Effective date: 17 June 2026 Last updated: 17 June 2026
This Privacy Policy explains how Emris Technologies ("Velora", "we", "us", "our") collects, uses, shares, and protects your personal information when you use the Velora mobile and web application and any related services (together, the "Service"). It also describes your rights and how to exercise them.
Please read it alongside our Terms of Service. By creating an account or using the Service, you confirm that you have read and understood this Policy.
The controller responsible for your personal information is:
Emris Technologies London, United Kingdom Email: [email protected]
If you are in the United Kingdom or the European Economic Area ("EEA"), you may contact us about any privacy matter using the details above. We will respond within the timeframes required by applicable data protection law.
We collect only the information needed to operate the Service. We collect it directly from you, automatically through your use of the Service, and from the providers listed in Section 7.
a. Information you provide
b. Information processed on your device only
c. Information we receive from providers
d. Information collected automatically
We do not collect special-category data (such as health, biometric, or political data) and ask that you do not enter it into free-text fields.
Where UK GDPR or EU GDPR applies, we rely on the following lawful bases:
| Purpose | Lawful basis |
|---|---|
| Create and operate your account; sync, budgets, insights, exports | Performance of our contract with you |
| Provide AI-assisted features you choose to use (Section 5) | Performance of our contract; your consent where required |
| Process subscriptions and prevent fraud or abuse | Performance of our contract; our legitimate interests in protecting the Service |
| Secure, maintain, and improve the Service | Our legitimate interests (kept proportionate to your rights) |
| Send service notices and respond to support requests | Performance of our contract; our legitimate interests |
| Meet legal, tax, and regulatory obligations | Compliance with a legal obligation |
Where we rely on consent, you may withdraw it at any time without affecting prior processing.
The Service uses automation and AI to suggest categories, parse text and statements, and produce forecasts and insights. These are suggestions only. We do not make decisions that produce legal or similarly significant effects about you solely by automated means. You review and confirm entries before they are relied upon, and outputs may be inaccurate (see the Terms of Service).
Quick-add parsing, the in-app budgeting assistant, statement import, and receipt scanning all run entirely on your device. The text you type and the figures these features analyse are not sent to any server or third-party AI provider; there is no large language model or AI API behind them. Receipt images are likewise processed on your device and are never uploaded. Only the transactions you review and confirm are saved to your account.
This includes Invest, a separate, optional feature for general investment information. Questions you ask Invest are answered by rule-based logic on your device; they are never sent to our servers or to any AI provider.
We do not sell your personal information, and we do not share it for advertising or behavioural profiling. We share information only as follows:
| Provider | Role | Processing location(s) |
|---|---|---|
| Supabase | Database, authentication, hosting | EEA / United States* |
| RevenueCat | Subscription management | United States* |
| Apple App Store | Billing and purchase processing | Global |
* Where data is processed outside the UK/EEA, we rely on the safeguards described in Section 10.
We retain your data while your account is active. When you delete your account (Settings → Delete account), your profile and financial records are permanently deleted from our systems, normally within 30 days, except where we are required to retain limited records to comply with legal, tax, accounting, or fraud-prevention obligations, or to establish, exercise, or defend legal claims. Backups are purged on our routine backup cycle.
Depending on where you live (including the EEA/UK under GDPR and California under the CCPA/CPRA), you may have the right to:
You can delete your account and export your data directly in the app, or contact us at [email protected]. We may need to verify your identity before acting on a request.
Right to complain. If you are in the UK, you may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. If you are in the EEA, you may complain to your local supervisory authority. We would, however, appreciate the chance to address your concern first.
Some of our providers process data outside the country where you live, including in the United States. Where we transfer personal information out of the UK or EEA, we use an approved transfer mechanism, such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or an applicable adequacy decision, so that your information remains protected to UK/EU standards.
We protect your information using measures appropriate to its sensitivity, including encryption in transit (HTTPS/TLS), database-level isolation of each user's records via row-level security, and on-device processing of your entries (no AI keys ship in the app, and the smart features described in Section 5 send nothing off-device). No method of transmission or storage is completely secure, so we cannot guarantee absolute security; you are responsible for keeping your login credentials confidential.
The Service is intended for adults and is not directed to anyone under 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, contact [email protected] and we will delete it.
We may update this Policy from time to time. If we make material changes, we will notify you in-app or by email and update the "Last updated" date above. Your continued use of the Service after changes take effect means you accept the updated Policy.
Questions or requests relating to this Policy or your personal information: [email protected] · Emris Technologies, London, United Kingdom.