Data Compliance

Velora is fully compliant with the European Union's General Data Protection Regulation (GDPR). We act as a Data Controller for your account information and a Data Processor for the content you generate.

• Data Portability: You can request an export of all your generated videos and account data at any time.
• Right to be Forgotten: You can permanently delete your account and all associated data directly from your dashboard or by emailing us.
• Lawful Basis: We process data only when we have a lawful basis to do so (contractual necessity, consent, or legitimate interest).

For residents of California, Velora complies with the California Consumer Privacy Act (CCPA).

We DO NOT sell your personal information. Your data is used exclusively to provide our AI video generation service. California residents have the right to request access to their personal information and request deletion of their data.

To provide our service, we utilize third-party AI models (e.g., Google Gemini, OpenAI, ElevenLabs). We ensure that all sub-processors have strict Data Processing Agreements (DPAs) in place that prohibit them from using your private prompts or generated videos to train their base models without your explicit consent.

Our infrastructure is designed with security-first principles:

• Encryption in Transit: All communications between your browser and our servers are encrypted via TLS 1.3.
• Encryption at Rest: Database backups and stored media files are encrypted at rest using AES-256 encryption.
• Access Control: Internal access to user data is strictly limited to authorized personnel and protected via SSO and 2FA.
• Payment Security: We do not store raw credit card data. All payments are securely tokenized and handled by our PCI-DSS compliant processor (Razorpay).

If your organization requires a signed Data Processing Agreement (DPA) to use Velora, please contact our compliance team: