Privacy Policy

1. Introduction

At Velora Hosting, accessible from velorahosting.com and panel.velorahosting.com, the privacy of our customers and visitors is a priority. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have regarding your data.

This policy applies to all users of our website and services and is compliant with the General Data Protection Regulation (GDPR), the Norwegian Personal Data Act (personopplysningsloven), and the Norwegian Electronic Communications Act (ekomloven) regarding cookies.

If you have any questions about this policy, please contact us at support@velorahosting.com.

2. Data Controller

The data controller responsible for your personal data is:

Evolvix AS
Trading as: Velora Hosting
Address: [YOUR REGISTERED BUSINESS ADDRESS]
Organization Number: NO VAT 931 801 848
Email: support@velorahosting.com

3. Data We Collect

We collect the following categories of personal data:

• Account & contact information — name, email address, and account credentials provided when registering or contacting us
• Billing information — payment method details processed securely by Stripe or PayPal (we do not store full card numbers)
• Order & transaction data — purchase history, invoices, and subscription details managed via WHMCS
• Technical data — IP addresses, browser type, operating system, referring pages, and timestamps collected via server log files
• Usage data — website interaction data collected via Google Analytics 4 (GA4), subject to your cookie consent
• Advertising data — hashed conversion data (email, order value) sent to Google Ads Enhanced Conversions, subject to your cookie consent

4. Legal Basis for Processing

We process your personal data under the following legal bases as defined by GDPR Article 6:

• Contract performance (Art. 6(1)(b)) — processing your account, billing, and service delivery data necessary to provide the services you have purchased
• Legal obligation (Art. 6(1)(c)) — retaining transaction and invoice records as required by Norwegian accounting and tax law
• Legitimate interests (Art. 6(1)(f)) — server log files for security monitoring, fraud prevention, and service stability
• Consent (Art. 6(1)(a)) — analytics (GA4), advertising (Google Ads & Enhanced Conversions), and non-essential cookies, collected only after you provide explicit consent via our Cookiebot/Usercentrics cookie banner

5. How We Use Your Data

We use the data we collect for the following purposes:

• Creating and managing your customer account
• Delivering and managing the game server services you have purchased
• Processing payments and issuing invoices
• Sending transactional emails (order confirmations, renewal reminders, support responses)
• Detecting and preventing fraud, abuse, and security incidents
• Analyzing website usage to improve our services (only with your consent)
• Measuring the effectiveness of our advertising campaigns (only with your consent)
• Inviting you to leave a review on Trustpilot after a purchase (you may opt out at any time)
• Complying with legal and regulatory obligations

We do not sell your personal data to third parties, and we do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

6. Log Files

Velora Hosting follows standard practice in using server log files. These files record activity when visitors access our website and control panel. The information collected includes IP addresses, browser type, internet service provider (ISP), referring and exit pages, and timestamps. This data is used for security monitoring, diagnosing technical issues, and analyzing traffic trends.

Log file data is not linked to personally identifiable information and is processed on the basis of our legitimate interests in maintaining a secure and stable service (GDPR Art. 6(1)(f)). Log files are retained for a maximum of 90 days.

7. Cookies & Consent Management

Our website uses cookies — small text files stored on your device — to provide functionality, remember your preferences, and (with your consent) collect analytics and advertising data.

We use the following categories of cookies:

• Strictly necessary cookies — required for the website and control panel to function. These cannot be disabled.
• Preference cookies — remember your settings and choices across visits.
• Analytics cookies — used by Google Analytics 4 (GA4) to collect anonymized usage data. Only active with your consent.
• Marketing cookies — used by Google Ads and Enhanced Conversions for advertising measurement. Only active with your consent.

Consent is managed through our Cookiebot/Usercentrics cookie banner, which appears on your first visit. You can review or withdraw your consent at any time by clicking the "Cookie Settings" link in the footer of our website. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

You may also disable cookies via your browser settings, though this may affect the functionality of our website. For more information on managing cookies, visit aboutcookies.org.

8. Google Services (Ads, Enhanced Conversions & GA4)

We use several Google services to understand how our website is used and to measure the performance of our advertising. All Google services are loaded through Google Tag Manager (GTM) and are only activated after you provide explicit consent through our cookie banner.

Google Analytics 4 (GA4)

We use GA4 to collect anonymized data about how visitors interact with our website, such as pages visited, session duration, and traffic sources. IP addresses are anonymized before being sent to Google. In addition to general usage analytics, GA4 also receives conversion events — such as completed purchases and account registrations — to help us understand which parts of our service funnel are performing effectively. This conversion data includes event metadata such as order value and product type, but does not include raw payment details. All GA4 data is used solely to improve our website and services and is only collected with your explicit consent. GA4 data is processed by Google LLC under Standard Contractual Clauses (SCCs) for transfers to the United States.

