Privacy Policy

Last updated: April 6, 2026

1. Information We Collect

VelaOS collects the minimum data necessary to provide endpoint management services: account information (email, name, organization), device telemetry (hardware health metrics, network status, installed applications), and usage data (admin actions logged in the audit trail).

2. How We Use Your Data

Device health data is used solely for fleet monitoring and alerting. Account data is used for authentication and authorization. Audit logs are maintained for compliance and security forensics. We do not sell, share, or monetize your data.

3. Data Storage and Security

All data is stored in Supabase (PostgreSQL) with row-level security enforcing tenant isolation. No organization can access another's data. All connections use TLS 1.3. Device-to-cloud communication uses MQTT over TLS. Passwords are managed by Supabase Auth with bcrypt hashing.

4. Data Retention

Device health telemetry: 90 days. Audit logs: 1 year. Diagnostic bundles (logs, screenshots): 30 days, then automatically deleted. Account data: retained until account deletion.

5. Your Rights (GDPR)

You may request access to, correction of, or deletion of your personal data at any time by contacting hello@velaos.ch. We will respond within 30 days. You may also export your data in machine-readable format.

6. Contact

For privacy inquiries: hello@velaos.ch