Back to HomeEffective: April 22, 2026
๐Ÿ›ก๏ธ

Privacy Policy

Effective: April 22, 2026

Operated by Velmora ยท privacy@velmoraeu.co

1. Who We Are

Velmora is an AI-powered personal styling app available on iOS and Android. This Privacy Policy applies to all users of the Velmora mobile app, website at velmoraeu.co, and related services (collectively, the "Service").

By creating an account or using the Service, you acknowledge that you have read, understood, and agreed to this Privacy Policy in its entirety. If you do not agree, you must not use the Service.

If you are in the EEA, UK, or Switzerland, Velmora acts as the data controller under GDPR and applicable national laws.

2. What Data We Collect

Account & Identity

  • Email address (required for account creation)
  • Display name or username
  • Encrypted password hash (never stored in plain text)
  • Account creation date and last login timestamp
  • Email verification status

Profile & Style Data

  • Gender, age, height, and weight (for outfit recommendations only)
  • Preferred fashion styles, brands, and budget ranges
  • Profile photo (optional, stored securely on Cloudinary)
  • Full-body reference photo for virtual try-on (AI processing only)
  • Wishlist items and saved outfits

AI Interaction Data

  • Outfit generation prompts and search queries
  • AI-generated outfit results linked to your account
  • Chat messages to our AI stylist (encrypted at rest)
  • Occasion, brand, and budget inputs per session

Technical & Usage Data

  • Device type, OS, and app version
  • IP address (security and fraud prevention only)
  • Session tokens and authentication cookies
  • Anonymized app usage patterns
  • Crash reports and error logs
  • Push notification tokens (if permission granted)

โœ“ Data We Do NOT Collect

  • Precise GPS location
  • Contacts, call logs, or SMS data
  • Biometric identifiers (fingerprint, Face ID)
  • Data from children under 16

3. How We Use Your Data

PurposeLegal Basis (GDPR)
Creating and managing your accountContract performance
Generating AI outfit recommendationsContract performance
Sending email verification and OTP codesContract performance
Sending push notificationsConsent (can be withdrawn)
Security and fraud preventionLegitimate interests
Improving AI models (anonymized data only)Legitimate interests
Complying with legal obligationsLegal obligation

4. How We Protect Your Data

๐Ÿ”’

Passwords

Hashed with bcrypt before storage. We never store or transmit your plain-text password.

๐Ÿ”’

Data in Transit

All communication is encrypted with TLS 1.2 / TLS 1.3. HTTPS enforced on all endpoints.

๐Ÿ”’

Chat Messages

Encrypted at rest using AES-256-GCM. Each message uses a unique initialization vector.

๐Ÿ”’

Photos & Images

Stored on Cloudinary with access controls. Not shared with third parties for advertising.

๐Ÿ”’

Session Security

Sessions expire after 7 days. Tokens stored in secure HttpOnly cookies in production.

๐Ÿ”’

Database

Isolated infrastructure with network-level access controls. SSL required. Backups encrypted.

5. Third-Party Services

We use the following service providers. Each is bound by a Data Processing Agreement and complies with applicable data protection laws:

Cloudinary โ€” Image storage and transformation
USA (SCCs)
Resend โ€” Transactional email (OTP, verification)
USA (SCCs)
Vercel โ€” App hosting and infrastructure
Global CDN

We do not sell your personal data to any third party. We do not use your data for advertising networks or data brokers.

6. Data Retention & Deletion

We retain your data only as long as your account is active. Upon account deletion, all personal data is deleted immediately and permanently, including:

  • Account and identity data โ€” deleted immediately
  • Profile photos and body images โ€” deleted immediately from Cloudinary
  • AI chat messages โ€” deleted immediately
  • Generated outfits and wishlist โ€” deleted immediately
  • All profile and style preferences โ€” deleted immediately

Security logs and IP records may be retained for up to 30 days solely for fraud prevention purposes, after which they are permanently deleted. Truly anonymized analytics that cannot be linked back to any individual may be retained for service improvement.

7. Your Rights

Right of Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete data. Update most data directly in Profile Settings.

Right to Erasure

Request immediate deletion of your account and all associated personal data. See Section 8.

Right to Restriction

Ask us to pause processing of your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format (JSON/CSV).

Right to Object

Object to processing based on legitimate interests, including profiling.

Right to Withdraw Consent

Withdraw consent (e.g., push notifications) at any time without affecting prior processing.

To exercise any right, email privacy@velmoraeu.co. We will respond within 30 days. We may need to verify your identity before processing the request.

8. How to Delete Your Account

You can permanently delete your account and all associated data at any time:

1.

Open the Velmora app and go to Profile โ†’ Settings.

2.

Scroll to the bottom and tap "Delete Account".

3.

Type DELETE in the confirmation field.

4.

Tap Confirm. Your account and all personal data will be deleted immediately.

Or email privacy@velmoraeu.co with subject "Account Deletion Request" and we will process it promptly.

โš ๏ธ Important

Deletion is permanent and irreversible. Once your account is deleted, we cannot recover your data. Please ensure you have saved anything you wish to keep before proceeding.

9. Cookies and Tracking

The Velmora mobile app does not use advertising cookies or third-party tracking SDKs. Our web platform uses strictly necessary cookies for authentication sessions only. We do not use Google Analytics, Facebook Pixel, or similar advertising trackers.

10. Children's Privacy

Velmora is not directed at individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us immediately and we will delete it promptly.

11. Disclaimer of Liability

While we implement industry-standard security measures, no system is 100% secure. By using the Service, you acknowledge and accept that Velmora shall not be held liable for any unauthorized access, data breach, or loss of data that occurs despite our reasonable security precautions, to the maximum extent permitted by applicable law.

The Service is provided on an "as is" basis. We make no warranties, express or implied, regarding the accuracy, completeness, or reliability of any AI-generated content, outfit recommendations, or styling advice provided through the Service.

12. International Data Transfers

Some processors are located outside the EEA (e.g., USA). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

13. Changes to This Policy

When we make material changes, we will notify you via email or in-app notification at least 14 days before they take effect. Continued use of the Service after the effective date constitutes your acceptance of the updated policy.

14. Contact Us

Email: privacy@velmoraeu.co

Support: Contact Support Page

Response time: 30 days (data requests), 5 business days (general)