Vela Digital
Sign in

Privacy Policy

Last updated: 11 May 2026

This policy explains what personal data we collect when you use the Vela Digital website, talk to our chatbot, or engage us for services, and how we look after it under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Vela Digital is the trading name of Vela Digital Ltd, registered in England and Wales under company number 16943334 at 69 Loose Road, Maidstone, England, ME15 7BY. We are the data controller for personal data we collect through this Site. You can contact our data lead at info@vela-digital.uk.

We are registered with the Information Commissioner's Office (ICO) under registration number [ICO_REGISTRATION].

2. The data we collect

  • Information you give us — your name, email address, company name, and anything else you tell our chatbot or submit when contacting us or signing up for an account.
  • Chatbot transcripts — the messages you send to our AI chatbot and its responses, along with timestamps and a session identifier. Once you create an account, transcripts are linked to it so we can pick up where we left off.
  • Account data — email, hashed password (if set), name, company, and a record of conversations and services tied to your account.
  • Billing data — for paid subscriptions and one-off report purchases: invoice history, subscription state, and payment-method metadata. Card numbers are processed and stored by Stripe; we never see them.
  • AI-generated reports — when you complete a consulting or automation discovery, we generate a tailored report from the conversation. Both the structured findings and the report itself are stored against your account; the report body is gated behind payment.
  • Technical data — IP address, browser type, and basic usage information collected by our hosting platform for security and operational purposes.

3. How we use your data and our lawful basis

  • To run the Site and the chatbot — including rate-limiting and abuse prevention. Lawful basis: legitimate interests in providing a working service.
  • To respond to enquiriesand follow up on chatbot conversations where you've asked us to. Lawful basis: consent and pre-contract steps.
  • To provide the Services you engage us for. Lawful basis: performance of a contract.
  • To send transactional email (e.g. magic-link sign-in, billing receipts). Lawful basis: contract performance.
  • To improve our chatbot and Services. Lawful basis: legitimate interests, balanced against your rights — you can object at any time.
  • To comply with legal obligations (tax, fraud prevention, statutory record-keeping). Lawful basis: legal obligation.

4. Sub-processors

We use the following third-party services to run the Site and our product. Each is bound by a data-processing agreement and processes only what is necessary for its role.

  • Vercel Inc. — hosting, serverless functions, and analytics. Servers in the EU and US.
  • AI model provider (US-based)— provides the large-language model that powers our chatbot. Chatbot transcripts are sent for processing only; under our provider's commercial-API terms, prompts and outputs are not used to train their models. The named provider is available on request — email info@vela-digital.uk.
  • Resend, Inc. — transactional email delivery. Servers in the US and EU.
  • Neon, Inc. — managed Postgres database for account data and chatbot transcripts. Servers in the EU.
  • Stripe, Inc. — payment processing for hosting subscriptions and report unlock fees. Stripe Checkout and Customer Portal are hosted by Stripe; we never see card details. Servers in the EU and US. Stripe is the data controller for payment data.

We update this list when we add or change vendors. International transfers (e.g. to US-based providers) are made under the UK International Data Transfer Agreement (IDTA) or the equivalent Standard Contractual Clauses, with supplementary measures where appropriate.

5. How long we keep your data

  • Chatbot transcripts — 12 months from the date of the last message, unless attached to an active account or a live engagement, in which case for the duration of that relationship plus 12 months.
  • Account data — for the duration of your account and 6 years after closure (to satisfy statutory record-keeping requirements for businesses).
  • Billing data — 6 years to comply with HMRC requirements.
  • Marketing enquiries that do not progress — 12 months from your last contact.

6. Your rights

Under UK GDPR you have the right to:

  • Ask for a copy of the personal data we hold about you.
  • Have inaccurate or incomplete data corrected, or have data deleted in certain circumstances (the “right to erasure”).
  • Restrict or object to our processing, including objecting to processing based on legitimate interests.
  • Withdraw consent where consent is the lawful basis.
  • Receive your data in a portable format and have it transferred to another controller.
  • Complain to the Information Commissioner's Office (ico.org.uk). We'd appreciate the chance to address your concern first, but you have the right to go straight to the ICO.

To exercise any of these rights, email info@vela-digital.uk. We will respond within one month.

7. Cookies

We use a small number of essential cookies and (with your consent) analytics cookies. See our Cookie Policy for details and how to manage your choices.

8. Security

We use HTTPS for all traffic, store passwords as Argon2 hashes, verify webhook signatures, and limit access to production data on a need-to-know basis. No system is bulletproof; if we ever suffer a breach affecting your data, we will notify you and the ICO in line with our statutory duty.

9. Changes to this policy

We may update this policy from time to time. The current version is always available at this URL with the “Last updated” date above. Material changes will be communicated by email to active users where we have your contact details.

10. Contact

Questions or rights requests: email info@vela-digital.uk.