This Privacy Policy explains how Velosify AI, Inc. ("Velosify", "we", "us") collects, uses, and protects information when you use Velosify CRM at crm.velosify.ai (the "Service"). By using the Service, you consent to the practices described here.
1. Information we collect
Account information
When you sign up we collect your name, email address, phone number, username, and a hashed password. Your password is salted and hashed; we never store it in plain text and cannot recover it.
Customer data you store in the CRM
Velosify CRM is a workspace tool — the contacts, companies, deals, notes, call logs, and files you create inside the Service are your data. We store this on your behalf to deliver the Service. We do not sell or share customer data with third parties for advertising.
Billing information
Payments are processed by Stripe, Inc. We do not see or store your full card number, CVV, or bank credentials. Stripe gives us a token, a customer ID, the card's last 4 digits, brand, and expiry, and subscription status. See Stripe's Privacy Policy.
Usage and technical data
We log basic request metadata for operations and abuse-prevention: IP address, user agent, timestamps, requested URL, and HTTP status. These logs are retained for up to 90 days.
Marketing analytics
On our marketing pages (logged-out visitors) we use the Meta / Facebook Pixel to measure ad performance. The pixel may set cookies and report page views and sign-up events back to Meta. See our Cookie Policy and Meta's Privacy Policy.
2. How we use information
- To provide, maintain, and improve the Service.
- To authenticate you and keep your account secure.
- To process payments and manage subscriptions.
- To send transactional email (signup confirmation, billing receipts, password resets, security alerts).
- To respond to support requests.
- To detect, prevent, and investigate abuse, fraud, and security incidents.
- To comply with legal obligations.
3. Third-party service providers (subprocessors)
We rely on the following processors to run the Service. Each is contractually obligated to protect your data and use it only to deliver their services to us.
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing & subscription billing | Name, email, billing address, card token, subscription state |
| Twilio | Phone number lookup (mobile vs landline) for leads you enrich | Phone numbers you submit to the lookup tool |
| Google (Maps / Places API) | Local business lead discovery | Search queries and locations you submit to the lead generator |
| Resend | Transactional email delivery | Your email address, message contents |
| Meta (Facebook Pixel) | Ad measurement on marketing pages only | Anonymous browser ID, page-view and sign-up events |
| Railway / Cloudflare | Hosting, CDN, DNS | IP address, request metadata |
4. How we share information
We do not sell your personal data. We share information only:
- With the subprocessors listed above, to operate the Service.
- With your authorization (e.g. integrations or webhooks you configure).
- To comply with a valid legal request, court order, or to protect rights, property, or safety.
- In connection with a merger, acquisition, or sale of assets — in which case you will be notified.
5. Data retention
We retain account and customer data for as long as your account is active. After cancellation, we keep data for up to 90 days in case you wish to reactivate, after which it is permanently deleted from production systems. Backups are rotated within 30 days. Billing records may be retained longer where required by law (typically 7 years for tax purposes).
6. Your rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal data, or to object to or restrict certain processing. To exercise these rights, email [email protected] from the address associated with your account. We respond within 30 days.
7. Security
We protect your data with TLS in transit, password hashing with industry-standard algorithms, isolated per-user data (every CRM record is scoped to your account ID), and access controls. No system is perfectly secure — if you believe your account has been compromised, contact us immediately.
8. International transfers
Velosify is operated from the United States. By using the Service from outside the U.S., you consent to your information being transferred to and processed in the U.S.
9. Children
The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.
10. Changes to this policy
We may update this policy. Material changes will be announced in-app or by email. The "Last updated" date above always reflects the current version.
11. Contact
Questions or requests: [email protected]