This policy explains how Velrix collects, uses, shares, retains, and protects information when you visit our site, manage a dashboard account, or send requests through the Velrix AI gateway.
May 23, 2026
Prompts, files, code snippets, and model outputs are processed only to route and complete API requests unless you enable optional logging.
Velrix does not sell personal information and shares it only with infrastructure, payment, analytics, legal, and model provider partners when needed.
You can request access, correction, deletion, export, or restriction of personal data subject to legal retention duties.
When you create an account, configure a workspace, purchase credits, open a support request, or communicate with us, we may collect account identifiers such as your email address, name, organization name, password credentials, billing details, transaction records, and the content of your messages to us.
When you use the Velrix gateway, our systems process the prompts, files, code snippets, tool payloads, metadata, and generated responses involved in your API calls. If those materials contain personal data, that data is treated as information covered by this policy.
We collect technical and operational data such as IP address, browser and device details, operating system, timezone, request path, response status, latency, token counts, error codes, clickstream events, and security logs so we can operate, protect, and improve the service.
Essential cookies keep sessions active, secure authentication flows, protect payment steps, remember security state, keep CSRF protection working, and support core dashboard functionality. Examples include authentication/session cookies, CSRF token cookies, pending signup state, and the cookie we use to remember your consent choices.
We use preference cookies and similar storage to remember language, theme, sidebar layout, workspace settings, and other non-essential choices on this device.
We may use privacy-conscious analytics cookies or similar tools to understand aggregate product usage, diagnose issues, and improve performance. We do not use them to personalize advertising.
If enabled, marketing cookies can connect visits with product announcements and campaign performance. These are optional and only run when you allow them.
You can accept all, reject optional cookies, or customize your choices from the Cookie Preferences link in the footer at any time. Necessary cookies stay on. We store your choice in localStorage and a first-party cookie for up to one year, or until you clear it or change it.
We use information to authenticate users, route requests to model providers, return responses, calculate token usage, enforce quotas, process billing, send operational notices, and support account recovery.
We analyze traffic patterns, rate limits, abuse signals, and audit events to prevent fraud, DDoS activity, credential misuse, scraping, illegal content generation, and violations of our service terms. We may also process data to meet tax, accounting, audit, and legal obligations.
Velrix does not use your API inputs or outputs to train foundation models. We do not persist request content for training unless you explicitly enable a feature such as history, debugging, or logging that stores request details for your own operational use.
Because Velrix is a gateway and routing layer, we transmit request inputs and related metadata to the upstream model providers needed to fulfill your chosen model call. Those providers process transferred data under their own terms and privacy policies.
We work with trusted vendors for cloud hosting, infrastructure, observability, support tooling, payments, fraud prevention, and analytics. They may access information only to perform contracted services for Velrix and must protect it under confidentiality and security obligations.
We may disclose information when we believe it is necessary to comply with law, respond to lawful requests, enforce our terms, protect rights and safety, investigate abuse, or complete a merger, acquisition, financing, reorganization, or asset transfer.
Depending on your jurisdiction, you may have the right to request a copy of personal data, correct inaccurate data, delete account data, receive a portable export, or restrict certain processing.
Where processing depends on consent, you may withdraw that consent. You can opt out of non-essential communications through the provided unsubscribe controls or by contacting us.
Send privacy requests to privacy@velrix.ai. We may need to verify your identity and account authority before completing the request.
We keep personal data only as long as needed for the purposes described in this policy, including account operation, security, billing, tax, audit, dispute resolution, and legal compliance. Access logs, security logs, and network operations records are retained according to applicable law, local regulatory requirements, and security needs.
API inputs and outputs are normally processed transiently to complete requests. Detailed content is not stored in the database unless you enable history, debugging, logging, or another feature that intentionally retains it.
After an account deletion request, we aim to delete or anonymize eligible personal information within 30 days. Backups and legally retained records may take longer to expire from all systems.
We use technical and organizational controls such as TLS, encryption where appropriate, scoped access, audit logging, credential protection, and least-privilege workflows to reduce the risk of unauthorized access, loss, or misuse.
No internet service can guarantee absolute security. You are responsible for protecting account credentials, API keys, secrets, and workspace permissions. Report suspected security issues to security@velrix.ai.
Do not submit state secrets, classified information, or other materials subject to statutory or contractual secrecy obligations unless you are expressly authorized to do so. Velrix is not designed for secret materials, and where legally permitted we may reject, delete, or restrict such content.
Velrix and its service providers may process and store information in the United States and other countries. Where required, we rely on appropriate safeguards such as standard contractual clauses or equivalent transfer mechanisms.
Velrix is not currently offered for users located in mainland China. The same may apply to other jurisdictions where local law, government requirements, sanctions, infrastructure limits, or upstream provider policies prevent us from operating the service reliably and lawfully.
Do not use the service from an unsupported jurisdiction or submit personal information, prompts, files, tool payloads, or logs from individuals in unsupported jurisdictions unless Velrix has approved that use in writing and the required legal basis, notices, consents, and safeguards are in place.
We may block traffic, reject registrations, suspend accounts, preserve logs, or limit processing when we identify use from unsupported jurisdictions, regulatory restrictions, unlawful activity, or upstream provider limitations.
Velrix is intended for users who are at least 18 years old. We do not knowingly collect personal information from children under 14. If you believe a child has provided personal information to us, contact us so we can take appropriate action.
We may update this policy to reflect changes in our service, legal requirements, or privacy practices. Material changes will be communicated by email or a prominent in-product notice, and the updated policy applies from its effective date.
For privacy questions, requests, or complaints, contact Velrix at privacy@velrix.ai or support@velrix.ai. This policy is governed by the laws of the State of Delaware, excluding conflict-of-law rules, but it does not limit rights you have under mandatory privacy laws that apply to you.
Contact us for access requests, deletion requests, data export, or questions about how gateway data is handled.
