Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect your email address, display name, and profile image. If you sign in with Google or GitHub, we receive your name, email, and avatar from those providers.

Content

We store videos you upload or generate, comments, chat messages, and other content you create on the Platform.

Usage Data

We automatically collect information about how you interact with the Platform, including pages visited, features used, videos watched, search queries, and timestamps of actions.

Device Information

We collect device type, operating system, browser type, IP address, and general location (country/region level) derived from your IP address.

2. How We Use Your Information

• Provide the service — authenticate your account, deliver content, process payments, and enable social features (likes, follows, comments, chat).
• Improve the Platform — analyze usage patterns, optimize performance, develop new features, and train our recommendation algorithms.
• Communicate with you — send transactional emails (magic links, billing receipts), notifications, and occasional product updates. You can opt out of non-essential communications.
• Security and fraud prevention — detect abuse, enforce rate limits, and protect accounts from unauthorized access using our fraud detection systems.

3. Information Sharing

We do not sell your personal information. We share data only with the following categories of service providers, each of which processes data on our behalf:

• Stripe — payment processing and subscription management
• Resend — transactional email delivery (magic links, notifications)
• Sentry — error tracking and performance monitoring
• Cloudflare — CDN, DDoS protection, and DNS

We may also disclose information when required by law, legal process, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Cookies and Tracking

We use the following types of cookies:

• Session cookies — essential for authentication and maintaining your logged-in state.
• Preference cookies — store your display settings (sidebar state, theme, locale).
• Analytics — we use Sentry for error and performance monitoring. Sentry may set cookies or local storage entries for session replay (errors-only in production).

We do not use third-party advertising trackers. Free-tier users may see Carbon Ads, which are contextual and do not use personal tracking cookies.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal information within 30 days, except where retention is required by law or necessary for legitimate business purposes (e.g., fraud prevention records).

Content you have uploaded or generated is retained until you delete it or until your account is terminated. Cached or backup copies may persist for up to 90 days after deletion.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct inaccurate or incomplete data.
• Deletion — request that we delete your personal data, subject to legal retention requirements.
• Export — request a machine-readable copy of your data (data portability).

To exercise any of these rights, contact us at privacy@vora.dev. We will respond within 30 days.

7. Children's Privacy

Vora is not intended for users under the age of 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from a minor, we will delete that information promptly. If you believe a minor has provided us with personal data, please contact us at privacy@vora.dev.

8. International Data Transfers

Vora is operated from the United States. If you access the Platform from outside the US, your data may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Platform, you consent to such transfers. We implement appropriate safeguards (such as standard contractual clauses) where required by applicable law.

9. Security Measures

We implement industry-standard security measures to protect your data, including encrypted connections (TLS), secure authentication (magic links and OAuth), rate limiting, fraud detection, content security policies, and regular security audits. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform at least 30 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: