Privacy Policy

Last updated: March 2026

1. Introduction

VelorAI ("we," "us," or "our") operates the website www.velorai.co and the VelorAI platform. VelorAI is an AI agent builder where users create intelligent agents, train them on documents and URLs, and deploy them through website widgets, progressive web apps, Telegram bots, or a REST API. This Privacy Policy describes how we collect, use, store, and protect your information when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect your email address and name. If you sign up using Google OAuth, we receive your basic profile information (name and email) from Google.

Content You Provide

This includes documents you upload to your knowledge base (PDFs, DOCX, TXT, CSV files), URLs you submit for scraping, chat messages between you and your agents, and agent configurations such as names, system prompts, and settings.

Usage Data

We collect standard usage data including error logs (via Sentry for debugging and stability), request logs, and general performance metrics. We do not use third-party analytics trackers or advertising pixels.

OAuth Tokens

When you connect third-party integrations (such as Gmail, Google Calendar, Google Drive, YouTube, or Slack), we store encrypted OAuth access and refresh tokens. These tokens are used solely to perform actions on your behalf through those services, and only when your agent needs to access them.

3. How We Use Your Information

  • Provide, operate, and maintain the VelorAI platform and your AI agents.
  • Process uploaded documents and URLs to build your agent's knowledge base using vector embeddings.
  • Send transactional emails such as email verification, password resets, and important account notifications.
  • Monitor errors and performance to improve platform stability and reliability.
  • Execute agent tool calls (e.g., send emails, create calendar events) on your behalf when you have connected the relevant integrations.
  • Improve and develop new features based on aggregate, anonymized usage patterns.

4. Data Storage and Security

We take the security of your data seriously. Here is how we protect it:

  • Passwords are hashed using bcrypt and are never stored in plaintext.
  • OAuth tokens are encrypted at rest using Fernet symmetric encryption.
  • Our backend is hosted on Railway, our frontend is hosted on Vercel, and DNS is managed through Cloudflare.
  • All data in transit is encrypted using HTTPS/TLS. We enforce HTTPS on all endpoints.
  • API keys are generated with cryptographically secure random values and hashed before storage.

5. Third-Party Services

We use the following third-party services to operate the platform:

  • Groq: Processes chat messages to generate AI responses. Message content is sent to Groq's inference API during conversations.
  • Resend: Sends transactional emails (verification, password resets, notifications). Only your email address is shared with Resend.
  • Sentry: Monitors errors and application performance. We do not intentionally send personally identifiable information to Sentry.
  • Google APIs (Gmail, Calendar, Drive, YouTube): Only accessed when you explicitly connect these integrations. Your agent uses your authorized tokens to read or write data on your behalf.
  • Slack API: Only accessed when you connect your Slack workspace. Your agent can list channels, read history, and send messages using your authorized token.
  • ChromaDB: Stores vector embeddings of your documents for semantic search. Document content is processed into embeddings and stored alongside metadata.

Each third-party service has its own privacy policy. We encourage you to review them.

6. Your Rights

  • Delete your account: You can delete your account and all associated data at any time from the Settings page in your dashboard. This action is permanent and cannot be undone.
  • Export your data: You can request a copy of your data by contacting us at support@velorai.co.
  • Disconnect integrations: You can disconnect any third-party integration at any time from your agent's Integrations page. When you disconnect, we delete the stored OAuth tokens for that service.
  • Remove documents: You can delete any document or URL from your knowledge base at any time. The associated vector embeddings are also removed.

7. Data Retention

  • Account data (email, name, settings) is retained until you delete your account.
  • Chat conversations are retained until you delete the associated agent or your account.
  • Documents and URLs in your knowledge base are retained until you remove them or delete the agent.
  • OAuth tokens are retained until you disconnect the integration or delete your account.

8. Cookies and Local Storage

VelorAI does not use traditional browser cookies. We store a JWT (JSON Web Token) in your browser's localStorage for authentication purposes. We do not use tracking cookies, advertising cookies, or any third-party cookie-based analytics. No data is shared with advertising networks.

9. Children's Privacy

VelorAI is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@velorai.co.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of VelorAI after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us at:

support@velorai.co

← Back to homepage