Privacy Policy

Effective date: April 2026

This Privacy Policy explains how Velora AI collects, uses, and protects your information when you use our Instagram automation platform. We are committed to your privacy and handle your data with care.

1. Who We Are

Velora AI (“Velora”, “we”, “us”, “our”) operates the platform available at get-velora-ai.com. We provide AI-powered Instagram automation services for online stores — including automated DM management, content creation, and analytics.

For privacy-related inquiries, contact us at support@get-velora-ai.com.

2. Data We Collect

Account & Profile Data

Name, email address, and hashed password used for Velora account creation
Billing address for GST invoicing purposes

Instagram & Meta Data

Instagram profile information: username, name, bio, profile picture, follower and following counts
Instagram posts, captions, engagement metrics (likes, comments, shares, saves, reach, impressions)
Instagram Direct Messages (DMs): conversation threads between your customers and your account — accessed to power the AI bot
Instagram API access tokens, stored encrypted at rest
All Instagram data is accessed via the official Meta Graph API with your explicit authorization

Payment Information

Transaction records, plan details, and billing dates are stored by Velora
Raw card numbers and banking credentials are never stored by Velora — payments are processed by Razorpay (INR) or Stripe (USD) per their respective security policies
Payment records are retained for 7 years as required by Indian tax law (GST compliance)

Usage & Technical Data

Dashboard activity, feature usage patterns, and error logs for improving the service
Browser type, IP address, and device type for security and fraud prevention
Store knowledge base data you provide: product listings, policies, location, payment methods

3. How We Use Your Data

To operate the Velora AI service exclusively for your store — your data is never used for any other store
To generate AI-powered replies to your customers' DMs in your store's voice and language
To create, schedule, and publish content (posts, reels, stories) on your Instagram account on your behalf
To generate analytics reports, weekly briefings, and performance insights for your dashboard
To process subscription payments and generate GST-compliant invoices
To send you service notifications, weekly briefings, and important account updates
We do NOT sell your data to any third parties
We do NOT use your store's DM data or knowledge base to train AI models for other stores
We do NOT use your data for advertising or marketing to third parties

4. Who Can Access Your Data

You — the store owner

Full access to all your store's data via your Velora dashboard. You can view, edit, and delete your information at any time.

Velora AI system

Automated access to operate the DM bot, generate content, and produce analytics. Access is strictly limited to what is necessary to run the service for your account.

Velora admin (internal)

Limited internal access for technical support, debugging, and platform maintenance. Admin access is logged and restricted.

No third parties

No data brokers, advertisers, analytics companies, or other third parties have access to your store data. The only external services we use are Supabase (database infrastructure), Razorpay/Stripe (payments), OpenAI (AI processing), and Meta (Instagram API).

5. Instagram Data Usage (Meta Platform Policy)

Velora AI accesses your Instagram data exclusively through the official Meta Graph API. During the Instagram connection flow, you explicitly authorize the specific permissions Velora needs. You can review and revoke these permissions at any time through your Instagram settings under Settings → Security → Apps and Websites.

We comply with Meta's Platform Terms and Developer Policies. Your Instagram password is never shared with or seen by Velora — all authentication happens directly on Meta's domain through OAuth.

Instagram DM data (messages between your customers and your account) is used solely to generate AI responses on your behalf. Message content is stored in our database to maintain conversation context. We do not read, analyze, or share this data beyond what is necessary to operate the bot for your account.

Velora uses Instagram data only as authorized by the user for the stated purpose. We do not scrape, store, or re-use Instagram data beyond operating the service.

6. Data Retention

DM conversations: Stored for 1 year from the date of each conversation, then permanently deleted
Posts & content: Stored indefinitely while your account is active
Analytics snapshots: Stored for 2 years
Payment records: Retained for 7 years per Indian GST law requirements
Account data: Retained while your subscription is active, plus a 30-day grace period after cancellation
Account deletion: After cancellation + 30-day grace period, all data except payment records is permanently deleted. Email support@get-velora-ai.com to request immediate deletion

7. Data Security

All data stored in Supabase (PostgreSQL) with row-level security — each store's data is completely isolated
Store A cannot access Store B's data under any circumstances
Instagram access tokens are encrypted at rest using industry-standard encryption
All data transmission uses HTTPS/TLS — no unencrypted data transfer
Passwords are hashed using bcrypt and never stored in plaintext
Admin access is logged and requires authenticated credentials
We perform regular security reviews and promptly patch vulnerabilities

8. Your Rights

Access: View all your store's data at any time through your Velora dashboard
Portability: Request a full export of your data by emailing support@get-velora-ai.com
Correction: Update your account information directly in your dashboard settings
Deletion: Cancel your account from your dashboard settings, or email us for immediate deletion
Instagram access revocation: Revoke Velora's access at any time via Instagram Settings → Security → Apps and Websites
Opt-out: Cancel your subscription at any time from your dashboard — no cancellation fees

9. Cookie Policy

Velora uses the following types of cookies:

Essential session cookies

Required for authentication and keeping you logged in. These cannot be disabled as the service cannot function without them. Example: supabase-auth-token

No tracking or advertising cookies

We do not use cookies for advertising, cross-site tracking, or analytics beyond what is essential for operating the service. We do not use Google Analytics, Facebook Pixel, or similar third-party tracking.

10. GDPR & Indian Privacy Law

Velora AI is currently focused on the Indian market and operates under the Digital Personal Data Protection Act, 2023 (DPDP Act) of India.

For users in the European Union, we make reasonable efforts to comply with GDPR principles including data minimization, purpose limitation, and your rights to access, rectification, and erasure. However, our primary regulatory jurisdiction is India.

If you have GDPR-specific requests, contact us at support@get-velora-ai.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and display a notice in your dashboard at least 14 days before the changes take effect. The “Effective date” at the top of this page will always reflect the most recent version.

12. Contact Us

For privacy questions, data access requests, or deletion requests:

Velora AI

Email: support@get-velora-ai.com

Subject line: “Privacy Request — [your email]”

We respond to all privacy requests within 7 business days.