πŸ”’ Legal Document

Privacy Policy

Last updated: June 14, 2026 | Questions? office@velorastudio.in

This Privacy Policy explains how Velora ("we", "our", or "us") collects, uses, and protects your personal information when you use our AI video generation platform at velorastudio.in. This policy applies globally and covers users from all jurisdictions, including the European Union (GDPR), California (CCPA), Canada (PIPEDA/CASL), Brazil (LGPD), India (DPDPA 2023), and other regions.

1. Information We Collect

We collect information you provide directly when creating an account, including your full name, email address, password (bcrypt-hashed β€” never stored in plaintext), and country. During payment, billing information is processed securely by Razorpay β€” we do not store raw card numbers, CVV codes, or full bank account information. We also automatically collect:
  • IP addresses (for abuse prevention and rate limiting)
  • Browser and OS type (for service compatibility)
  • Video topics and script inputs you provide (to fulfill generation requests)
  • Usage patterns (session timestamps, feature usage β€” no behavioral profiling for ads)
  • Payment transaction IDs and amounts (for billing records)

We collect the minimum data necessary to provide the service ("data minimisation" per GDPR Article 5).

2. Legal Basis for Processing (GDPR)

For users in the European Economic Area, our legal basis for processing personal data is:
  • Contract Performance (Art. 6(1)(b)) β€” Processing your account data, generation requests, and billing to provide the service
  • Legitimate Interests (Art. 6(1)(f)) β€” Security monitoring, fraud prevention, and platform improvement
  • Consent (Art. 6(1)(a)) β€” Marketing communications and newsletter subscriptions (you may withdraw at any time)
  • Legal Obligation (Art. 6(1)(c)) β€” Retaining financial records as required by tax and commercial law

3. How We Use Your Data

Your data is used exclusively to:
  • Provide and operate the Velora video generation service
  • Generate AI video content via integrated third-party AI models
  • Process secure billing and subscription management through Razorpay
  • Send transactional emails (account verification, password reset, billing receipts)
  • Send marketing emails only with your explicit opt-in consent
  • Detect and prevent abuse, fraud, and policy violations
  • Improve platform performance metrics and user experience

We do not sell your personal data to any third-party marketing services. We do not build advertising profiles on you.

4. Third-Party AI Providers and Data Processors

Velora integrates with external AI providers to power its features. These providers act as data processors under GDPR:
  • Google (Gemini) β€” AI script generation. Privacy Policy
  • ElevenLabs β€” Premium voice synthesis. Privacy Policy
  • Razorpay β€” Payment processing. Privacy Policy
  • Cloudflare R2 β€” Video file storage
  • Kling / Wan / Veo 3 β€” AI video generation (paid plans)
  • Sentry β€” Error monitoring (may include stack traces)

Your topic inputs and scripts are sent to these providers solely to fulfill your video generation requests. Each provider operates under their own privacy policy and applicable data protection obligations.

5. YouTube API Services & Google Integrations

Our platform allows you to automatically publish your generated AI videos directly to your YouTube channel using Google OAuth. By connecting your YouTube account and utilizing this feature, you agree to be bound by the YouTube Terms of Service.

Velora uses YouTube API Services to authenticate your account, upload the videos you explicitly ask us to upload, and fetch basic metadata/analytics for those specific videos to display in your dashboard.

We do not collect, modify, or delete any videos on your channel that were not created and published via Velora. We do not share your Google user data with external third parties.

Please review the Google Privacy Policy to understand how Google treats your data. You can revoke Velora's access to your YouTube account at any time via the Google Security Settings page.

6. International Data Transfers

Velora is incorporated in India and our servers are primarily located in the EU (Railway, Cloudflare). When your data is transferred from the EU/EEA to India, we ensure appropriate safeguards under GDPR Chapter V, including:

  • Standard Contractual Clauses (SCCs) with all data processors outside the EEA
  • Transfers to providers with EU-US Data Privacy Framework certification where applicable

7. Cookies and Tracking

We use strictly necessary cookies only to maintain your authenticated session (JWT token). These cookies are essential for the service to function and do not require your consent under GDPR or ePrivacy Directive.

We do not use advertising cookies, cross-site tracking cookies, or sell behavioral data. We may use minimal, privacy-respecting analytics (without individual identification) to understand high-level usage patterns.

8. Data Retention Policy

  • Account data: Retained until you request deletion
  • Generated videos: Subject to automatic deletion when storage quota is reached (oldest first); deleted within 30 days of account closure
  • Billing records: Retained for 7 years as required by Indian tax law (GST Act) and applicable financial regulations
  • Security/abuse logs: Retained for 12 months for fraud prevention
  • Newsletter subscriptions: Retained until you unsubscribe

9. Your Rights β€” Global

Depending on your jurisdiction, you have the following rights:

  • Right of Access β€” Request a copy of your personal data (GDPR Art. 15, CCPA, PIPEDA, LGPD)
  • Right to Rectification β€” Correct inaccurate or incomplete data (GDPR Art. 16)
  • Right to Erasure β€” Request deletion of your data (GDPR Art. 17, CCPA, LGPD, DPDPA)
  • Right to Portability β€” Export your data in machine-readable format via account settings (GDPR Art. 20)
  • Right to Object β€” Opt out of certain processing activities (GDPR Art. 21)
  • Right to Restrict Processing β€” Limit how we use your data in certain circumstances (GDPR Art. 18)
  • CCPA β€” Do Not Sell β€” We do not sell your personal information. California residents may submit CCPA requests to us directly
  • LGPD (Brazil) β€” Brazilian users have additional rights including confirmation of processing and anonymisation
  • DPDPA (India 2023) β€” Indian users have the right to access, correct, erase, and withdraw consent under the Digital Personal Data Protection Act 2023

To exercise any of these rights, email office@velorastudio.in. We will respond within 30 days (as required by GDPR Article 12). EU residents may also lodge a complaint with their local data protection authority (DPA).

10. Data Security and Breach Notification

We implement industry-standard security measures including HTTPS/TLS encryption for all data in transit, bcrypt password hashing, JWT-based authentication with expiry, server-side access controls, Redis-backed rate limiting, and automated abuse detection.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware (GDPR Article 33)
  • Notify affected users without undue delay when the breach is likely to result in a high risk to their rights
  • Maintain an internal record of all personal data breaches per GDPR Article 30

11. Children's Privacy (COPPA / GDPR-K)

Velora is not directed at children under 16. We do not knowingly collect personal information from children under 16 without verifiable parental consent. If you are under 13 (US) or under 16 (EU), please do not use Velora without parent/guardian consent. If we discover we have inadvertently collected data from a child below the applicable age threshold, we will delete it promptly. Contact us at office@velorastudio.in to report such cases.

12. Canadian Users (PIPEDA / CASL)

For users in Canada, our data practices comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). We collect, use, and disclose personal information only with your knowledge and consent, for the purposes described in this policy.

Marketing emails are sent only with your explicit opt-in consent as required by Canada's Anti-Spam Legislation (CASL). Every marketing email includes a clearly visible, functional unsubscribe mechanism. You may withdraw consent at any time.

13. Contact Our Privacy Team

For any questions, data requests, or privacy concerns, please contact our team:
πŸ“§ Privacy & Data Protection Contact
office@velorastudio.in
Response time: within 30 days as required by GDPR Article 12