Velora

Legal

Privacy Policy

Effective date: March 1, 2026. Last updated: March 1, 2026.

1. Who we are

Velora Labs ("Velora", "we", "us") operates veloralabs.io and the Velora training platform. We are a US-based company. Contact: contact@veloralabs.io.

2. What data we collect

We collect:

  • Account data: email address, display name, timezone preference
  • Training data synced from connected services (Strava; Garmin planned): activity records, heart rate, pace, duration, health metrics
  • Usage data: pages visited, features used — via server-side logging only, no third-party analytics
  • Contact form submissions

We do not collect payment data, social connections, or any data from accounts you have not explicitly connected.

3. How we use your data

  • To generate personalized training prescriptions and coaching feedback
  • To maintain and improve the service
  • To respond to support and data requests
  • To send transactional emails (account-related only; no marketing without explicit consent)

4. Data sharing

We do not sell your data. We share data only with:

  • OpenAI — for AI-generated coaching content; governed by OpenAI's data processing terms
  • Supabase — database hosting; data processed in the US
  • Resend — transactional email delivery

Each sub-processor is bound by appropriate data processing agreements. No sub-processor is authorized to use your data for their own purposes.

5. Data retention

We retain your data for as long as your account is active. Upon account deletion, personal data is purged within 30 days, except where retention is required by applicable law.

6. Your rights

You may request: access to your stored data, correction of inaccurate data, deletion of your account and all associated data, or a portable JSON export. Email contact@veloralabs.io. We respond within 2 business days.

7. Security

We use AES-256 encryption at rest and TLS 1.2+ in transit. Access is controlled via least-privileged service roles with Row-Level Security. We maintain access audit logs.

8. Cookies

We use a single session cookie for authentication. We do not use advertising, analytics, or cross-site tracking cookies.

9. Third-party integrations

When you connect Strava or Garmin, you authorize those services to share data with us within the scope shown during the OAuth flow. You may revoke access at any time from within Velora or directly from the third-party service's settings.

10. Children

Velora is not intended for users under 18. We do not knowingly collect data from minors.

11. Changes to this policy

We will notify users of material changes by email before they take effect. Continued use after notice constitutes acceptance of the updated policy.

12. Contact

Privacy questions or data requests: contact@veloralabs.io