Your Data Security is our
Highest Priority
Velocibid is built on world-class infrastructure to ensure your intellectual property remains private, secure, and available.
Encryption Everywhere
All data is encrypted at rest using AES-256 and in transit via TLS 1.3. Your documents are stored in private buckets accessible only via signed, time-limited URLs.
Secure Infrastructure
We rely on compliance-certified providers. Our database and auth are powered by Supabase (SOC 2 Type II), and hosted on Vercel (SOC 2, ISO 27001).
PCI-Compliant Payments
Payment processing is handled entirely by Stripe. Velocibid never stores or touches your credit card information.
How We Handle Your Data with AI
Transparency about how your documents are processed by AI is critical. Here's exactly what happens.
No Model Training on Your Data
Your uploaded documents are never used to train AI models for other customers. We use AI provider APIs (OpenAI, Google, Anthropic) with data processing agreements that explicitly prohibit using customer data for model training.
Minimal Data Transmission
Only the relevant portions of your documents needed for a specific AI operation are sent to our AI provider. Full documents are never transmitted in bulk.
Encrypted in Transit
All communication with AI providers uses TLS 1.3 encryption. Data is never sent in plaintext.
No Data Retention by AI Provider
Under our agreements with AI providers, API input and output data is retained for a maximum of 30 days for abuse monitoring, then permanently deleted. No customer data is stored permanently by any AI provider.
Control who sees what.
Security isn't just about hackers; it's about internal controls. We provide tools to manage your team's access.
Role-Based Access Control (RBAC)
Assign Admin, Editor, or Viewer roles to ensure team members only access what they need.
Audit Logs
Track every sensitive action. See exactly who created a project, invited a member, or approved content, with timestamps and IP logs.
Compliance Vault
Centralize your compliance documents (ISO certs, SOC 2 reports, insurance, NDAs) with expiry tracking, access levels, and a public trust profile for evaluators.
Vendor Trust Profile
Share a public-facing trust page with evaluators that showcases your certifications, insurance, and compliance posture — no emailing ZIP files.
Infrastructure & Compliance
Every layer of our stack is built on compliance-certified providers.
| Layer | Provider | Certifications |
|---|---|---|
| Application Hosting | Vercel | SOC 2 Type II, ISO 27001 |
| Database & Auth | Supabase (AWS) | SOC 2 Type II, HIPAA eligible |
| AI Processing | OpenAI, Google, Anthropic | SOC 2 Type II, DPA available |
| Payments | Stripe | PCI DSS Level 1, SOC 2 |
| Bot Protection | Cloudflare | SOC 2, ISO 27001, FedRAMP |
| Google Workspace (Gmail) | SOC 2, ISO 27001, FedRAMP |
Responsible Disclosure
We value the security research community and welcome responsible disclosure of vulnerabilities.
If you discover a security vulnerability in Velocibid, please report it responsibly:
- Email support@velocibid.com with details
- Allow us reasonable time to investigate and address the issue before public disclosure
- Do not access, modify, or delete data belonging to other users
- Do not perform denial-of-service attacks
We commit to acknowledging reports within 48 hours and providing a resolution timeline within 5 business days.
Have a security question?
Contact our security team at support@velocibid.com or start your free trial to see our controls in action.