Google Ads & Enhanced Conversions

We use Google Ads to promote our services. To accurately measure conversions, we use Google's Enhanced Conversions feature, which sends hashed (SHA-256 encrypted) customer data — such as email address, order value, and order ID — to Google after a completed transaction. This data is used solely for conversion attribution and advertising optimization and is not used by Google for other purposes without your separate consent.

Google DoubleClick DART cookies may also be used to serve relevant ads based on your visits to our site and other sites. You can opt out of DART cookies by visiting Google's Ads & Privacy policy.

For more information on how Google processes data, see Google's Privacy Policy.

9. Payment Processors (Stripe & PayPal)

We use Stripe and PayPal to process payments securely. When you make a purchase, your payment details are submitted directly to these processors — we do not store or have access to your full card number or banking credentials.

Stripe and PayPal act as independent data controllers for the payment data they process and are bound by their own privacy policies and GDPR compliance obligations. Both processors use Standard Contractual Clauses (SCCs) for any data transfers outside the EEA.

• Stripe Privacy Policy: stripe.com/en-no/privacy
• PayPal Privacy Policy: paypal.com/privacy

By choosing to pay via subscription, you agree that Stripe or PayPal may store your payment method details to facilitate automatic renewal charges at the end of each billing period, until you cancel your subscription.

10. Billing & Account Management (WHMCS)

We use WHMCS as our billing and client management platform. WHMCS stores your account information (name, email, address), order history, invoices, and support tickets. This data is processed on the basis of contract performance (GDPR Art. 6(1)(b)) and legal obligation for accounting records (GDPR Art. 6(1)(c)).

WHMCS data is hosted on our own servers located in the EU (Germany and Finland) and is not shared with WHMCS Ltd. beyond what is necessary for licensing and support purposes. For more information, see the WHMCS Privacy Policy.

11. Review Invitations via Trustpilot

After completing a purchase, we may share your name, email address, and purchase reference with Trustpilot A/S for the purpose of sending you a one-time invitation to review your experience with us. This is based on our legitimate interest in collecting customer feedback to improve our services (GDPR Art. 6(1)(f)).

You are under no obligation to leave a review. If you do not wish to receive review invitations, you may opt out by contacting us at support@velorahosting.com before your order is completed.

Trustpilot is an independent data controller for data collected through their platform. For more information, see the Trustpilot Privacy Policy.

12. Third-Party Processors

We work with the following third-party processors who may handle your personal data on our behalf or as independent controllers. All processors are contractually bound to handle your data securely and in accordance with GDPR:

• Google LLC — Analytics (GA4), advertising (Google Ads), and tag management (GTM)
• Stripe, Inc. — payment processing
• PayPal Holdings, Inc. — payment processing
• WHMCS Ltd. — billing and client management platform
• Trustpilot A/S — review invitation service
• Cookiebot/Usercentrics A/S — consent management platform

We do not sell your personal data to any third party.

13. International Data Transfers

Our own servers and WHMCS installation are located within the EU (Germany and Finland), meaning your account and billing data does not leave the EEA under our direct control.

However, some of our third-party processors — including Google, Stripe, and PayPal — are headquartered in the United States and may transfer data outside the EEA. Where this occurs, these transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Article 46, ensuring your data receives an equivalent level of protection.

14. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected:

• Account data — retained for the duration of your account and deleted within 90 days of account closure upon request
• Invoice and transaction records — retained for 5 years in accordance with Norwegian accounting law (Bokføringsloven § 13)
• Server log files — retained for a maximum of 90 days
• Analytics data (GA4) — retained for 14 months within Google Analytics, per our configuration
• Support tickets — retained for 2 years after closure

15. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15) — request a copy of the personal data we hold about you
• Right to rectification (Art. 16) — request correction of inaccurate or incomplete data
• Right to erasure (Art. 17) — request deletion of your personal data, subject to legal retention obligations
• Right to restriction (Art. 18) — request that we limit how we process your data under certain conditions
• Right to data portability (Art. 20) — request your data in a structured, machine-readable format
• Right to object (Art. 21) — object to processing based on legitimate interests, including direct marketing
• Right to withdraw consent (Art. 7(3)) — withdraw consent for cookie-based processing at any time via our Cookie Settings, without affecting prior lawful processing

To exercise any of these rights, contact us at support@velorahosting.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In Norway, this is Datatilsynet. EU residents may contact their national data protection authority, listed at edpb.europa.eu.

16. Children's Information

Protecting children online is important to us. Velora Hosting does not knowingly collect personal data from children under the age of 15. If you believe your child has provided personal information on our website without appropriate consent, please contact us immediately at support@velorahosting.com and we will delete such data as soon as possible.

We encourage parents and guardians to monitor their children's online activity and to contact us with any concerns.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make significant changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or via a notice on our website. We encourage you to review this policy periodically.

18. Consent

By using our website, you acknowledge that you have read and understood this Privacy Policy. For processing activities that require consent — such as analytics and advertising cookies — we collect your explicit consent through our Cookiebot/Usercentrics consent banner before any such data is collected. You may withdraw or adjust your consent at any time via the "Cookie Settings" link in the footer of our website.