Privacy Policy – Vellora Ops | UK GDPR Compliance

1. Who We Are

Vellora Ops Ltd ("we", "us", or "our") is a company registered in Scotland, providing cloud-based IT Service Management (ITSM) solutions.

Company nameVellora Ops Ltd

Company numberSC864617

Registered officeOffice 110, 18 Young St, UNIT LGE, Edinburgh, EH2 4JB, Scotland

Emailprivacy@vellora-ops.com

Websitewww.vellora-ops.com

ICO RegistrationPending ICO Registration Number

We are committed to protecting your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. How We Collect Personal Data

We collect and process personal information when you:

Register for or use the Vellora Ops platform
Contact us for support or general enquiries
Enter into a contract or subscription with us
Access our website or portals

We collect information directly from you and, in some cases, from third-party integrations such as payment or authentication providers.

3. Types of Personal Data We Process

Category	Examples	Purpose
Account Information	Name, email, organisation, login credentials	To create and manage your account
Billing & Subscription	Payment details (via Stripe), billing address	To manage payments, subscriptions, and invoices
Support Communications	Emails, chat logs, support tickets	To respond to support and technical requests
Technical Data	IP address, browser type, session activity	For service performance and security monitoring
Tenant Data	Information entered into your tenant environment	Processed as a data processor on your behalf

We do not collect special category data such as health, ethnicity, or biometric data.

4. Legal Basis for Processing

Purpose	Lawful Basis
Platform and service operation	Performance of a contract
Account and billing management	Performance of a contract
Support and communications	Legitimate interest
Security monitoring and audit logs	Legitimate interest
Compliance with legal obligations	Legal obligation

We will obtain your consent if we ever introduce optional analytics or marketing communications.

5. How We Use Personal Data

We use the data we collect to:

Deliver and improve our platform and services
Authenticate users and protect against unauthorised access
Process and manage billing
Provide support and technical assistance
Comply with our legal and regulatory obligations

We do not sell or rent your personal data to any third party.

6. Data Hosting and Security

All data is stored within Microsoft Azure UK South data centres. We apply multiple layers of protection including:

Encryption in transit (TLS 1.2+) and at rest (AES-256)
Azure Role-Based Access Control (RBAC)
Row-Level Security (RLS) for tenant isolation
Continuous security monitoring and audit logging

7. Subprocessors

Subprocessor	Purpose	Location
Microsoft Azure	Cloud infrastructure and hosting	United Kingdom
Stripe Payments UK Ltd	Payment processing	United Kingdom / EEA

All subprocessors are bound by Data Processing Agreements ensuring GDPR compliance and equivalent security standards.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy or to comply with legal obligations.

Account data: retained for the duration of your contract and 12 months after termination
Billing records: retained for up to 7 years (legal requirement)
Support data: retained for up to 24 months

You may request earlier deletion where applicable (see Section 9).

9. Your Rights

Under UK GDPR, you have the right to:

Access

Receive a copy of your data

Rectify

Correct inaccurate data

Erase

Right to be forgotten

Restrict

Limit how we process data

Object

Challenge certain uses

Port

Transfer data to another provider

To exercise these rights, contact privacy@vellora-ops.com. We may require verification before processing a request.

10. Data Transfers

We do not transfer personal data outside the UK. If future transfers are required, we will ensure adequate safeguards such as the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs).

11. Cookies and Analytics

We currently do not use analytics or tracking cookies beyond essential session management required for the operation of our services. If analytics are introduced in the future, this policy and our cookie banner will be updated accordingly.

12. Children's Privacy

Our services are not directed to individuals under 16 years of age, and we do not knowingly collect data from minors.

13. Data Protection Contact

For any data protection or privacy questions, you can contact us at:

privacy@vellora-ops.com

If you are unsatisfied with our response, you may contact the UK Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint

14. Changes to This Policy

We may update this Privacy Policy periodically. The latest version will always be published on our website and marked with an updated version number and effective date.