Privacy Policy

Effective date: 1 June 2025

1. Who we are

Velora(“we”, “us”, or “our”) operates the venue discovery platform available at velora.com. We are the data controller for the personal data described in this policy. If you have questions about this policy or your data, contact us at privacy@velora.com.

2. Data we collect

We collect the following categories of personal data:

  • Account data: name, email address, and password (hashed) when you create an account.
  • Profile data: information you add to your profile such as a display name and preferences.
  • Venue listing data: information you submit when listing a venue, including address, photos, capacity, and pricing.
  • Inquiry data: messages you send to venues or receive as a venue owner.
  • Usage data: pages visited, search queries, clicks, session duration, and device/browser information collected via server logs and analytics.
  • AI feature data: search queries and text inputs you submit to AI-powered features. These may be transmitted to a third-party AI model provider.
  • Payment data: billing details processed by our payment provider (Stripe). We do not store card numbers.
  • Contact form data: name, email, subject, and message when you contact us.

3. Legal basis for processing

We process your data on the following legal bases under the General Data Protection Regulation (GDPR):

  • Contract performance: to provide the platform and services you have signed up for.
  • Legitimate interest: to improve our platform, prevent fraud, and ensure platform security.
  • Legal obligation: to comply with applicable laws and regulations.
  • Consent: for optional cookies and marketing communications, where you have explicitly opted in.

4. How we use your data

  • To create and manage your account.
  • To display venue listings and enable enquiries between users and venue owners.
  • To process payments and manage subscriptions.
  • To power AI features such as search parsing and inquiry drafting.
  • To send transactional emails (account creation, inquiry notifications, password resets).
  • To detect and prevent fraud, abuse, and security incidents.
  • To analyse usage patterns and improve our service.
  • To respond to your contact form submissions and support requests.

5. Sharing of data

We do not sell your personal data. We share it only with:

  • Other platform users: venue listing details (name, location, contact info) are visible to registered users. Inquiry content is visible only to the sender and the venue owner.
  • AI model providers (OpenRouter / third-party LLM APIs): text inputs you submit to AI features are processed by external models. These providers process data under their own terms and privacy policies.
  • Payment processors (Stripe): billing and payment information is handled by Stripe. We receive only a tokenised representation.
  • Analytics providers: anonymised usage data may be shared with analytics tools to help us understand usage patterns.
  • Legal and regulatory bodies: when required by law, court order, or to protect our rights.

6. Data retention

We retain account data for as long as your account is active, and for up to 24 months after closure to fulfil legal obligations and resolve disputes. AI usage logs are retained for up to 90 days. Payment records are retained for 7 years in accordance with Spanish tax law.

7. Cookies

We use cookies to maintain your session, remember your preferences, and analyse usage. For full details, please read our Cookie Policy.

8. Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data (“right to be forgotten”), subject to legal retention requirements.
  • Restrict how we process your data in certain circumstances.
  • Data portability — receive your data in a machine-readable format.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at privacy@velora.com. We will respond within 30 days. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

9. Security

We use industry-standard technical and organisational measures to protect your data — including encryption in transit (TLS), hashed passwords, and access controls limiting who can see personal data. No system is 100% secure; if you suspect unauthorised access, contact us immediately.

10. Children

Velora is not directed at children under 16. We do not knowingly collect data from anyone under 16. If we become aware that we have done so, we will delete the data immediately.

11. Changes to this policy

We may update this policy from time to time. When we make material changes, we will notify you by email or by displaying a notice on the platform. The effective date at the top of this page will always reflect the latest version.

12. Contact

For any questions or requests regarding this policy, please contact: privacy@velora.com.