Privacy Policy
Last updated: June 9, 2026
POPIA Compliance: This privacy policy complies with the Protection of Personal Information Act 4 of 2013 (POPIA).
1. Introduction
Velox AI Systems (Pty) Ltd ("we", "us", "our", "Responsible Party") respects your privacy and is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA).
This privacy policy explains:
- What personal information we collect
- How we collect it
- Why we collect it
- How we use, store, and protect it
- Your rights as a data subject
- How to contact us or the Information Regulator
2. Information Officer
In terms of POPIA, we have appointed an Information Officer:
3. What Personal Information We Collect
We may collect the following types of personal information:
3.1 Information You Provide Directly
- Contact Information: Name, email address, phone number
- Business Information: Company name, website URL, industry
- Communication Data: Messages, inquiries, feedback you send us
- Transaction Information: Payment details, billing address (processed securely)
3.2 Information Collected Automatically
- Usage Data: Pages visited, time spent, clicks, navigation patterns
- Technical Data: IP address, browser type, device information, operating system
- Cookie Data: See our Cookie Policy below
3.3 Information from Third Parties
- WhatsApp Business API (with your consent)
- Google Calendar (with your authorization)
- CRM integrations (with your authorization)
4. Legal Basis for Processing (POPIA Condition 2)
We process personal information based on the following legal grounds:
- Consent: You have given clear consent for us to process your personal information
- Contract: Processing is necessary for a contract we have with you
- Legal Obligation: Processing is necessary for us to comply with the law
- Legitimate Interest: Processing is necessary for our legitimate interests (e.g., improving services)
5. How We Use Your Information (POPIA Condition 3)
We use your personal information for the following purposes:
- To provide our services and fulfill our contractual obligations
- To communicate with you about your account, services, and support
- To process payments and send invoices
- To improve our website, products, and services
- To send marketing communications (with your consent)
- To comply with legal obligations
- To protect our rights and prevent fraud
6. Consent
Where we rely on consent as the legal basis for processing:
- Consent must be freely given, specific, informed, and unambiguous
- You have the right to withdraw consent at any time
- Withdrawing consent does not affect the lawfulness of processing before withdrawal
- To withdraw consent, contact us at zander@veloxai.co.za
7. Data Sharing and Third Parties
We do not sell, trade, or rent your personal information. We may share your data with:
7.1 Service Providers
- Hosting providers (Netlify)
- Payment processors
- Email service providers
- Analytics providers
7.2 Legal Requirements
- When required by law or court order
- To protect our rights, property, or safety
- To prevent fraud or illegal activity
7.3 Business Transfers
If Velox AI is acquired or merged, your information may be transferred to the new owner.
8. Cross-Border Transfers (POPIA Section 72)
Your personal information may be transferred to and processed in countries outside South Africa:
- Our hosting provider (Netlify) operates globally
- WhatsApp/Meta processes data internationally
- Google services may process data outside SA
We ensure that any cross-border transfers comply with POPIA Section 72 by:
- Using service providers in jurisdictions with adequate data protection laws, OR
- Implementing appropriate safeguards (standard contractual clauses)
9. Data Security (POPIA Condition 7)
We implement appropriate technical and organizational measures to protect your personal information:
- SSL/TLS encryption for all data transmission
- Secure hosting infrastructure
- Access controls and authentication
- Regular security assessments
- Staff training on data protection
However, no internet transmission is completely secure. We cannot guarantee absolute security.
10. Data Retention
We retain personal information only for as long as necessary:
- Active clients: For the duration of the service agreement plus 5 years
- Prospective clients: For 2 years from last contact
- Marketing contacts: Until consent is withdrawn
- Legal requirements: As required by applicable law
11. Your Rights as a Data Subject (POPIA Section 23)
You have the following rights under POPIA:
11.1 Right of Access
You have the right to request a copy of the personal information we hold about you.
11.2 Right to Correction
You have the right to request that we correct any inaccurate or incomplete personal information.
11.3 Right to Deletion
You have the right to request deletion of your personal information where:
- It is no longer necessary for the purpose collected
- You withdraw consent
- You object to processing
- It was unlawfully processed
11.4 Right to Object
You have the right to object to processing of your personal information for direct marketing purposes.
11.5 Right to Restrict Processing
You have the right to request restriction of processing in certain circumstances.
11.6 Right to Data Portability
You have the right to receive your personal information in a structured, commonly used format.
11.7 How to Exercise Your Rights
To exercise any of these rights, contact us at:
12. Cookies and Tracking
We use cookies and similar technologies to:
- Remember your preferences
- Analyze website traffic and usage
- Improve our website and services
12.1 Types of Cookies We Use
- Essential cookies: Required for the website to function
- Analytics cookies: Help us understand how visitors interact with our website
- Marketing cookies: Used to deliver relevant advertisements
12.2 Cookie Consent
By using our website, you consent to our use of cookies. You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.
12.3 Third-Party Cookies
We may use third-party services that place cookies:
- Google Analytics
- Netlify analytics
13. Children's Privacy
Our services are not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
14. Data Breaches
In the event of a personal data breach:
- We will notify the Information Regulator within 72 hours of becoming aware
- We will notify affected data subjects without undue delay
- We will take all necessary steps to mitigate the breach
15. Changes to This Privacy Policy
We may update this privacy policy from time to time. We will:
- Post the updated policy on this page
- Update the "Last updated" date
- Notify you of significant changes via email
16. Complaints
If you believe we have violated your privacy rights, you have the right to complain to:
17. Contact Us
For any privacy-related questions or concerns: