velora.
Velora Legal

Privacy Policy

How Velora collects, uses, protects, and discloses personal data across its marketplace, business operating system, mobile experiences, APIs, white-label booking flows, and support operations.

Last Updated

March 9, 2026

Applies To

Marketplace users, business customers, staff users, API users, and mobile app users

Contact

support@velora.app

Velora Technologies Pvt. Ltd. and its affiliates operating the Velora platform ('Velora', 'we', 'us', or 'our') build software that helps salons, spas, barbershops, nail studios, and wellness businesses manage appointments, payments, client relationships, marketing, operations, analytics, and AI-assisted workflows.

This Privacy Policy explains what information we collect, why we collect it, how we use it, when we share it, how long we keep it, and what rights may be available to you under applicable laws such as the GDPR, UK data protection law, the California Consumer Privacy Act, and the Digital Personal Data Protection Act, 2023 in India.

Policy Snapshot

  • Velora acts as both a controller and a processor depending on the product surface and contractual relationship.
  • Business customers remain responsible for lawful notices, permissions, and instructions for the customer data they place into Velora.
  • Velora may process booking, billing, communication, review, operational, and AI-derived insight data to run and secure the service.
  • Optional analytics, advertising, messaging, payment, and API integrations may introduce third-party processing.

Section 01

Scope and platform roles

Velora serves both direct users and businesses that use Velora to serve their own customers, which changes the privacy role depending on context.

When you browse velora.app, create a Velora marketplace or customer account, request a demo, contact support, or interact directly with Velora, Velora generally acts as the controller of your personal data.

When a salon, spa, clinic, or other business customer uses Velora to store client records, operate calendars, send reminders, run marketing automations, process staff workflows, or host white-label booking pages, that business customer is usually the controller and Velora acts as its processor or service provider.

If you are an end customer of a business using Velora, your first point of contact for privacy rights requests should usually be that business, although Velora may assist where appropriate or legally required.

Section 02

Categories of data we collect

  • Identity and account data such as name, email address, phone number, password hash, account role, avatar, and authentication metadata.
  • Business profile data such as company name, salon slug, address, tax details, banking or payout references, plan details, domain settings, and billing contacts.
  • Client and booking data such as appointment history, services selected, preferences, loyalty status, notes, reminders, reviews, form submissions, and communication logs.
  • Payment and transaction data such as invoice numbers, payment status, gateway identifiers, refunds, subscriptions, and settlement references. Velora does not intentionally store full primary payment card numbers in its own product database.
  • Operational and workforce data such as staff schedules, attendance events, commissions, payroll-related records, permissions, locations, inventory activity, and audit history.
  • Support and communications data such as support messages, onboarding forms, product feedback, campaign templates, and implementation notes.
  • Technical and usage data such as IP address, approximate location from IP, browser, device type, app version, push token, referral URL, log events, and crash or performance data.
  • AI and workflow data such as chatbot transcripts, conversation metadata, generated recommendations, forecast inputs and outputs, consultation image references, and automation reasoning fields where those features are enabled.
  • Potentially sensitive or regulated data chosen by business customers, such as allergies, contraindications, intake details, consultation notes, or treatment information. These features must only be used lawfully and where appropriate.

Section 03

How we collect data

We collect data directly from you when you create accounts, complete forms, make bookings, join waitlists, submit reviews, request demos, communicate with support, or configure the platform.

We collect data automatically when you use our website, dashboard, marketplace, APIs, mobile applications, widgets, or white-label pages, including through logs, cookies, local storage, and similar technologies.

We receive data from business customers who import or create records about their staff, clients, appointments, marketing audiences, and operational workflows.

We receive data from integrations and service providers such as payment gateways, email tools, SMS or WhatsApp providers, analytics tools, advertising tools, calendar providers, and other connected apps selected by Velora or enabled by a business customer.

Section 04

How we use personal data

  • To create, secure, and administer accounts, authenticate users, and enforce access controls.
  • To operate the marketplace, booking flows, white-label sites, dashboards, mobile apps, APIs, invoices, support channels, and customer success functions.
  • To send transactional communications such as confirmations, receipts, reminders, password resets, service notices, and operational alerts.
  • To process or coordinate subscriptions, billing, taxes, payouts, refunds, and financial reporting.
  • To personalize product experiences including saved preferences, booking suggestions, loyalty experiences, and marketing preferences.
  • To generate analytics, reporting, forecasts, churn scoring, inventory recommendations, staffing suggestions, campaign suggestions, and other AI-assisted or rules-based insights.
  • To monitor performance, investigate incidents, detect abuse, troubleshoot bugs, maintain uptime, and improve security, quality, and reliability.
  • To comply with legal obligations, resolve disputes, enforce agreements, and protect Velora, our customers, our users, and the public.

Section 06

AI, automation, and decision support

Velora includes predictive, assistive, and automation features that may analyze booking history, staff utilization, campaign activity, weather context, review trends, and other operational signals to produce forecasts, recommendations, drafts, or alerts.

These features are designed to support human decision-making, not replace it. Unless expressly stated otherwise in a separate agreement, Velora's AI features should not be used as the sole basis for medical, legal, employment, tax, or other high-risk decisions.

  • Chatbot and voice features may capture and store message content, timestamps, conversation history, and intent or entity metadata.
  • Campaign and notification features may use segmentation, timing optimization, and engagement history to determine when or how to send content.
  • Forecasting features may infer likely demand, no-show risk, churn risk, staffing pressure, or pricing opportunities from patterns in platform data.

Section 07

When we share information

  • With hosting, infrastructure, database, observability, and security providers that support the operation and protection of Velora.
  • With payment gateways and billing providers to process subscription charges, booking deposits, refunds, settlements, and financial verification.
  • With email, SMS, WhatsApp, push, and communications providers to deliver transactional or marketing communications.
  • With analytics, attribution, and advertising partners where Velora or a business customer enables those tools.
  • With calendar, CRM, accounting, POS, marketing, and automation platforms that a business customer authorizes through integrations or APIs.
  • With professional advisers, auditors, insurers, and investors, subject to confidentiality and lawful purpose limitations.
  • With regulators, courts, law enforcement, or other parties when required by law or necessary to establish, exercise, or defend legal claims.
Velora does not sell personal information for money. Some analytics or advertising configurations enabled by business customers may still be treated as 'sharing' or targeted advertising under some laws.

Section 08

Retention, security, and rights

We keep personal data for as long as it is reasonably necessary for the purposes described in this policy and longer where needed for lawful compliance, fraud prevention, dispute resolution, backup integrity, or safety.

Velora uses administrative, technical, and organizational controls designed to protect personal data against unauthorized access, misuse, alteration, and loss. No online system can be guaranteed to be completely secure.

Depending on where you live and the context of processing, you may have rights to access, correct, delete, restrict, object to, port, or complain about the processing of your personal data.

Questions, access requests, or privacy complaints may be sent to support@velora.app.