← Back

Privacy Policy

Last updated: May 29, 2026

1. Introduction

Legal seller and data controller: Tamar Mkurnalidze MA MSc, sole proprietor, trading as "Veylora" ("we", "us", "our"). Tamar Mkurnalidze MA MSc is the data controller responsible for your personal information. Veylora provides an AI-powered personal color analysis experience. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

2. Information We Collect

  • Account information: email address and authentication identifiers when you sign in.
  • Quiz inputs: answers you provide (e.g., MBTI, age range, lifestyle, climate, budget) used to generate your color result.
  • Photo uploads: selfies you submit for color analysis. These are processed to derive your palette and are not used to train AI models.
  • Usage data: basic technical data such as device type, browser, IP address, and pages viewed.
  • Payment data: if you make a purchase, payment details are processed by Paddle.com, our reseller and Merchant of Record; we do not store full card numbers.

3. How We Use Information & Legal Basis

  • To generate and deliver your personalized color analysis — performance of a contract.
  • To operate, maintain, secure, and improve the service — legitimate interests.
  • To communicate with you about your account or purchases — performance of a contract.
  • For optional marketing communications — consent, which you can withdraw at any time.
  • To comply with legal obligations and prevent abuse — legal obligation / legitimate interests.

4. AI Processing

Quiz answers and photos are sent to third-party AI model providers to generate your result. We do not send your email or other directly identifying account information together with these inputs.

5. Sharing

Our promise: We do not sell, rent, trade, or share your personal information with advertisers, data brokers, or any third party for their own marketing purposes — ever. We have no commercial incentive to do so and no contracts that permit it.

We also do not use third-party advertising trackers, ad networks, or behavioural analytics pixels (such as Google Ads, Meta Pixel, TikTok Pixel) on Veylora.

The only parties that ever receive your data, strictly to operate the service on our behalf and under contract, are:

  • Hosting, database, and authentication infrastructure providers (to store your account and run the app).
  • AI inference providers (to generate your color result, Mirror Mirror replies, and With me messages). Inputs are not used to train their models.
  • Paddle.com Market Limited, our reseller and Merchant of Record, for payment processing, subscription management, tax compliance, invoicing, and refund handling.
  • Professional advisers (e.g. legal or accounting) and authorities, only where strictly required by law.

Honest limit: no online service can give a 100% absolute guarantee against every possible incident (such as a breach at a service provider). What we can promise is that selling your data is not part of our business model, is not permitted by our agreements with the providers above, and will not happen as a deliberate act. If a data breach ever affects your personal information, we will notify you and the relevant supervisory authority as required by law (within 72 hours under GDPR where applicable).

6. Data Retention

We retain account and result data for as long as your account is active or as needed to provide the service. You may request deletion at any time, after which your data will be deleted or anonymised.

7. Your Rights

Depending on your jurisdiction (including GDPR and CCPA), you may have rights to access, rectify, erase, restrict, port, or object to processing of your personal data, withdraw consent, and lodge a complaint with your local supervisory authority. Contact us to exercise these rights; we respond within one month.

8. Security

We use appropriate technical and organisational measures to protect your personal data, including encryption in transit (HTTPS/TLS), encryption at rest, access controls, and least-privilege permissions for staff and service accounts. No system is perfectly secure, but we work to keep your data safe.

9. International Transfers

Some of our service providers operate outside the UK/EEA. Where personal data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

10. Cookies

We use essential cookies and local storage to keep you signed in and remember preferences. We do not use third-party advertising cookies.

11. Children

Veylora is not directed to children under 13 (or the equivalent minimum age in your country) and we do not knowingly collect their data.

12. Changes

We may update this policy from time to time. Material changes will be reflected by updating the date above.

13. Contact

Data controller: Tamar Mkurnalidze MA MSc. For privacy questions or requests, .