Privacy Policy
Last updated: February 9, 2026
1. Introduction
Velocibid Inc. ("Velocibid," "we," "our," or "us") operates the website velocibid.com and the Velocibid platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Full name and email address
- Organization name and role
- Authentication credentials (password hash or OAuth provider token)
2.2 User Content
When you use the Service, you may upload:
- RFP documents (PDF, Word, Excel)
- Knowledge base materials (proposals, policies, case studies)
- Compliance documents (SOC 2 reports, certificates, insurance)
- Company profile information and credentials
You retain full ownership of all content you upload. We process this content solely to provide the Service to you.
2.3 Usage Data
We automatically collect:
- IP address, browser type, operating system
- Pages visited, features used, time spent
- Referring URL and search terms
- Device identifiers
2.4 Payment Information
Payment processing is handled entirely by Stripe. We never receive, store, or process your credit card number. Stripe's privacy policy applies to payment data: stripe.com/privacy.
3. How We Use Your Information
We use collected information to:
- Provide the Service: Process your documents, generate AI-powered responses, manage your projects and knowledge base
- Improve the Service: Analyze usage patterns, fix bugs, develop new features
- Communicate: Send account notifications, security alerts, product updates, and support responses
- Ensure security: Detect fraud, enforce our terms, and protect the platform
- Comply with law: Meet legal obligations, respond to lawful requests
We do NOT use your uploaded documents to train AI models for other customers. Your proprietary content is used exclusively to serve your account.
4. AI Processing & Sub-Processors
Velocibid uses third-party AI providers to generate responses. When you use AI features, relevant portions of your documents may be sent to these providers for processing. We have Data Processing Agreements (DPAs) with all AI sub-processors.
Our sub-processors include:
| Provider | Purpose | Location |
|---|---|---|
| OpenAI, Google, Anthropic | AI response generation | USA |
| Supabase | Database, authentication, file storage | USA (AWS) |
| Vercel | Application hosting | USA (AWS) |
| Stripe | Payment processing | USA |
| Cloudflare | Bot protection (Turnstile) | Global |
| OAuth authentication, Analytics | USA |
5. Cookies & Tracking
We use the following types of cookies:
- Essential cookies: Required for authentication, session management, and security (cannot be disabled)
- Analytics cookies: Help us understand how users interact with the Service (e.g., Google Analytics)
- Advertising cookies: Used for conversion tracking (e.g., Google Ads) — only on public marketing pages
You can control non-essential cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning.
6. Data Retention
- Account data: Retained for the lifetime of your account plus 30 days after deletion
- Uploaded documents: Retained until you delete them or close your account
- Usage logs: Retained for 12 months, then anonymized
- Payment records: Retained as required by tax and financial regulations (typically 7 years)
- Audit logs: Retained for 24 months
When you delete content or close your account, we remove your data from active systems within 30 days. Backups are purged within 90 days.
7. Data Security
We implement industry-standard security measures:
- Encryption at rest: AES-256 for all stored data
- Encryption in transit: TLS 1.3 for all communications
- Access control: Role-based access, principle of least privilege
- Infrastructure: SOC 2 Type II compliant providers (Supabase, Vercel)
- File storage: Private buckets with signed, time-limited URLs
For more details, see our Security page.
8. Data Sharing & Disclosure
We do not sell your personal information. We may share data only in these circumstances:
- Sub-processors: As described in Section 4, solely to provide the Service
- Legal requirements: When required by law, subpoena, or court order
- Safety: To protect the rights, safety, or property of Velocibid, our users, or the public
- Business transfer: In connection with a merger, acquisition, or sale of assets (with prior notice)
- With your consent: When you explicitly authorize sharing (e.g., public vendor profile)
9. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data ("right to be forgotten")
- Portability: Request your data in a structured, machine-readable format
- Restriction: Request we limit processing of your data
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at support@velocibid.com. We will respond within 30 days.
10. GDPR (European Users)
If you are in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) applies. Our lawful bases for processing are:
- Contract performance: Processing necessary to provide the Service you subscribed to
- Legitimate interest: Improving the Service, ensuring security, preventing fraud
- Consent: Marketing communications, non-essential cookies
- Legal obligation: Tax records, compliance with court orders
Data transfers outside the EEA are protected by Standard Contractual Clauses (SCCs) with all sub-processors.
11. CCPA (California Users)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides additional rights:
- Right to know: What personal information we collect and how we use it
- Right to delete: Request deletion of your personal information
- Right to opt-out: We do not sell personal information, so there is nothing to opt out of
- Non-discrimination: We will not discriminate against you for exercising your rights
12. Children's Privacy
The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 16, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our website at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Email: support@velocibid.com
