Effective date: 17 June 2026 Last updated: 17 June 2026
This Privacy Policy explains how Emris Technologies Ltd ("Velora", "we", "us", "our") collects, uses, shares, and protects your personal information when you use the Velora mobile and web application and any related services (together, the "Service"). It also describes your rights and how to exercise them.
Please read it alongside our Terms of Service. By creating an account or using the Service, you confirm that you have read and understood this Policy.
The controller responsible for your personal information is:
Emris Technologies Ltd London, United Kingdom Email: veloraofficialapp@gmail.com
If you are in the United Kingdom or the European Economic Area ("EEA"), you may contact us about any privacy matter using the details above. We will respond within the timeframes required by applicable data protection law.
We collect only the information needed to operate the Service. We collect it directly from you, automatically through your use of the Service, and from the providers listed in Section 7.
a. Information you provide - Account data — email address and display name supplied at sign-up. - Financial data you choose to enter — transactions, amounts, merchants, notes, categories, budgets, savings goals, debts, and recurring items. You decide what to record. - Profile photo — optional, only if you add one. - Support communications — the content of messages you send us.
b. Information processed on your device only - Receipt images — when you scan a receipt, text recognition runs entirely on your device. The image itself is not transmitted to or stored on our servers. Only the transaction you review and confirm is saved to your account.
c. Information we receive from providers - Subscription and purchase status — from the app stores and our subscription provider. We receive whether you hold an active subscription or trial; we never receive your full card or payment-instrument details.
d. Information collected automatically - Technical and diagnostic data — limited device, app-version, and error information needed to operate, secure, and troubleshoot the Service.
We do not collect special-category data (such as health, biometric, or political data) and ask that you do not enter it into free-text fields.
Where UK GDPR or EU GDPR applies, we rely on the following lawful bases:
| Purpose | Lawful basis |
|---|---|
| Create and operate your account; sync, budgets, insights, exports | Performance of our contract with you |
| Provide AI-assisted features you choose to use (Section 5) | Performance of our contract; your consent where required |
| Process subscriptions and prevent fraud or abuse | Performance of our contract; our legitimate interests in protecting the Service |
| Secure, maintain, and improve the Service | Our legitimate interests (kept proportionate to your rights) |
| Send service notices and respond to support requests | Performance of our contract; our legitimate interests |
| Meet legal, tax, and regulatory obligations | Compliance with a legal obligation |
Where we rely on consent, you may withdraw it at any time without affecting prior processing.
The Service uses automation and AI to suggest categories, parse text and statements, and produce forecasts and insights. These are suggestions only. We do not make decisions that produce legal or similarly significant effects about you solely by automated means. You review and confirm entries before they are relied upon, and outputs may be inaccurate (see the Terms of Service).
Quick-add parsing, the in-app assistant, statement import, and receipt scanning all run entirely on your device. The text you type and the figures these features analyse are not sent to any server or third-party AI provider — there is no large language model or AI API behind them. Receipt images are likewise processed on your device and are never uploaded. Only the transactions you review and confirm are saved to your account.
We do not sell your personal information, and we do not share it for advertising or behavioural profiling. We share information only as follows:
| Provider | Role | Processing location(s) |
|---|---|---|
| Supabase | Database, authentication, hosting | EEA / United States* |
| RevenueCat | Subscription management | United States* |
| Apple App Store / Google Play | Billing and purchase processing | Global |
* Where data is processed outside the UK/EEA, we rely on the safeguards described in Section 10.
We retain your data while your account is active. When you delete your account (Settings → Delete account), your profile and financial records are permanently deleted from our systems, normally within 30 days, except where we are required to retain limited records to comply with legal, tax, accounting, or fraud-prevention obligations, or to establish, exercise, or defend legal claims. Backups are purged on our routine backup cycle.
Depending on where you live (including the EEA/UK under GDPR and California under the CCPA/CPRA), you may have the right to:
You can delete your account and export your data directly in the app, or contact us at veloraofficialapp@gmail.com. We may need to verify your identity before acting on a request.
Right to complain. If you are in the UK, you may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. If you are in the EEA, you may complain to your local supervisory authority. We would, however, appreciate the chance to address your concern first.
Some of our providers process data outside the country where you live, including in the United States. Where we transfer personal information out of the UK or EEA, we use an approved transfer mechanism — such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or an applicable adequacy decision — so that your information remains protected to UK/EU standards.
We protect your information using measures appropriate to its sensitivity, including encryption in transit (HTTPS/TLS), database-level isolation of each user's records via row-level security, and on-device processing of your entries (no AI keys ship in the app, and the smart features send nothing off-device). No method of transmission or storage is completely secure, so we cannot guarantee absolute security; you are responsible for keeping your login credentials confidential.
The Service is intended for adults and is not directed to anyone under 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, contact veloraofficialapp@gmail.com and we will delete it.
We may update this Policy from time to time. If we make material changes, we will notify you in-app or by email and update the "Last updated" date above. Your continued use of the Service after changes take effect means you accept the updated Policy.
Questions or requests relating to this Policy or your personal information: veloraofficialapp@gmail.com — Emris Technologies Ltd, London, United Kingdom.