Velocitio
Privacy Policy

Privacy Policy

This policy explains how Velocitio collects, uses, shares, and protects personal data when you use the website, create an account, connect engineering tools, or interact with the product.

Effective date: March 7, 2026

Velocitio operates the service available at https://www.velocitio.com. For personal data processed in connection with the website and the service, Velocitio acts as the controller unless a separate data processing arrangement says otherwise.

If you have a privacy question or want to exercise your rights, contact info@velocitio.com.

What this Privacy Policy covers

This Privacy Policy describes how Velocitio collects, uses, discloses, and protects personal data when you visit our websites, create an account, connect integrations, use our engineering analytics platform, or contact us for support.

It applies to account holders, workspace users, visitors to the public website, and people who interact with us through onboarding, support, or billing. It does not govern third-party products that you connect to the service or customer-controlled systems that process data under your own organization’s policies.

Information we collect

Depending on how you use the service, we may collect the following categories of information:

  • Account and profile data. This includes your name, email address, workspace name, login credentials or single sign-on identifiers, plan selection, and account preferences.
  • Billing and transaction data. This includes subscription status, billing contact details, invoice metadata, and payment-related records received from our payment providers.
  • Service and integration data. This includes repositories, scan outputs, pull request metadata, configured scopes, AI assistant prompts and responses, Jira connection settings, and selected product configuration.
  • Support and communication data. This includes messages, onboarding requests, support tickets, and feedback you send to us.
  • Technical and usage data. This includes authentication events, audit logs, IP-derived security signals, device and browser information, rate-limit events, and product interaction telemetry.
  • Cookie and preference data. This includes consent choices and optional client-side preference storage where the consent manager allows it.

How we use information

We use personal data to operate, secure, and improve the service. Typical purposes include:

  • Creating and managing accounts, workspaces, subscriptions, and access rights.
  • Running repository scans, generating analytics, and displaying scoped dashboards or exports.
  • Providing AI-assisted explanations and recommendations within the user’s permitted data scope.
  • Detecting abuse, preventing fraud, troubleshooting incidents, and maintaining service reliability.
  • Responding to support requests, onboarding customers, and sending important operational notices.
  • Complying with legal, accounting, tax, and security obligations.

Legal bases for processing

Where the GDPR or similar laws apply, we process personal data on one or more of the following bases: contractual necessity, legitimate interests, consent, and compliance with legal obligations.

In practice, this means we process data to provide the product you requested, secure and improve the platform, manage billing and support, honor your consent choices for optional technologies, and retain records where law requires it.

How we share information

We do not sell personal data. We may share information with hosting, infrastructure, authentication, email, support, billing, and other service providers that help us operate the platform, subject to appropriate contractual protections.

We may also disclose information where necessary to comply with law, protect rights or safety, investigate misuse, or complete a business transfer such as a merger, financing, or acquisition.

Retention and security

We retain personal data for as long as needed to provide the service, maintain security, resolve disputes, enforce agreements, and meet legal obligations. Some backup, audit, and billing records may remain for a limited additional period.

We use administrative, technical, and organizational safeguards designed to protect information from unauthorized access, misuse, loss, or disclosure. No service can guarantee absolute security, but we design our systems to minimize exposure and to limit access according to scope and operational need.

International transfers

Our primary operating model is EU-focused, but some subprocessors or support functions may involve processing outside the EEA. Where that happens, we rely on lawful transfer mechanisms such as adequacy decisions, standard contractual clauses, or equivalent safeguards.

Your rights and choices

Depending on applicable law, you may have rights to access, correct, delete, restrict, object to, or port certain personal data, and to withdraw consent where processing depends on consent.

You may also have the right to lodge a complaint with your local supervisory authority. To make a request, contact us at info@velocitio.com.

Cookies and similar technologies

We use a consent manager to handle non-essential cookie and local-storage choices. Necessary technologies are used to keep sign-in, security, and core application behavior working. Optional preference technologies are only used where the consent manager indicates they are allowed.

Changes and contact information

We may update this Privacy Policy from time to time to reflect product changes, legal requirements, or operational updates. If we make a material change, we will publish the updated version with a revised effective date.

Questions, privacy requests, or complaints can be sent to info@velocitio.com.