Legal

Privacy Policy

Last updated: April 26, 2026

This Privacy Policy explains how Velox ("Velox," "we," "us," or "our") collects, uses, stores, and protects information when you use our website at runvelox.com or purchase our services.

1. Information We Collect

Information you provide:

Name, email address, company name, and phone number when you contact us, sign up, or pay for a service
Billing information (handled by Stripe — we do not store full payment card numbers)
Business information you share during engagements (goals, current systems, brand assets, credentials needed for delivery)
Communications you send us via email, chat, or contact forms

Information collected automatically:

Standard server logs (IP address, browser type, pages visited) for site security and basic analytics
Cookies for authentication, session management, and analytics (lightweight, no third-party tracking)
Aggregated visit statistics via Plausible Analytics (privacy-first, no personal data)

2. How We Use Information

Deliver and improve the services you've purchased
Process payments and send receipts/invoices (via Stripe)
Communicate with you about your account, services, and engagement
Send transactional emails (welcome, kickoff, status updates) — not marketing without explicit opt-in
Monitor and improve site performance and security
Comply with legal obligations

3. Third-Party Services We Use

Velox uses the following processors to deliver services. Each has its own privacy policy:

Stripe — payment processing (stripe.com/privacy)
Supabase — database hosting and authentication (supabase.com/privacy)
Netlify — website and application hosting (netlify.com/privacy)
Cloudflare — DNS and content delivery (cloudflare.com/privacypolicy)
Resend — transactional email delivery (resend.com/legal/privacy-policy)
Cloudflare Web Analytics — privacy-first site analytics, no cookies (cloudflare.com/privacypolicy)

4. How We Protect Information

HTTPS encryption on all client-facing surfaces
Database access limited to authorized personnel only, secured via Row Level Security and least-privilege access
Payment data handled exclusively by Stripe — Velox never sees full card numbers
Credentials and secrets stored in encrypted secret managers, never in source code or unencrypted files
Regular review of access permissions and security configurations

No system is perfectly secure. Velox cannot guarantee absolute security but takes reasonable measures appropriate to a small consultancy.

5. Data Sharing

Velox does not sell your information. We share information only:

With service providers (listed in Section 3) as required to deliver services
With your explicit consent (e.g., introducing you to a vendor or partner)
To comply with legal obligations, valid subpoenas, or court orders
To protect Velox's rights or prevent fraud

6. Data Retention

We retain personal information for as long as your account is active or as needed to provide services. After termination, we retain billing records for at least 7 years for tax and legal compliance, and other client data for up to 24 months unless you request earlier deletion. Aggregated, anonymized analytics may be retained indefinitely.

7. Your Rights

Depending on your location, you may have the right to:

Access the personal information we hold about you
Correct inaccurate information
Request deletion of your information (subject to legal retention requirements)
Object to or restrict certain processing
Receive your information in a portable format
Opt out of marketing communications (Velox does not send unsolicited marketing by default)

To exercise these rights, email trey@runvelox.com. We respond within 30 days.

8. Children's Privacy

Velox services are not directed to anyone under 18. We do not knowingly collect information from children. If we learn we have collected such information, we will delete it.

9. International Users

Velox is based in the United States. By using our services, you consent to having your information processed in the U.S. We do not specifically target users in regions with stricter data laws (e.g., EU/UK GDPR). If you are in such a region and use our services, you do so at your discretion and are responsible for any local compliance obligations on your side.

10. Cookies

We use minimal cookies — primarily for authentication and basic site functionality. We do not use third-party advertising cookies or remarketing trackers. You can disable cookies in your browser; some features may not work properly without them.

11. Changes to This Policy

We may update this Privacy Policy as our services evolve. Material changes will be communicated via email or a prominent notice on the site at least 14 days before taking effect.

12. Contact

Questions about this Privacy Policy or your information? Email trey@runvelox.com.

Note: This Privacy Policy reflects standard practices for a small AI/automation consulting firm. If your engagement involves regulated data (HIPAA, financial, government), we'll execute a separate Data Processing Agreement (DPA) tailored to those obligations.