Book a Demo

Privacy Policy

1. Introduction

Velyana EnterpriseGPT (“Velyana,” “we,” “our,” or “us”) is committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your data. This Privacy Policy outlines our practices regarding data collection, storage, processing, and protection, as well as your rights and options regarding your personal information. By using Velyana EnterpriseGPT, you acknowledge and agree to the data practices described in this policy.

This policy was last updated on 15th April 2025.

At Velyana, privacy isn't just a feature—it’s a foundational principle. From day one, Velyana EnterpriseGPT was engineered with a privacy-first mindset to meet the highest standards of data protection, security, and compliance. We recognize that our users—especially enterprise organizations—rely on us to handle sensitive data with care, integrity, and transparency.

2. Information We Collect

We collect and process the following types of information to provide, maintain, and improve our services:

2.1. Personal Information

Account Information: When users register, we collect their name, email address, username, password, and other authentication details.
Enterprise Access Credentials: Organizations using Velyana EnterpriseGPT may integrate Single Sign-On (SSO) via Azure Active Directory, which allows access using enterprise credentials.
Billing and Payment Details: For subscription-based users, we collect billing details, including payment methods, transaction history, and invoice details.
Contact Information: Users who contact our support team provide their contact details for communication purposes.

2.2. Usage Data

Platform Interactions: We log users’ interactions, including conversation logs, AI-generated responses, and flagged content for compliance monitoring.
Security Logs: Information related to unauthorized access attempts, policy violations, or flagged interactions is recorded.
IP Address & Device Information: We collect technical data such as IP addresses, device types, operating systems, browser types, session durations, and timestamps.
Tokens Consumption: We track Velyana usage for billing and service allocation purposes.

2.3. Security & Compliance Data

Threat Detection Data: Records of identified threats such as SQL Injection, NoSQL Injection, and unauthorized access attempts.
Content Moderation Logs: Text, images, and file attachments flagged for containing inappropriate, offensive, or policy-violating content.
Sentiment Analysis Records: Analysis of user interactions to classify sentiments as positive, neutral, or negative.
Restricted Topics Data: Logs of users attempting to engage in conversations on restricted topics configured by their organization.

3. Legal Basis for Processing (GDPR Compliance)

We process personal data under applicable data protection laws based on one or more of the following legal bases:

The performance of a contract with you (e.g., providing access to Velyana EnterpriseGPT).
Compliance with a legal obligation (e.g., for tax or regulatory reasons).
Your consent (e.g., for optional analytics or communication).
Legitimate interests (e.g., security monitoring and product improvement) provided such interests are not overridden by your data protection rights.

4. How We Use Your Information

We process your information for the following purposes:

Service Delivery: To provide AI-driven security, compliance, content moderation, and analytics services.
Security & Fraud Prevention: To detect, investigate, and mitigate security threats, fraud, and unauthorized access.
Compliance Monitoring: To enforce content moderation policies, restricted topic rules, and ensure adherence to organizational guidelines.
User Authentication & Access Control: To allow secure login, Single Sign-On (SSO), and role-based access controls.
Subscription & Billing Management: To process payments, issue invoices, manage SEU usage, and notify users of billing updates.
Analytics & Reporting: To provide enterprises with insights into user activity, security trends, and flagged interactions.
User Support & Communication: To respond to inquiries, provide technical support, and notify users of policy or service changes.

5. Data Sharing and Disclosure

We do not sell or rent user data. However, we may share information with:

Service Providers: Third-party vendors who assist in payment processing, security monitoring, analytics, and cloud hosting.
Enterprise Administrators: Organizations using Velyana EnterpriseGPT may have access to platform analytics, security reports, and flagged content logs.
Regulatory Authorities: If required by law, court orders, or governmental regulations, we may disclose data to legal or regulatory authorities.
Security Investigations: In cases of suspected fraud, cyber threats, or security breaches, we may share necessary data with security firms or law enforcement agencies.

6. Sub-Processors

We rely on sub-processors to deliver certain services. A list of sub-processors is available upon request. All sub-processors are contractually bound to implement security measures and comply with applicable data protection laws.

7. Data Security Measures

We implement rigorous security controls, including:

End-to-End Encryption: All data transmissions between users and Velyana EnterpriseGPT are encrypted.
Access Control & Authentication: Role-based access control (RBAC) and multi-factor authentication (MFA) are enforced.
Data Anonymization: Where possible, personal data is anonymized or pseudonymized to enhance privacy.
Continuous Monitoring: Security systems monitor threats in real-time and log any suspicious activity.
Regular Security Audits: Periodic security assessments and compliance checks are conducted to maintain high security standards.

8. Data Breach Notification

In the event of a data breach that may affect your personal data, we will notify you and relevant regulatory authorities as required by applicable laws, including details of the nature of the breach and recommended mitigation steps.

9. Data Retention Policy

We retain user data only as long as necessary for operational and compliance purposes:

User Account Data: Retained for the duration of an active account and up to 30 days after account deletion.
Conversation Logs & Flagged Content: Retained for 30 days after a subscription is canceled or based on customer-configured settings.
Billing & Compliance Records: Maintained as required by financial regulations and corporate governance policies.
Security & Access Logs: Retained for a minimum of 12 months, or longer if required by applicable regulations or specific client contractual terms.
Administrative Action Logs (e.g., rule creation, configuration changes): Retained for up to 24 months to support compliance, audit readiness, and investigation workflows.

Organizations may request extended retention or custom deletion schedules as part of their enterprise contract.

10. User Rights and Control

Users have the following rights regarding their personal data:

Access & Data Portability: Request a copy of stored data in a structured format.
Correction & Deletion: Modify personal details or request deletion of stored data (subject to retention policies).
Restriction of Processing: Opt out of non-essential data processing activities.
Withdraw Consent: Disable optional data collection features at any time.
Objection to Automated Decision-Making: Velyana EnterpriseGPT does not make legally significant decisions based solely on automated processing.

We aim to respond to all valid requests within 30 days. To exercise these rights, contact us at support@velyana.com.

11. Cookies and Tracking Technologies

Velyana EnterpriseGPT uses cookies and analytics tools for:

System Performance Optimization: Tracking errors, session durations, and user engagement.
Security Monitoring: Identifying unauthorized access and preventing threats.
Usage Insights: Providing enterprise administrators with analytics on system usage.

Users can adjust cookie settings via browser preferences.

12. AI Use & Limitations

While Velyana EnterpriseGPT includes advanced AI capabilities, users should be aware:

AI-generated outputs may contain inaccuracies, hallucinations, or biased language.
AI-generated content may contain inaccuracies and should be reviewed by authorized personnel before being used for decision-making.
Organizations are encouraged to configure custom rules, policies, and review flagged content regularly.

13. Children’s Data

Velyana EnterpriseGPT is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information.

14. International Data Transfers

Data may be transferred across different jurisdictions in compliance with applicable data protection laws.

We ensure data protection mechanisms, such as contractual safeguards, are in place for international data transfers.
Clients may request region-specific hosting options to meet data residency requirements.

15. Third-Party Integrations

Velyana may be integrated with third-party tools.

Velyana integrates with external services (e.g., Microsoft Teams, Slack) as per user preferences.
Users acknowledge that external services may have their own data policies.

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

These changes may reflect reflect service enhancements or regulatory changes.
Users will be notified of significant modifications, and continued use of Velyana constitutes acceptance of the revised policy.

17. Contact Information

For privacy-related inquiries or data access requests, contact us at:
support@velyana.com