VeloDoc
Buy Credits

Data Processing Agreement

Last updated: February 2025

1. Definitions

  • Data Controller means the customer (you) who determines the purposes and means of the processing of personal data. As the user of VeloDoc, you are the Data Controller in respect of any personal data you upload or direct us to process.
  • Data Processor means VeloDoc, which processes personal data on behalf of and solely in accordance with the instructions of the Data Controller. We act only as a processor in relation to your data.

2. Scope of Processing

VeloDoc processes uploaded documents solely to extract structured data as directed by the user. We do not use your documents for any purpose other than providing the extraction and related services you request. Processing is limited to the duration and scope necessary to deliver those services.

3. Technical & Organizational Measures (TOMs)

We implement technical and organizational measures appropriate to the risk, in line with our security and compliance commitments. For full details, see our Security & Trust page. Key measures include:

  • Encryption at rest: AES-256 for stored data.
  • Encryption in transit: TLS 1.2+ for all data in transit.
  • Access control: Multi-factor authentication (MFA) via Clerk to ensure only authorized users access their documents.

4. Data Subject Rights

Data subjects whose data we process on your behalf may exercise their rights (access, rectification, erasure, restriction, portability, objection) through you as the Data Controller. To support your compliance:

  • Access & export: Users can access and export their extracted data from the VeloDoc dashboard and via downloadable exports (e.g. CSV, Excel).
  • Deletion: You may request deletion of your data held in our Supabase storage and related systems by contacting the Operations Team at support@velodoc.app. We will process such requests in accordance with our data retention and deletion procedures.

5. Sub-processors

We use the following categories of sub-processors to operate VeloDoc. Each is selected with regard to security, compliance, and contractual commitments:

  • Hosting: AWS and Google Cloud (infrastructure and application hosting).
  • Database & storage: Supabase (database and object storage for your documents and extracted data).
  • AI / extraction: OpenAI (powering the AI Architect for document extraction).
  • Authentication: Clerk (user authentication and MFA).