Legal

Privacy Policy

Last updated: April 26, 2026

This Privacy Policy explains how Velox ("Velox," "we," "us," or "our") collects, uses, stores, and protects information when you use our website at runvelox.com or purchase our services.

1. Information We Collect

Information you provide:

Name, email address, company name, and phone number when you contact us, sign up, or pay for a service
Billing information (handled by Stripe — we do not store full payment card numbers)
Business information you share during engagements (goals, current systems, brand assets, credentials needed for delivery)
Communications you send us via email, chat, or contact forms

Information collected automatically:

Standard server logs (IP address, browser type, pages visited) for site security and basic analytics
Cookies for authentication, session management, and analytics (lightweight, no third-party tracking)
Aggregated server-side traffic logs only — no third-party analytics or behavioral tracking is currently in use

2. How We Use Information

Deliver and improve the services you've purchased
Process payments and send receipts/invoices (via Stripe)
Communicate with you about your account, services, and engagement
Send transactional emails (welcome, kickoff, status updates) — not marketing without explicit opt-in
Monitor and improve site performance and security
Comply with legal obligations

3. Third-Party Services We Use

Velox uses the following processors to deliver services. Each has its own privacy policy:

Stripe — payment processing (stripe.com/privacy)
Supabase — database hosting and authentication (supabase.com/privacy)
Netlify — website and application hosting (netlify.com/privacy)
Cloudflare — DNS and content delivery (cloudflare.com/privacypolicy)
Resend — transactional email delivery (resend.com/legal/privacy-policy)
Cloudflare Web Analytics — privacy-first site analytics, no cookies (cloudflare.com/privacypolicy)

4. How We Protect Information

HTTPS encryption on all client-facing surfaces
Database access limited to authorized personnel only, secured via Row Level Security and least-privilege access
Payment data handled exclusively by Stripe — Velox never sees full card numbers
Credentials and secrets stored in encrypted secret managers, never in source code or unencrypted files
Regular review of access permissions and security configurations

No system is perfectly secure. Velox cannot guarantee absolute security but takes reasonable measures appropriate to a small consultancy.

5. Data Sharing

Velox does not sell your information. We share information only:

With service providers (listed in Section 3) as required to deliver services
With your explicit consent (e.g., introducing you to a vendor or partner)
To comply with legal obligations, valid subpoenas, or court orders
To protect Velox's rights or prevent fraud

6. Data Retention

We retain personal information for as long as your account is active or as needed to provide services. After termination, we retain billing records for at least 7 years for tax and legal compliance, and other client data for up to 24 months unless you request earlier deletion. Aggregated, anonymized analytics may be retained indefinitely.

7. Your Rights

Depending on your location, you may have the right to:

Access the personal information we hold about you
Correct inaccurate information
Request deletion of your information (subject to legal retention requirements)
Object to or restrict certain processing
Receive your information in a portable format
Opt out of marketing communications (Velox does not send unsolicited marketing by default)

To exercise these rights, email hello@runvelox.com. We respond within 30 days.

8. Children's Privacy

Velox services are not directed to anyone under 18. We do not knowingly collect information from children. If we learn we have collected such information, we will delete it.

9. International Users

Velox is based in the United States. By using our services, you consent to having your information processed in the U.S. We do not specifically target users in regions with stricter data laws (e.g., EU/UK GDPR). If you are in such a region and use Velox services, you do so at your own discretion and are responsible for complying with local data laws. Contact us if you have specific data-rights questions.

10. Changes to This Policy

Velox may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated by email to active clients at least 14 days before taking effect.

11. Contact

Questions about this policy, your data, or any privacy concern: hello@runvelox.com.

Plain-English summary: We collect what's needed to deliver our services and run the business — your contact info, billing details handled by Stripe, and business context shared during engagements. We don't sell your data. We don't run third-party tracking pixels. You can ask to see, correct, or delete what we have. Email hello@runvelox.com with any data question.