Skip to main content
Velo

Legal

Privacy Policy

Last updated: May 1, 2026

Data we collect

We collect account information (name, email, workspace name), usage data (page views, feature usage, performance metrics), and project data you create within your workspace. We do not sell your data to third parties.

How we use your data

Your data is used to provide and improve the Velo service — rendering your boards, computing analytics, sending notifications, and diagnosing issues. Aggregated, anonymized usage data helps us prioritize features.

Data storage & security

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Infrastructure runs on [CUSTOMISE: your cloud provider] cloud infrastructure. SOC 2 Type II certified. Annual penetration testing by independent firms.

Third-party services

We use [CUSTOMISE: your payment processor] for payment processing, [CUSTOMISE: your email provider] for transactional email, and [CUSTOMISE: your hosting provider] for hosting. Each sub-processor is contractually bound to equivalent data protection standards.

Data retention

Active workspace data is retained for the lifetime of your subscription. On cancellation, data is soft-deleted immediately and permanently purged after 30 days. Enterprise plans support custom retention policies.

Your rights

You have the right to access your personal data, the right to rectify or correct inaccurate data, the right to erase or delete your data, the right to restrict processing, the right to data portability, the right to object to processing, the right not to be subject to a decision based solely on automated processing — including profiling — that produces legal or similarly significant effects (GDPR Art. 22; you may request human review, contest the decision, and express your point of view), and the right to lodge a complaint with a supervisory authority. Contact privacy@velopm.app to exercise these rights. We respond to all requests within 30 days. GDPR, CCPA, and UK GDPR compliant.

Do Not Track and Global Privacy Control

We honour Global Privacy Control (GPC) where legally required. We do not currently respond to Do Not Track (DNT) browser signals because no common technical standard defines how websites should interpret them.

Questions? Contact us at privacy@velopm.app

DemoUI kit preview — content is fictional.