Privacy Policy

Introduction

This Privacy Policy explains how Velira Finance ("Velira," "we," "us") collects, uses, discloses, and protects personal information in connection with the Velira application and related services (the "Service"). It also describes the choices and rights you have.

Velira is an informational personal-finance tool that brings the accounts and assets you connect or enter into a single view and provides AI-assisted summaries, projections, and coaching. Protecting your financial information is central to how we build the Service.

Terms not defined here have the meaning given in our Terms of Service.

Information we collect

Account information. The details you provide to create and manage an account, such as your name, email address, and authentication credentials, and your settings and preferences.

Financial data via aggregators and manual entry. When you connect a financial account, we receive account, balance, holdings, and transaction information from third-party data aggregators (for example, SnapTrade for brokerage data and other aggregators we identify in our Subprocessors list). Connections are read-only. You may also enter financial information manually, such as real estate, private lending, or business interests.

Usage data. Information about how you interact with the Service, such as pages and features used, actions taken, and diagnostic and error logs, which help us operate, secure, and improve the Service.

Device and technical data. Information such as IP address, browser and device type, operating system, and similar technical identifiers, collected automatically when you use the Service.

Communications and support. Information you provide when you contact us, including the contents of your messages.

We do not intentionally collect special categories of data and ask that you not provide them except where necessary to use a feature.

How we use your information

We use personal information to: provide and operate the Service, including calculating net worth, performance, and your unified financial picture; generate AI-assisted summaries, briefings, projections, and coaching that reference your figures; authenticate you and secure your account; provide customer support and respond to your requests; maintain, debug, and improve the Service; detect, prevent, and address fraud, abuse, and security incidents; and comply with legal obligations.

We do not sell your personal information, and we do not use your financial data for third-party advertising. (Whether any specific data flow is a "sale" or "sharing" under applicable state law is being confirmed with counsel — see the flags on this page.)

AI processing

Some features use artificial intelligence to generate summaries, explanations, projections, and coaching. To provide these features, relevant portions of your financial figures and prompts are sent to our AI provider, Anthropic, through its API for processing and returned to the Service.

Per Anthropic's API terms as we understand them, data submitted through the API is not used to train Anthropic's models. We send the minimum context needed to produce a useful result and do not use your data to train any third-party model.

AI-generated outputs may be inaccurate, incomplete, or out of date, are informational only, and are not advice. See the AI Disclosure for details. You should independently verify any AI-generated output before relying on it.

How we share information; subprocessors

We share personal information only as described here. We do not sell or rent your personal information and do not share it for others' marketing.

Service providers (subprocessors). We rely on a limited set of vendors to operate the Service, each permitted to process information only to provide their service to us and bound by confidentiality and data-protection obligations. These currently include: SnapTrade (brokerage data aggregation), Anthropic (AI processing via API), Vercel (application hosting and infrastructure), and analytics and operational tooling. Stripe will be added as a payment processor if and when billing is enabled. A current list is maintained in our Subprocessors document.

Legal and safety. We may disclose information if required by law or legal process, or where we believe disclosure is reasonably necessary to protect the rights, property, or safety of Velira Finance, our users, or the public.

Business transfers. If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.

With your direction. We share information when you direct us to, such as when you initiate a connection to a third party.

Data retention

We keep personal information for as long as your account is active or as needed to provide the Service. When you delete your account, we delete or de-identify your personal information within up to seven (7) years after account closure, except where a longer period is required by law, except where we must retain certain information to comply with legal obligations, resolve disputes, prevent fraud, or enforce our agreements. Backups are purged on a rolling schedule, and deletions are re-applied to any data restored from backup.

How we protect your information

We apply administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest, authentication on account access, least-privilege internal access, and logging of administrative actions. Read-only financial connections limit what is possible even in a worst case. No method of transmission or storage is perfectly secure, but we work to protect your information and to improve our safeguards over time. See our Security and Vulnerability Disclosure documents.

Your privacy rights (United States)

Depending on where you live, you may have rights under state privacy laws, including the right to know or access the personal information we hold, the right to correct it, the right to delete it, the right to obtain a portable copy, and the right not to be discriminated against for exercising your rights. We do not sell personal information or use it for targeted advertising or profiling that produces legal or similarly significant effects.

California (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, provides rights to know, access, correct, delete, and obtain a portable copy of your personal information, and to limit the use of sensitive personal information, subject to exceptions. We do not sell or share (for cross-context behavioral advertising) your personal information. We honor verifiable requests and will not discriminate against you for exercising your rights. You may use an authorized agent to submit a request. To exercise these rights, see "How to exercise your rights" below.

Note: certain financial information may be subject to the Gramm-Leach-Bliley Act and exempt from the CCPA — applicability is being confirmed with counsel.

Colorado (Colorado Privacy Act)

If you are a Colorado resident, the Colorado Privacy Act provides rights to access, correct, delete, and obtain a portable copy of your personal data, and to opt out of the sale of personal data, targeted advertising, and certain profiling. We do not sell personal data or use it for targeted advertising. You may appeal a denial of a request as described below. To exercise these rights, see "How to exercise your rights."

GDPR (EEA/UK) — readiness

Where the EU or UK General Data Protection Regulation applies, we act as a controller of the personal data described in this Policy and process it on lawful bases including performance of our contract with you, your consent (which you may withdraw), our legitimate interests in operating and securing the Service, and compliance with legal obligations.

You have the rights to access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your supervisory authority. Where we transfer personal data outside the EEA/UK, we rely on an appropriate transfer mechanism such as the Standard Contractual Clauses. If and where we offer the Service in the EEA/UK, we will identify an EU/UK representative and a Data Protection contact. (Whether the Service is offered in the EEA/UK is a product decision under review — see the flags on this page.)

How to exercise your rights (DSAR)

To make a data-subject request — to access, correct, delete, or obtain a portable copy of your information, or to appeal a decision — contact us at privacy@velirafinance.com or use the in-app request flow where available. We will verify your identity before acting on a request and will respond within the timeframes required by applicable law. There is generally no charge, though we may decline or charge a reasonable fee for excessive or manifestly unfounded requests as permitted by law. You may use an authorized agent where the law allows.

Cookies and similar technologies

We use cookies and similar technologies to keep you signed in and to operate the Service securely, and, where applicable, for limited analytics. You can manage non-essential cookies through the in-app cookie controls. See our Cookie Policy for details.

Children's privacy

The Service is not directed to, and we do not knowingly collect personal information from, anyone under 18. If you believe a minor has provided us personal information, contact us at privacy@velirafinance.com and we will take steps to delete it.

Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the version and effective date and provide notice as required by law. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

Contact us

Questions about your privacy or this Policy? Contact Velira Finance at privacy@velirafinance.com or Colorado, USA.