VELORA.

Privacy Policy

VELORA Compliance Workspace • Last Updated: June 2026

VELORA Privacy Policy

Last Updated: June 12, 2026

Your privacy is our core mission. This Privacy Policy details how VELORA collects, secures, and handles your personal information. Our architecture is designed to prevent us from accessing the intimate content of your relationship files and memories.

1. The Zero-Knowledge Framework

All relationship memories, documents, photos, and calendar details uploaded to the secure vault are encrypted locally on your device prior to transmission. The encryption keys are managed client-side and are never sent to our servers in plaintext. Consequently, we cannot read your messages, view your media, or unlock your database rows. Your data remains completely opaque to us.

2. Information We Collect

  • 2.1. Account Information: To establish an account, we collect your email address and a bcrypt-hashed representation of your password. We collect this information solely to verify your identity and protect against unauthorized access.
  • 2.2. Billing Details: Transaction records, subscription plans, and invoice metadata are collected to process payment transactions. Credit card details are handled securely by third-party payment gateways and are not stored on our database.
  • 2.3. Server Metadata: For security monitoring, performance analysis, and debugging, our servers record standard connection details, including IP addresses, login timestamps, user-agent headers, and resource requests.

3. Data Processing and Storage

Your encrypted data is stored on secure servers located in professional data centers. We maintain technical, administrative, and physical security measures designed to protect your data against unauthorized access, loss, or alteration. All database entries are isolated by a unique Couple Workspace ID.

4. Data Retention and Deletion Rights

We retain your account data for as long as your account is active. You have the right to delete your account at any time. When you trigger the account deletion process, all metadata, encrypted files, and couple association tables are immediately and permanently removed from our active database servers, and purged from backups within thirty (30) days.

5. Third-Party Disclosures

We do not sell, trade, or share your data with advertising networks or third-party marketing companies. We only disclose metadata to law enforcement agencies if required by a legally binding court order, though we emphasize that even under legal compulsion, we cannot decrypt your E2EE kasanızı/vault data.