Privacy & Security

We collect only what is necessary to provide the Service:

• Account information — your email address and hashed password when you create an account.
• Workspace data — company name, industry, and org configuration you provide during setup.
• Survey responses — employee-submitted answers including role, department, manual hours, and task descriptions. No names are collected by default — responses are anonymous unless an employee volunteers identifying information in a free-text field.
• AI-generated reports — analysis reports generated by the Service based on your survey data, stored against your workspace.
• Agent skills — skill specifications and automation blueprints you create within the platform.
• Usage metadata — timestamps of workspace creation and survey responses. We do not collect IP addresses or behavioral analytics.

• To generate AI analysis reports via the Anthropic Claude API. Survey data is sent to Anthropic's API solely to produce your report and is governed by Anthropic's Privacy Policy.
• To store and display your workspace data within the Service.
• To send you authentication emails (login links) via your configured email provider.

We do not:

• Sell, rent, or trade your data to third parties.
• Use your data to train AI models.
• Share your data across workspaces owned by different organizations.
• Use your data for advertising purposes.

Your data is stored on Railway's infrastructure in the United States (us-east region). Railway's security posture is described at railway.app/security.

The database is a SQLite file stored on a Railway persistent volume. Backups are managed at the infrastructure level. We do not currently offer manual data export beyond the CSV/PDF export features built into the platform.

• Admin tokens — each workspace has a unique admin token. Anyone with this token can access the full workspace. Keep it confidential.
• Share tokens — a separate read-only share token controls survey access. It does not grant admin rights.
• Manager invitations — workspace owners can invite additional managers by email.
• No employee accounts — survey respondents do not create accounts. Their responses are linked to a workspace, not to an individual identity.

Workspace administrators are responsible for ensuring employees are informed that their responses are being collected and processed by an AI system. We recommend disclosing this before distributing the survey link.

Survey responses are anonymous by design — we do not request employee names or personal identifiers. Employees should be advised not to include personally identifying information in free-text responses.

We retain your workspace data for as long as your account is active. To request deletion of your workspace data, contact us at haim@veloai.app. We will process deletion requests within 30 days.

Depending on your jurisdiction, you may have the right to access, correct, or delete personal data we hold about you. To exercise any of these rights, contact us at the email below. We will respond within 30 days.

• All data in transit is encrypted using TLS 1.2 or higher.
• Passwords are hashed using bcrypt and never stored in plaintext.
• Admin tokens are cryptographically random and never logged.
• The Service runs in an isolated container environment with no direct public database access.
• We perform dependency updates regularly to address known vulnerabilities.

If you discover a security vulnerability, please disclose it responsibly by emailing haim@veloai.app. We aim to respond within 48 hours.

The Service uses a minimal session cookie to maintain your authentication state. No third-party tracking cookies or advertising cookies are used.

We may update this policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the Service constitutes acceptance of the updated policy.

Questions, data requests, or security disclosures: haim@veloai.app