Privacy Policy

Privacy for gateway traffic, accounts, and operations.

This policy explains how Velrix collects, uses, shares, retains, and protects information when you visit our site, manage a dashboard account, or send requests through the Velrix AI gateway.

Request data

Prompts, files, code snippets, and model outputs are processed only to route and complete API requests unless you enable optional logging.

No sale of data

Velrix does not sell personal information and shares it only with infrastructure, payment, analytics, legal, and model provider partners when needed.

Account control

You can request access, correction, deletion, export, or restriction of personal data subject to legal retention duties.

1. Information We Collect

Information you provide

When you create an account, configure a workspace, purchase credits, open a support request, or communicate with us, we may collect account identifiers such as your email address, name, organization name, password credentials, billing details, transaction records, and the content of your messages to us.

API inputs and outputs

When you use the Velrix gateway, our systems process the prompts, files, code snippets, tool payloads, metadata, and generated responses involved in your API calls. If those materials contain personal data, that data is treated as information covered by this policy.

Automatically collected data

We collect technical and operational data such as IP address, browser and device details, operating system, timezone, request path, response status, latency, token counts, error codes, clickstream events, and security logs so we can operate, protect, and improve the service.

2. Cookies and Similar Technologies

Essential cookies

Essential cookies keep sessions active, secure authentication flows, protect payment steps, remember security state, keep CSRF protection working, and support core dashboard functionality. Examples include authentication/session cookies, CSRF token cookies, pending signup state, and the cookie we use to remember your consent choices.

Preference cookies

We use preference cookies and similar storage to remember language, theme, sidebar layout, workspace settings, and other non-essential choices on this device.

Analytics cookies

We may use privacy-conscious analytics cookies or similar tools to understand aggregate product usage, diagnose issues, and improve performance. We do not use them to personalize advertising.

Marketing cookies

If enabled, marketing cookies can connect visits with product announcements and campaign performance. These are optional and only run when you allow them.

Managing choices

You can accept all, reject optional cookies, or customize your choices from the Cookie Preferences link in the footer at any time. Necessary cookies stay on. We store your choice in localStorage and a first-party cookie for up to one year, or until you clear it or change it.

3. How We Use Information

Service delivery

We use information to authenticate users, route requests to model providers, return responses, calculate token usage, enforce quotas, process billing, send operational notices, and support account recovery.

Security, reliability, and compliance

We analyze traffic patterns, rate limits, abuse signals, and audit events to prevent fraud, DDoS activity, credential misuse, scraping, illegal content generation, and violations of our service terms. We may also process data to meet tax, accounting, audit, and legal obligations.

Model training

Velrix does not use your API inputs or outputs to train foundation models. We do not persist request content for training unless you explicitly enable a feature such as history, debugging, or logging that stores request details for your own operational use.

4. Sharing and Disclosure

Model providers

Because Velrix is a gateway and routing layer, we transmit request inputs and related metadata to the upstream model providers needed to fulfill your chosen model call. Those providers process transferred data under their own terms and privacy policies.

Service providers

We work with trusted vendors for cloud hosting, infrastructure, observability, support tooling, payments, fraud prevention, and analytics. They may access information only to perform contracted services for Velrix and must protect it under confidentiality and security obligations.

Legal, safety, and business transfers

We may disclose information when we believe it is necessary to comply with law, respond to lawful requests, enforce our terms, protect rights and safety, investigate abuse, or complete a merger, acquisition, financing, reorganization, or asset transfer.

5. Your Rights and Choices

Access, correction, deletion, and portability

Depending on your jurisdiction, you may have the right to request a copy of personal data, correct inaccurate data, delete account data, receive a portable export, or restrict certain processing.

Consent and marketing choices

Where processing depends on consent, you may withdraw that consent. You can opt out of non-essential communications through the provided unsubscribe controls or by contacting us.

Submitting requests

Send privacy requests to privacy@velrix.ai. We may need to verify your identity and account authority before completing the request.

6. Data Retention

Operational records

We keep personal data only as long as needed for the purposes described in this policy, including account operation, security, billing, tax, audit, dispute resolution, and legal compliance. Access logs, security logs, and network operations records are retained according to applicable law, local regulatory requirements, and security needs.

Request content

API inputs and outputs are normally processed transiently to complete requests. Detailed content is not stored in the database unless you enable history, debugging, logging, or another feature that intentionally retains it.

Deletion timing

After an account deletion request, we aim to delete or anonymize eligible personal information within 30 days. Backups and legally retained records may take longer to expire from all systems.

7. Security

Safeguards

We use technical and organizational controls such as TLS, encryption where appropriate, scoped access, audit logging, credential protection, and least-privilege workflows to reduce the risk of unauthorized access, loss, or misuse.

Shared responsibility

No internet service can guarantee absolute security. You are responsible for protecting account credentials, API keys, secrets, and workspace permissions. Report suspected security issues to security@velrix.ai.

Restricted materials

Do not submit state secrets, classified information, or other materials subject to statutory or contractual secrecy obligations unless you are expressly authorized to do so. Velrix is not designed for secret materials, and where legally permitted we may reject, delete, or restrict such content.

8. International Transfers

Cross-border processing

Velrix and its service providers may process and store information in the United States and other countries. Where required, we rely on appropriate safeguards such as standard contractual clauses or equivalent transfer mechanisms.

9. Regional Availability and Unsupported Jurisdictions

Current availability

Velrix is not currently offered for users located in mainland China. The same may apply to other jurisdictions where local law, government requirements, sanctions, infrastructure limits, or upstream provider policies prevent us from operating the service reliably and lawfully.

Personal information from unsupported jurisdictions

Do not use the service from an unsupported jurisdiction or submit personal information, prompts, files, tool payloads, or logs from individuals in unsupported jurisdictions unless Velrix has approved that use in writing and the required legal basis, notices, consents, and safeguards are in place.

Service restrictions

We may block traffic, reject registrations, suspend accounts, preserve logs, or limit processing when we identify use from unsupported jurisdictions, regulatory restrictions, unlawful activity, or upstream provider limitations.

10. Children's Privacy

Age restrictions

Velrix is intended for users who are at least 18 years old. We do not knowingly collect personal information from children under 14. If you believe a child has provided personal information to us, contact us so we can take appropriate action.

11. Updates and Contact

Policy changes

We may update this policy to reflect changes in our service, legal requirements, or privacy practices. Material changes will be communicated by email or a prominent in-product notice, and the updated policy applies from its effective date.

Contact

For privacy questions, requests, or complaints, contact Velrix at privacy@velrix.ai or support@velrix.ai. This policy is governed by the laws of the State of Delaware, excluding conflict-of-law rules, but it does not limit rights you have under mandatory privacy laws that apply to you.

Privacy questions

Contact us for access requests, deletion requests, data export, or questions about how gateway data is handled.

Contact privacy