CompanyAgencyCreator

Velvi.ai — Privacy Policy

Enterprise & SOC-2 Oriented

Effective Date: Dec. 22, 2025

Velvi.ai (“Velvi,” “we,” “us,” or “our”) is committed to protecting the confidentiality, integrity, and availability of data entrusted to us. This Privacy Policy explains how we collect, use, store, and protect personal information when providing our services (the “Services”).

1. Scope

This Privacy Policy applies to:

  • The Velvi.ai website
  • Web applications and dashboards
  • APIs and integrations
  • Brand, agency, and creator accounts

It does not apply to third-party services linked or integrated through Velvi.

2. Information We Collect

2.1 Customer-Provided Data

  • Account identifiers (name, email, company)
  • Creator and brand profile information
  • Campaign metadata and preferences
  • Communications and support interactions

2.2 Automatically Collected Data

  • Authentication logs
  • Usage and performance telemetry
  • Device and browser metadata
  • Security audit logs

2.3 Third-Party Data

  • Social platform metadata (when authorized)
  • Payment confirmations from processors (Velvi does not store card numbers)
  • Agency-provided creator rosters (with authorization)

3. Purpose of Processing

Velvi processes data strictly for:

  • Delivering and operating the Services
  • Executing creator-brand collaborations
  • AI-powered recommendations and analytics
  • Security monitoring and abuse prevention
  • Compliance with contractual and legal obligations

Velvi does not sell personal data.

4. Infrastructure & Security Controls

Velvi operates on Google Cloud Platform (GCP) and follows security practices aligned with SOC-2 Trust Services Criteria.

Security Measures Include:

  • Encryption in transit (TLS 1.2+) and at rest
  • Role-based access control (RBAC)
  • Least-privilege access policies
  • Audit logging and monitoring
  • Segregation of production and non-production environments

Access to customer data is limited to authorized personnel with a business need.

5. Data Sharing

We may share data only with:

  1. Subprocessors (e.g., cloud hosting, payments, analytics) under contractual confidentiality and security obligations
  2. Business Counterparties (brands ↔ creators ↔ agencies) strictly for campaign execution
  3. Legal Authorities where required by law
  4. Corporate Transactions (e.g., merger, acquisition), subject to confidentiality safeguards

A subprocessors list is available upon request.

6. Data Retention & Deletion

  • Data is retained only as long as necessary for service delivery or legal compliance
  • Upon account termination, data is deleted or anonymized according to internal retention schedules
  • Customers may request deletion at: privacy@velvi.ai

7. Customer Rights

Depending on jurisdiction, users may request:

  • Access to personal data
  • Correction or update
  • Deletion or restriction
  • Export of data

Requests are handled in accordance with applicable law and security requirements.

8. Incident Response

Velvi maintains an incident response program designed to:

  • Detect security events
  • Contain and remediate incidents
  • Notify affected customers where legally required

9. Updates

Material changes will be communicated via the Services or email. Continued use constitutes acceptance.

10. Contact

contact@velvi.ai
https://www.velvi.ai