Last updated: April 14, 2026

Privacy Policy

How we collect, use, and protect personal data when you use velocity-systems.eu or work with us. GDPR-aligned.

Summary

  • We collect the minimum data needed to respond to you and run the service
  • No ads, no data sales, no cross-site tracking
  • Analytics are cookie-free (Plausible)
  • Client data stays on client infrastructure; we do not train models on it
  • EU/UK residents have GDPR rights including access and deletion

Who we are

The data controller is 9512624 Canada Ltd., operating as Velocity Systems, Ontario, Canada. Contact: david@velocity-systems.eu.

What we collect and why

When you visit the website

We use Plausible Analytics (hosted in the EU by Plausible Insights OÜ, Estonia). Plausible is cookie-free and does not collect personal data. We see aggregated page views, referrers, and coarse country-level location. We do not set advertising or cross-site tracking cookies.

When you book a call

Appointment booking is handled by Cal.com, Inc. Data collected: name, email, time zone, and any context you enter. Legal basis: our legitimate interest in preparing the meeting and, where applicable, pre-contractual steps at your request.

When you subscribe to the newsletter

Newsletter delivery is handled by Resend, Inc. Data collected: your email address and, optionally, your name. Legal basis: your explicit consent. You can unsubscribe from any email via the one-click link at the bottom.

When you become a client

In the context of a client engagement, we process:

  • Business context you share during discovery (workflows, pain points, success metrics)
  • Named contacts (names, business emails, roles) for project communication
  • Temporary technical access to systems you authorise us to build on
  • Billing information (company name, address, VAT/GST number where applicable)

Legal basis: performance of a contract.

What we do not collect

  • Browsing history across other websites
  • Social media activity or profile data
  • Data from your personal devices
  • Sensitive categories of data (health, political opinions, biometrics, etc.)

Client data and AI models

Agents built for clients run on the client's own infrastructure (on-premise or private EU cloud). Client data is not copied to our systems outside what is strictly necessary to debug or deliver the engagement, and it is deleted when the engagement ends.

No client data is used to train public AI models. Where we route inference through third-party model providers (Anthropic, OpenAI, Google, Mistral, etc.), we use enterprise endpoints with zero-retention or no-training terms where available.

Sub-processors

We rely on the following sub-processors. Each is contractually bound to appropriate data-protection terms.

Vercel Inc.
Hosting and CDN (United States)
Plausible Insights OÜ
Analytics (Estonia, EU)
Cal.com, Inc.
Appointment booking (United States / EU region)
Resend, Inc.
Transactional and newsletter email (United States)
Anthropic, OpenAI, Google, Mistral, AWS, Microsoft Azure
AI model inference (routed only when an engagement requires it; zero-retention endpoints where available)

International transfers

We are based in Canada, which benefits from a partial adequacy decision from the European Commission for commercial data. Transfers to U.S.-based sub-processors (Vercel, Cal.com, Resend, OpenAI, etc.) rely on Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework.

Retention

  • Newsletter subscribers: until you unsubscribe, then a 30-day delay before full deletion
  • Prospect and call context: 24 months after the last interaction
  • Client project records: 7 years after project end (Canadian tax requirement)
  • Analytics: Plausible retains aggregated metrics for 24 months

Your rights

Under GDPR (EU/UK), PIPEDA (Canada), and comparable laws, you can:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data (subject to legal retention obligations)
  • Object to processing or request restriction
  • Port your data to another controller
  • Withdraw consent at any time
  • Lodge a complaint with your local supervisory authority (CNIL in France, ICO in the UK, Data Protection Commission in Ireland, Office of the Privacy Commissioner in Canada)

To exercise any of these rights, email david@velocity-systems.eu. We respond within 30 days, usually faster.

Security

  • All traffic over HTTPS / TLS
  • Credentials managed via an encrypted password manager
  • Two-factor authentication on all internal accounts
  • Access to client systems is time-scoped and revocable by the client
  • No storage of sensitive client data on personal devices

Cookies

This site does not use advertising or analytics cookies. We may use a single strictly necessary cookie to remember your language preference. No consent banner is required under ePrivacy guidance for strictly necessary cookies.

Changes

Material changes to this policy will be announced to newsletter subscribers and reflected in the "Last updated" date at the top. Minor fixes (typos, clarifications) will not trigger a notification.

Contact

Questions, complaints, or data-rights requests: david@velocity-systems.eu.