Veloscint

Legal

Privacy Policy

Effective date: April 28, 2026  ·  Last updated: April 28, 2026

This Privacy Policy explains how Veloscint, LLC (“Veloscint™,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information in connection with our website at veloscint.com (the “Site”) and our Veloscint Flow software (the “Service”). It also describes your rights and how to exercise them.

Quick summary. We collect only what we need to run our website, respond to you, and operate Flow. We don’t sell your personal information. Where we process data on behalf of our customers inside Flow, the customer controls that data — we act as their processor.

On this page

  1. Our role: controller vs. processor
  2. Information we collect
  3. How we use information
  4. Lawful basis (UK/EU)
  5. How we share information
  6. International transfers
  7. Data retention
  8. Security
  9. Your rights
  10. Cookies & tracking
  11. Children’s privacy
  12. Changes to this policy
  13. How to contact us

1. Our role: controller vs. processor

Depending on the interaction, Veloscint acts in one of two roles:

  • Controller for personal information collected about website visitors, prospects, demo requesters, and the administrators and users of our customer organizations. This policy describes those activities.
  • Processor for personal information contained in documents and records that our customers put into Veloscint Flow. Our customer is the controller of that content. Our use of it is governed by our agreement with the customer, not this policy. If you are an end user whose data appears inside a customer’s Flow instance, please direct privacy requests to that customer.

2. Information we collect

2.1 Information you provide directly

  • Contact and demo requests: name, business email, company, job title, and anything you include in your message.
  • Account information (Flow users): name, work email, role, and single sign-on identifiers from your organization’s identity provider (e.g., Microsoft 365® / Microsoft Entra ID®).
  • Support and communications: messages you send us, including any information you choose to include.

2.2 Information collected automatically

  • Usage and device data: IP address, browser type, device identifiers, referring URLs, pages viewed, and timestamps.
  • Cookies and similar technologies: see section 10.
  • Log data from Flow: authentication events, feature usage, and audit-log entries needed to operate and secure the Service.

2.3 Information from third parties

  • Identity providers: when you sign in with Microsoft 365 or another identity provider, we receive basic profile data and group/role memberships needed to authenticate you.
  • Business-data sources: we may enrich business contact information using reputable providers for customer research and outreach, consistent with applicable law.

3. How we use information

  • Operate, secure, and improve the Site and the Service.
  • Respond to demo requests, sales inquiries, and support questions.
  • Provision, authenticate, and manage user accounts in Flow.
  • Send transactional messages (account, security, service notices) and, where permitted, relevant product and marketing communications — you can opt out at any time.
  • Monitor performance, detect abuse, and troubleshoot issues.
  • Comply with our legal obligations and enforce our terms.
  • With your consent or as permitted by law, for any other purpose disclosed to you at the time of collection.

We do not sell personal information, and we do not “share” it for cross-context behavioral advertising as those terms are defined under US state privacy laws.

4. Lawful basis for processing (UK/EU)

If you are in the United Kingdom or European Economic Area, we rely on the following lawful bases under the UK GDPR and EU GDPR:

  • Performance of a contract — to provide the Site and Service to you or the organization you represent.
  • Legitimate interests — to run, secure, and improve our business, respond to inquiries, and market to business contacts — balanced against your rights and freedoms.
  • Consent — where required, for example for non-essential cookies or certain marketing messages. You can withdraw consent at any time.
  • Legal obligation — to comply with applicable laws and regulatory requests.

5. How we share information

We share personal information only as described below:

  • Service providers and subprocessors who help us run our business (for example, cloud hosting, email, analytics, customer support, payment processing). These providers are bound by contract to use personal information only as needed to provide services to us and to protect it appropriately.
  • Your organization. If you use Flow through an employer or customer organization, that organization’s administrators may access, monitor, and manage your account and activity.
  • Legal and safety. When we believe in good faith that disclosure is required by law, legal process, or to protect the rights, property, or safety of Veloscint, our customers, or others.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality terms.

A current list of our subprocessors is available on request.

6. International transfers

Veloscint operates from Johnson City, TN. If you are located outside that region, your personal information may be transferred to, stored in, and processed in countries with different data-protection laws. Where required, we rely on valid transfer mechanisms — for example, the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent safeguards — and take additional measures where necessary to protect your information.

7. Data retention

We keep personal information only as long as needed for the purposes set out in this policy, to meet our legal and contractual obligations, resolve disputes, and enforce our agreements. Typical retention periods include:

  • Prospect and marketing records — for the duration of the relationship plus a reasonable follow-up period.
  • Customer account records — for the term of the customer agreement, plus the period required by law.
  • Support communications — for the period reasonably necessary to handle the request and any follow-up.
  • Audit and security logs — for the period necessary to meet security, compliance, and customer commitments.

When information is no longer needed, we delete, anonymize, or securely archive it.

8. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against loss, misuse, unauthorized access, disclosure, alteration, and destruction. These include access controls, encryption in transit, logging and monitoring, and workforce training. No system is perfectly secure; if we learn of a qualifying incident, we will notify affected parties and regulators as required by law.

9. Your rights

9.1 For everyone

  • Access a copy of the personal information we hold about you.
  • Correct information that is inaccurate or incomplete.
  • Delete information, subject to legal exceptions.
  • Opt out of marketing communications using the unsubscribe link or by contacting us.

9.2 UK / EU residents (GDPR)

In addition, you have the right to:

  • Restrict or object to certain processing, including processing based on legitimate interests.
  • Data portability — receive your data in a structured, commonly used, machine-readable format.
  • Withdraw consent, where processing is based on consent.
  • Lodge a complaint with your supervisory authority. In the UK, that is the Information Commissioner’s Office (ICO). Other EEA residents may contact their national data protection authority.

9.3 US residents (including California)

Depending on your state of residence, you may have the right to know what personal information we collect, request deletion or correction, and opt out of the “sale” or “sharing” of personal information or targeted advertising. As noted above, we do not sell or share personal information in those senses. Where applicable, you may also designate an authorized agent to submit requests on your behalf. We will not discriminate against you for exercising any of these rights.

9.4 How to submit a request

Contact us at privacy@veloscint.com. We will verify your identity before acting, and respond within the time frames required by applicable law.

10. Cookies & tracking

The Site uses cookies and similar technologies to remember your preferences, understand how the Site is used, and improve your experience. We use:

  • Strictly necessary cookies required to operate the Site.
  • Analytics cookies to measure aggregate usage and improve the Site.
  • Preference cookies to remember your choices.

You can control cookies through your browser settings and, where presented, through our cookie banner. Blocking some cookies may affect how the Site functions.

11. Children’s privacy

The Site and Service are not directed to children under 16, and we do not knowingly collect personal information from them. If you believe we have collected such information, please contact us and we will take appropriate steps to delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice (for example, by email or an in-product notice). Your continued use of the Site or Service after an update means you accept the revised policy.

13. How to contact us

For privacy questions or requests, please contact:

Veloscint, LLC

119 Boone Ridge Drive, Ste 201, Johnson City, TN 37615

Email: privacy@veloscint.com