1. Introduction
Alora Design ("we", "our", "us") is committed to protecting the privacy of its users and clients. This privacy policy explains how we collect, use, disclose, and protect your personal information when you use our website aloradesign.ca and our online growth services (websites, AI automations, chatbot, missed-call SMS reply, Google review generation).
By using our services, you consent to the practices described in this policy.
2. Information We Collect
We may collect the following types of information:
Information you provide directly
- Name, email address, phone number, and business name (during registration or contact form submission)
- Business information provided through the onboarding questionnaire (site brief)
- Images, logos, and content you upload for your project
- Payment information (securely processed by Stripe; we never store your credit card data)
Information collected automatically
- IP address, browser type, operating system, and pages visited
- Usage data via Vercel Web Analytics (cookieless, anonymized)
- Essential cookies required for authentication and language preference
Data from AI services and automations
For Recommended and Premium plans, our automations also process:
- AI chatbot conversations deployed on your business website (visitor messages and generated replies, processed by Anthropic Claude)
- Caller phone numbers when a call to your Twilio number goes unanswered (used solely to send the auto-SMS reply)
- Your customers' contact details that you provide for sending Google review request SMS
- Image generation prompts sent to Replicate (Flux) during initial site creation
3. Google OAuth Authentication
We offer the option to sign in via Google OAuth. When you use this authentication method, we receive your name, email address, and profile photo from your Google account. We do not access any other data from your Google account.
This information is used solely to create and manage your account on our platform.
4. Data Storage and Security
Your data is securely stored via Supabase, a platform that complies with modern security standards. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, modification, disclosure, or destruction.
Payments are processed by Stripe, certified PCI DSS Level 1, the highest level of security certification in the payment industry.
5. Use of Information
We use your information to:
- Provide, operate, and improve our online growth services (websites and AI automations)
- Create and manage your client account
- Process your payments and manage your subscription
- Communicate with you regarding your project or account
- Send service-related communications (via Resend)
- Improve the user experience on our website
6. Cookies
We use a minimal set of cookies:
- Essential cookies: required for authentication (
alora_session, alora_refresh) and client portal functionality - Preference cookies: to remember your preferred language (
alora_lang, French/English) - No analytics cookies: we use Vercel Web Analytics, which measures traffic without setting cookies or identifying individual visitors
You can configure your browser to refuse cookies, but client portal authentication will stop working.
7. Information Sharing (sub-processors)
We never sell your personal information. We rely on the following sub-processors to deliver our services:
- Vercel: website hosting and anonymized traffic statistics (Web Analytics + Speed Insights)
- Supabase: secure storage of account data, briefs, and uploaded files
- Stripe: secure payment processing (PCI DSS Level 1)
- Resend: transactional emails (confirmation, notifications, password reset)
- Anthropic (Claude): AI chatbot message processing and Google review reply generation (Recommended and Premium plans)
- Twilio: sending missed-call SMS replies and review request SMS (Recommended and Premium plans)
- Replicate (Flux): custom image generation during initial site creation
- Google Cloud: OAuth sign-in and, when connected, reading/replying to Google Business Profile reviews on your behalf (Recommended and Premium plans, with explicit consent)
- Competent authorities: if required by law
8. Your Rights
In accordance with Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25) and applicable federal laws, you have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your personal information
- Withdraw your consent to data processing
- Request data portability
9. Data Retention
We retain your personal information for as long as necessary to provide our services or as required by law. If you cancel your account, we will delete your personal data within 30 days, unless retention is required by a legal obligation.
10. Changes
We may update this privacy policy periodically. Any changes will be posted on this page with a revised update date. We encourage you to review this page regularly.
11. Contact Us
For any questions regarding this privacy policy or to exercise your rights, please contact us: