VELA/ DPA · GDPR
Home Terms Privacy Request legal contact
Legal

DPA / GDPR

This page summarizes how VELA approaches data processing, controller and processor roles, and GDPR-related requests for customers and prospects.

Last updated 2026-05-15 Business and consumer context
Plain-English summary

VELA acts as a controller for website, account, billing, and support data, and may act as a processor for limited business-customer data where that role is defined in a contract or order form.

Controller and processor roles

For the public website, marketing, onboarding, account creation, billing, and support relationship, VELA generally acts as an independent controller. For certain business services, VELA may act as a processor where a written contract, order form, or enterprise addendum says so.

Processing scope

Where VELA acts as a processor, the subject matter, duration, nature, and purpose of processing are limited to the customer relationship, service delivery, support, abuse prevention, and related infrastructure operations described in the applicable contract.

  • Types of data may include account identifiers, contact details, device or integration metadata, support context, and limited operational telemetry.
  • Categories of data subjects may include customer administrators, customer end users, support contacts, and related personnel defined by the customer relationship.

Technical and organizational measures

VELA applies reasonable technical and organizational measures appropriate to the risk, including access controls, credential management, infrastructure segmentation, change management, abuse prevention, monitoring, and incident response practices. Specific measures may evolve over time as the platform changes.

Subprocessors and international transfers

VELA may use payment processors, infrastructure providers, support tooling, communication platforms, and other vendors needed to deliver the service. Where personal data is transferred internationally, VELA uses appropriate safeguards where required, such as contractual commitments and provider controls.

GDPR requests

If you are a data subject, you may request access, correction, deletion, restriction, portability, or objection where applicable. If you are a business customer seeking a DPA, subprocessor information, or contractual review, contact legal and include the relevant company and service details.

Important: If VELA acts only as a processor for a given data set, requests may need to be routed through the relevant controller customer first.

Contact