Velocity Platform Privacy Policy

Veloo Ltd. ("Company," "we," or "us") is committed to protecting the privacy of our business customers. This Privacy Policy explains how we collect, use, and share information when you participate in the Velocity Platform pilot program. This Privacy Policy should be read in conjunction with our Terms of Service.

1. INFORMATION WE COLLECT

• Voluntary Provision of Data: You are not legally required to provide us with your personal or business information. However, providing this information is necessary to participate in the Velocity Platform pilot program.
• Account Information: We collect information provided during registration, such as business name, email address, and contact details.
• Technical Data: We collect API usage data, including IP addresses, rendering volumes, and log files.
• Cookies and Similar Technologies: We use strictly necessary session cookies and secure authentication tokens to maintain your session and protect the security of the AWS infrastructure. We do not use advertising cookies or third-party tracking technologies. You may configure your browser to reject cookies, but this may prevent you from accessing the Services.
• Customer Materials: We process files you upload (Lottie .json, images, video, audio) solely to perform the rendering services.

2. HOW WE USE YOUR INFORMATION & LEGAL BASIS

We use your information for the following purposes and based on the following legal grounds (for EEA, UK, Switzerland, and Brazil users):

• Service Delivery (Contract Performance): To provide, maintain, and optimize the Rendering as a Service (RaaS) platform and process Customer Materials.
• Pilot Management (Contract Performance): To monitor your 24-hour rendering budget and API key status.
• Service Improvement & Pilot Analysis (Legitimate Interests): To analyze usage patterns, test system performance, and improve the accuracy and efficiency of our rendering technologies during the pilot program. This includes using aggregated or de-identified data to enhance our internal algorithms and infrastructure.
• Security (Legitimate Interests): To detect and prevent unauthorized access, malicious misuse, or attacks on our infrastructure.
• Communication (Legitimate Interests): To contact you regarding pilot updates, technical support, or changes to this policy.
• Legal Compliance (Legal Obligation): Disclosing information when required by law or valid legal process.

3. DATA SHARING AND DISCLOSURE

• Cloud Infrastructure: We utilize Amazon Web Services (AWS) as our primary sub-processor for data storage and processing.
• Legal Requirements: We may disclose information if required by law or in response to valid requests by public authorities.
• No Sale of Data: Company does not sell your personal or business information to third parties for monetary consideration. We only share information with service providers necessary to operate the Velocity Platform.
• Controller / Processor Relationship: To the extent that Company processes Personal Data on behalf of Customer, the parties acknowledge that Customer is the Data Controller and Company is the Data Processor. If you require a Data Processing Addendum (DPA) to comply with GDPR, UK GDPR, LGPD, or other privacy regulations, please contact us at info@veloo.io prior to uploading any personal data.

4. DATA SECURITY, RETENTION & BREACH NOTIFICATION

• Security Measures: We implement physical, technical, and administrative measures designed to protect your information from unauthorized access.
• Security Incident Notification: In the event of a data breach affecting your personal information, we will notify you without undue delay and in accordance with applicable law. Notification will be sent to the email address associated with your account.
• Retention of Customer Materials: Consistent with our Terms of Service, all Customer Materials and Rendered Content are subject to a Rolling Retention policy and will be deleted from our systems thirty (30) days after their creation, regardless of whether your pilot participation is still active.
• Retention of Account Information: We retain Account Information (business name, email) for up to 90 days following the conclusion of the pilot for administrative and legal compliance purposes, after which it will be deleted unless retention is required by law.
• Retention of Technical Data: Log files and API usage data are retained for up to 12 months for security analysis and debugging purposes, then anonymized or deleted.

5. YOUR RIGHTS

Depending on your jurisdiction (including Israel, the EEA, UK, Switzerland, Brazil, Australia, Canada, and the United States), you may have the following rights:

• Access: Request a copy of personal information we hold about you (including details on third parties with whom data was shared).
• Rectification: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal obligations.
• Restriction: Request that we limit processing of your information in certain circumstances.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Objection to Automated Processing: You have the right to object to decisions based solely on automated processing or profiling if it produces legal effects concerning you.
• Opt-Out of Data "Sharing": Residents of certain jurisdictions (like California, Virginia, Colorado, Connecticut, and Utah) have the right to opt-out of the "sharing" of their personal information for cross-context behavioral advertising or certain internal analytics.
• Withdrawal of Consent: Where processing is based on consent, you may withdraw it at any time (applicable in Canada, Brazil, UK/EEA).
• Complaint: Lodge a complaint with a supervisory authority in your jurisdiction (e.g., the ICO in the UK, OAIC in Australia, or Privacy Commissioner in Canada).

To exercise these rights, contact us at info@veloo.io. We will respond within 30 days. If we deny your request, residents of certain US states (e.g., Virginia, Colorado) have the right to appeal our decision by contacting us.

6. CHILDREN'S PRIVACY

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a minor, we will take steps to delete such information promptly.

7. DATA TRANSFERS

Your information will be processed in the United States (via AWS) and in Israel. Israel is recognized by the European Commission and the United Kingdom as providing an adequate level of data protection. By using the Services, you consent to the transfer of information to these jurisdictions. Australian users specifically acknowledge that while we take reasonable steps to protect your data, these jurisdictions may have different privacy laws than Australia.

8. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by email at least fourteen (14) days before they take effect. The "Last Updated" date at the top of this Policy indicates when it was last revised. Your continued use of the Services after changes take effect constitutes acceptance of the revised Policy.

9. CONTACT US

For any questions regarding this Privacy Policy, please contact us at info@veloo.io.

10. US STATE PRIVACY RIGHTS

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or other US states with effective privacy laws, specific rights apply to your personal information:

• Right to Know and Access: You may request details about the categories of personal information we collect, the sources from which we collect it, the business or commercial purpose for collecting it, and the third parties with whom we share it.
• Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions (e.g., if we need to retain the data to complete a transaction or comply with a legal obligation).
• Right to Correct: You have the right to request that we correct inaccurate personal information we hold about you.
• "Do Not Sell or Share": We do not "sell" your personal information for monetary value. Furthermore, we do not "share" your personal information for cross-context behavioral advertising purposes. We use your data strictly for internal business purposes, such as service improvement and analytics, which is recognized as a business purpose under applicable laws.
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Authorized Agent: You may designate an authorized agent to make a request on your behalf. We may require proof of your authorization and verification of your identity.