Data Processing Addendum

For customer project data processed to provide Velra, the customer is the controller or business and Velra acts as processor or service provider. For account, billing, security, and product operations data, Velra may act as an independent controller where permitted by law.

Velra processes customer data to provide app generation, preview, deployment assistance, support, billing, security, abuse prevention, and service improvement consistent with the agreement and documented customer instructions.

Customers are responsible for ensuring they have the rights and notices required to submit data to Velra and connected providers.

Velra may use subprocessors for authentication, billing, hosting, model inference, observability, and infrastructure operations. Velra remains responsible for subprocessors under the applicable agreement.

Where international transfer mechanisms are required, Velra will use appropriate safeguards such as standard contractual clauses or equivalent mechanisms.

Velra applies tenant scoping, signed backend requests, usage limits, and operational access controls designed for a small-team SaaS environment. Enterprise controls can require a separate written agreement.

Upon verified deletion or termination requests, Velra deletes or returns customer data as required by the agreement, subject to legal, billing, backup, and security retention obligations.