Privacy Policy

Velosify AI, Inc. ("Velosify," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website velosify.ai, our customer relationship management application at crm.velosify.ai (the "CRM"), and our other services.

⟩ Information We Collect

We may collect information you provide directly to us, including:

• Account information: name, email address, phone number, business name, and login credentials when you create an account or request our services.
• Business information: industry, growth challenges, and service preferences you share with us.
• Communications: messages, feedback, or correspondence you send to us.
• Payment information: when you subscribe to a paid plan, billing details are collected and processed by our payment processor, Stripe, Inc. We do not store full credit or debit card numbers on our servers. We retain limited card metadata (card brand, last four digits, expiration month and year) and Stripe customer/subscription identifiers so we can display your card on file and manage your subscription. Stripe's processing of your payment information is governed by Stripe's privacy policy.
• Subscription data: your plan, billing status, trial-end date, current period dates, and cancellation status.

We may also collect information automatically when you visit our website or use the CRM:

• Browser type, operating system, and device information
• IP address and approximate location
• Pages viewed, time spent on pages, and navigation paths
• Referring website or source
• Authentication and session cookies necessary to keep you logged in

⟩ Customer-Provided CRM Data

The CRM allows our customers to store contact, company, deal, and activity records about their end users (for example, our customer's leads or clients). When our customers upload this information, they are the controllers of that data and we act as a data processor on their behalf. We use this data only to provide the CRM service to that customer and do not access it except as needed for support, security incidents, or legal compliance. On request from our customer (via email to [email protected]), we will export their CRM data in a standard format (CSV) or permanently delete it within 30 days, subject to any retention required by law.

⟩ How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process subscriptions, recurring charges, refunds, and other billing transactions through Stripe
• Authenticate users and secure user accounts
• Respond to your inquiries and fulfill your requests
• Send transactional emails (receipts, billing notices, security alerts) and, with your consent, product updates
• Analyze usage trends and optimize our website and CRM
• Protect against fraud, abuse, and unauthorized activity

⟩ Information Sharing & Subprocessors

We do not sell your personal information. We share information only with the service providers we rely on to operate the business, when legally required, or in connection with a corporate transaction:

• Stripe, Inc. — payment processing, subscription management, fraud detection
• Railway Corp. — application hosting and database storage (United States)
• Cloudflare, Inc. — DNS, content delivery, and bot protection
• Google LLC — Google Places API for the optional Lead Generator feature; Google Analytics for website usage measurement
• Meta Platforms, Inc. — Meta Pixel for measuring marketing campaign performance on velosify.ai
• Calendly, Inc. — embedded scheduling on velosify.ai
• Legal requirements — if required by law, regulation, subpoena, or other valid legal process
• Business transfers — in connection with a merger, acquisition, financing, or sale of assets, in which case the acquirer will be bound by this Privacy Policy or an equivalent one

⟩ Data Location

Personal data and customer-provided CRM data are stored on infrastructure located in the United States. If you access our services from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States.

⟩ Data Security

We implement industry-standard security measures to protect your information, including TLS encryption in transit, hashed password storage, restricted access controls, and infrastructure hardening. Payment card data is transmitted directly from your browser to Stripe and never touches our servers in raw form. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

⟩ Data Retention

We retain your account and CRM data for as long as your subscription is active and for 90 days after cancellation or account deletion, after which we permanently delete it unless we are legally required to retain it longer (for example, tax records or fraud-prevention logs). Marketing-list data is retained until you opt out. Anonymized or aggregated analytics data may be retained indefinitely.

⟩ Your Rights

Depending on your location, you may have the right to:

• Access: request a copy of the personal information we hold about you
• Correction: request that we correct inaccurate information
• Deletion: request that we delete your information ("right to be forgotten")
• Portability: receive your data in a machine-readable format
• Restriction or objection: limit how we use your data, or object to certain processing
• Withdraw consent: for any processing that relies on your consent, including marketing emails
• Non-discrimination: we will not deny you service for exercising any of these rights

To exercise any of these rights, email [email protected] from the address associated with your account. We will respond within 30 days, or notify you if more time is needed.

For California residents: under the CCPA/CPRA, you have the right to know what personal information we collect and how we use it (described above), the right to delete it, the right to correct it, and the right not to be discriminated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under California law.

For EU/UK residents: our lawful basis for processing your information is performance of our contract with you (providing the services you signed up for) and our legitimate interests in operating, securing, and improving the services. You may also lodge a complaint with your local data protection authority.

⟩ Cookies

We use cookies and similar tracking technologies on velosify.ai and inside the CRM. See our Cookie Policy for details on the categories of cookies we use, the third parties that set them (including Stripe), and how to manage your preferences.

⟩ Third-Party Links

Our website and the CRM may contain links to third-party websites. We are not responsible for the privacy practices of these external sites and encourage you to review their privacy policies.

⟩ Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

⟩ Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date and, where appropriate, by emailing the address on file for your account.

⟩ Contact Us

If you have questions about this Privacy Policy or want to exercise any of the rights above, please contact us at:
[email protected]