve both.

Security Architecture

How we protect you.

๐Ÿ”
End-to-End Encryption

Every message is encrypted on your device before it leaves. Only you and the recipient hold the keys. Not VELA, not any government, not any hacker.

Signal Protocol
๐Ÿ“ก
Peer-to-Peer Architecture

Messages travel directly between devices. Our server only facilitates the initial handshake โ€” it never sees, stores, or processes your message content.

WebRTC
๐Ÿชช
Zero-Knowledge Identity

You sign up with a username and password only. We don't know your real name, phone number, or location unless you voluntarily share it on your profile.

No Phone Required
๐Ÿ“ฆ
Minimal Data Storage

We store only what's necessary: your username, encrypted profile data, and connection graph. Message content is never stored on our servers.

GDPR by Architecture
๐Ÿ”‘
Key Rotation

Encryption keys rotate automatically. Even if a key were ever compromised, past messages remain secure. Forward secrecy built in at the protocol level.

Double Ratchet
๐Ÿง…
Optional Tor Routing

Advanced users can route traffic through Tor for additional anonymity. IP addresses are never logged by default. Privacy is the default, not the exception.

Phase 2
Regulatory Compliance

KYC that follows your rules.

Different countries have different rules. VELA doesn't apply one-size-fits-all KYC. Instead, verification requirements are triggered only when local law requires it โ€” and only for the specific actions that require it.

Region
Messaging
Marketplace
KYC Required
๐Ÿ‡ฆ๐Ÿ‡ช UAE / GCC
โœ“ Free
โœ“ Permitted
Emirates ID for transactions >AED 5,000
๐Ÿ‡ช๐Ÿ‡บ European Union
โœ“ Free
โœ“ Permitted
GDPR compliant ยท AML5 for >โ‚ฌ1,000
๐Ÿ‡บ๐Ÿ‡ธ United States
โœ“ Free
โœ“ Permitted
FinCEN BSA compliance ยท SSN for >$600
๐Ÿ‡ฌ๐Ÿ‡ง United Kingdom
โœ“ Free
โœ“ Permitted
FCA guidelines ยท ID for >ยฃ1,000
๐Ÿ‡น๐Ÿ‡ท Turkey
โœ“ Free
โœ“ Permitted
MASAK compliance ยท TC Kimlik for transactions
๐Ÿ‡ฎ๐Ÿ‡ณ India
โœ“ Free
โœ“ Permitted
PMLA ยท Aadhaar / PAN for >โ‚น50,000
๐ŸŒ Others
โœ“ Free
Case by case
Assessed per jurisdiction on launch
Message Security Flow

What happens when
you send a message.

1
You type a message

The message exists only in your device's memory. Nothing has been transmitted yet. Your keystrokes are never sent anywhere.

On-Device Only
2
Encrypted on your device

Using the Signal Protocol's Double Ratchet algorithm, the message is encrypted with a session key known only to you and the recipient. This happens before any network call.

Signal Protocol
3
VELA server finds the recipient

Our server receives only the encrypted blob and the recipient's ID. It cannot read the content. It matches the recipient and routes the blob โ€” like a sealed envelope.

Zero-Knowledge Routing
4
P2P connection established

If both users are online, a WebRTC peer-to-peer channel opens. The encrypted message travels directly device-to-device. Our server is no longer involved.

WebRTC P2P
5
Decrypted on recipient's device

Only the recipient's device holds the private key needed to decrypt the message. Even if someone intercepted the encrypted blob mid-transmission, they could not read it.

E2EE
6
Auto-translated (if enabled)

After decryption, if auto-translation is on, the plaintext is translated locally on the recipient's device using an on-device model. The translation never leaves the device.

On-Device ยท ML Kit