Privacy Policy

Data Privacy & GDPR Compliance

At Vela, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI customer support platform.

EU Data Residency - Your Data Stays in Europe

Your data never leaves the European Union.

We are committed to ensuring that all personal data processed through our platform remains within the EU. Our entire infrastructure is hosted on EU-based servers, and we do not transfer your data outside the European Economic Area (EEA). This commitment applies to:

  • All customer data
  • Conversation history
  • Knowledge base content
  • User profiles and authentication data
  • Analytics and usage data

When you use Vela, you can be confident that your data is protected by EU data protection laws, including the General Data Protection Regulation (GDPR).

Data Controller

Vela
Contact: dan@vela.cx

Information We Collect

Personal Information

  • Account information (name, email, company)
  • Payment information (processed securely through our payment providers)
  • Communication data when you contact our support

Usage Data

  • Platform interactions and features used
  • Conversation metadata
  • Performance and analytics data

Knowledge Base Data

  • Documents, URLs, and content you upload
  • Configuration preferences
  • Integration settings

How We Use Your Data

We use your data to:

  • Provide and maintain our AI customer support services
  • Process your transactions and manage your account
  • Communicate with you about service updates and support
  • Improve and optimize our platform
  • Comply with legal obligations

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you agree to our terms
  • Contract: To fulfill our service obligations
  • Legitimate Interest: For security and service improvement
  • Legal Obligation: For regulatory compliance

Your Rights Under GDPR

As an EU resident, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at dan@vela.cx.

Data Security

We implement robust security measures including:

  • Encryption at rest and in transit
  • Multi-factor authentication
  • Regular security audits
  • Access controls and logging
  • EU-only data processing and storage

Data Retention

We retain personal data only as long as necessary:

  • Account data: Duration of account + 30 days after deletion
  • Conversation data: Duration of account (or as configured)
  • Logs: 12 months for security purposes

Data Sharing

We do not sell your personal data. We may share data with:

  • Service providers (EU-based only) who help operate our platform
  • Legal authorities when required by law
  • Business successors in case of merger or acquisition

All third-party processors are contractually bound to GDPR compliance and data processing within the EU.

International Transfers

We do not transfer personal data outside the EU/EEA. All data processing occurs within EU-based data centers. If we ever need to transfer data outside the EU, we will ensure adequate safeguards are in place as required by GDPR.

Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or platform notification.

Contact Us

For questions about this Privacy Policy or to exercise your data rights:

  • Email: dan@vela.cx

We aim to respond to all requests within 30 days as required by GDPR.