1. Who We Are
Velatura provides a macOS application and related online services for architectural visualization refinement. Velatura, Sweden is the controller for personal data processed through the website, account system, support channels, billing flows, and service-managed rendering features.
For questions about this policy or how personal data is handled, contact [email protected].
2. Personal Data We Process
We process the following categories of personal data when they are relevant to your use of Velatura:
- Account data: email address, authentication state, account identifiers, plan status, and related account settings.
- Billing data: selected plan, subscription status, billing portal events, payment status, Stripe customer identifiers, invoices, tax and transaction records, and payment metadata needed to keep your account licensed.
- Managed rendering data: source images, prompts or instructions, selected workflow information, render job identifiers, cost estimates, temporary upload references, generated outputs, result URLs, and operational metadata needed to provide service-managed rendering.
- Support and administration data: messages you send to us, support context, account lookup information, admin actions, audit records, and limited diagnostic details needed to resolve issues or protect the service.
- Technical and security data: IP address, request timestamps, device and browser information, app version, server logs, error information, authentication events, and security signals.
Velatura project files and local app content are primarily stored on your Mac. When you use managed rendering, only the data needed to provide that service is uploaded and processed by Velatura's service infrastructure. Managed-render uploads and results are temporary service staging and are not canonical project storage.
3. Purposes and Legal Bases
| Purpose | Data involved | GDPR legal basis |
|---|---|---|
| Provide accounts, authentication, subscriptions, and licensed access. | Account data, billing status, authentication events. | Performance of a contract. |
| Run service-managed rendering, including upload handling, job execution, result delivery, cost estimates, and token accounting. | Managed rendering data, technical data, account and license status. | Performance of a contract; legitimate interests in operating and securing the service. |
| Process payments, invoices, subscriptions, refunds, disputes, tax records, and fraud checks. | Billing data, Stripe identifiers, payment status, transaction metadata. | Performance of a contract; legal obligations; legitimate interests in payment security and fraud prevention. |
| Provide support, investigate failures, and allow authorized admin access when needed. | Support messages, account lookup data, render job references, logs, admin audit records. | Performance of a contract; legitimate interests in customer support, service reliability, and abuse prevention. |
| Protect the service, prevent abuse, monitor availability, and maintain audit records. | Technical and security data, admin actions, access logs. | Legitimate interests; legal obligations where applicable. |
| Send required account, billing, security, and service emails. | Email address, account state, billing or security context. | Performance of a contract; legal obligations; legitimate interests in keeping users informed. |
Where Velatura asks for consent for a specific optional activity, you may withdraw that consent at any time. Withdrawal does not affect processing that happened before consent was withdrawn.
4. Managed Rendering Data
Managed rendering data is used only to provide and operate the managed rendering service: receiving uploads, preparing render requests, estimating and recording render cost, submitting jobs to rendering infrastructure, returning results, troubleshooting failed jobs, preventing abuse, and maintaining service integrity.
Velatura does not sell managed rendering inputs or outputs. Velatura does not use your managed rendering source images, prompts, or generated outputs to train general-purpose AI models. Access to managed rendering data is limited to the service flow and to authorized support or administrative access when needed for support, security, billing, abuse prevention, or legal compliance. Upload intents currently expire after 15 minutes; generated results may remain available long enough for retrieval, troubleshooting, usage accounting, abuse prevention, or legal compliance.
5. Stripe and Payment Processing
Velatura uses Stripe to process payments, manage checkout sessions, subscriptions, customer portal sessions, invoices, refunds, disputes, and payment-related fraud checks. Stripe acts as an independent controller for some payment processing activities and as a processor or service provider for others, depending on the activity.
Velatura receives payment status, subscription status, Stripe customer identifiers, invoice references, and related billing metadata needed to provide licensed access and account support. Velatura does not receive or store full card numbers.
6. Support and Admin Access
Authorized Velatura personnel may access account, billing, support, technical, and managed rendering records only when necessary to answer a support request, investigate service failures, verify subscription or token-accounting issues, prevent abuse, maintain security, or comply with legal obligations.
Administrative access is limited by role and purpose. Relevant admin actions may be logged for audit, security, and accountability.
7. Processors and International Transfers
Velatura uses carefully selected service providers to host and operate the service, process payments, deliver transactional email, monitor reliability, distribute the app, and support managed rendering. These providers process personal data only as needed for their service role and under appropriate contractual terms.
Some providers may process personal data outside Sweden or the European Economic Area. When that happens, Velatura relies on an applicable adequacy decision, the European Commission's Standard Contractual Clauses, or another lawful transfer mechanism under the GDPR.
Velatura does not sell personal data and does not use third-party advertising tracking on the privacy policy page.
8. Retention
Velatura keeps personal data only for as long as needed for the purposes described in this policy, including providing the service, maintaining security, resolving disputes, complying with accounting and tax obligations, and enforcing agreements.
- Account data is kept while the account is active and for a limited period after closure if needed for security, dispute resolution, or legal obligations.
- Billing and tax records are retained for the periods required by Swedish and EU accounting, tax, and consumer-protection rules.
- Managed rendering uploads and outputs are temporary service staging. Upload intents currently expire after 15 minutes; uploads and outputs are otherwise retained only as long as needed to provide the render, make the result available, troubleshoot failures, account for usage, prevent abuse, or comply with legal obligations.
- Support records are retained while the issue is active and then for a reasonable period to maintain service history and accountability.
- Security and server logs are retained for limited periods based on operational, security, fraud-prevention, and audit needs.
When data is no longer needed, Velatura deletes it, anonymizes it, or isolates it from active use when deletion is not immediately possible because of backups, legal holds, or mandatory records.
9. Your GDPR Rights
If the GDPR applies to your personal data, you may have the right to request access, rectification, erasure, restriction, portability, or objection to processing. You may also withdraw consent where processing is based on consent.
To exercise these rights, contact [email protected]. We may need to verify your identity before acting on a request. Some requests may be limited where Velatura must keep data for legal obligations, security, fraud prevention, accounting, dispute resolution, or establishment, exercise, or defense of legal claims.
You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or another competent EU/EEA supervisory authority.
10. Security
Velatura uses technical and organizational measures designed to protect personal data, including encryption in transit, access controls, credential protection, least-privilege operational access, logging, backup controls, and service monitoring.
No online service can guarantee absolute security. If Velatura becomes aware of a personal data breach that requires notification, Velatura will notify affected users and competent authorities as required by the GDPR.
11. Changes to This Policy
Velatura may update this policy to reflect service, legal, or operational changes. The published date at the top of the page shows when this version took effect. Material changes will be communicated through an appropriate channel, such as the website, the app, or account email.
12. Contact
For privacy requests or questions, contact Velatura at [email protected].
VelaturaSweden