Velsia Privacy Policy

Last updated: 26 Sep 2025

Velsia helps SDRs and sales coaches improve live and recorded sales conversations with AI-assisted analysis and coaching. We take privacy seriously and design our systems to minimize the personal data we collect, give you control over it, and protect it with strong security enforced by trusted partners.

1) Who we are

Velsia, Inc. ("Velsia", "we", "us") provides call-analysis and coaching tools for sales teams and independent coaches. This policy explains how we process personal data when you visit our sites, use our products, or interact with us.

Contact (privacy): privacy@velsia.ai
EU/UK representatives & DPO: listed on our Security & Privacy page.

2) What we process (by feature)

We aim for data minimization and allow admins to configure what's collected.

  • Account & workspace data: name, email, role, company, team, authentication and audit logs.
  • Call media & metadata (if enabled): audio/video files, transcripts, speaker labels, timestamps, call duration, dialer IDs, meeting titles.
  • Coaching artifacts: scores, checklists, quotes with timestamps, comments, recommendations.
  • Integrations (optional): calendar, dialer/CCaaS/CRM IDs, meeting participants, tags.
  • Telemetry (product analytics): feature usage, device/browser info, performance metrics.
  • Support communications: messages you send us, satisfaction ratings.
  • Cookies/SDKs: strictly necessary cookies; optional analytics with controls (see Cookies).
  • Sensitive data: We do not intend to collect special category data. Admins can enable PII redaction and topic filters to automatically mask sensitive fields in transcripts.

3) How we use data (purposes & legal bases)

  • Provide the service: create accounts, analyze calls, generate scores, and surface coaching insights. (Contract necessity / Legitimate interests)
  • Model-assisted analysis: transform audio to text; extract signals (e.g., agenda set, discovery depth, decision mapping); attach verbatim quotes + timestamps. (Contract necessity / Legitimate interests)
  • Product improvement & safety: quality, benchmarking, abuse prevention, threat detection. We use aggregated or de-identified data wherever possible. (Legitimate interests)
  • Customer support & communications: respond to requests; service notifications. (Contract necessity / Legitimate interests)
  • Legal & compliance: security, audits, billing, enforcing terms. (Legal obligation / Legitimate interests)
  • Your choice on training: By default, customer content is not used to train public foundation models. Admins can opt in to (a) workspace-only fine-tuning or (b) anonymized, aggregated learning to improve scoring quality. Choices are visible in Admin → Data Controls.

4) Agentic AI safeguards (what's unique here)

Because our AI can plan multi-step analyses and use external tools, we apply additional controls:

  • Scope & permissions: the agent only accesses tools you connect (e.g., your dialer or meeting provider) under least-privilege API scopes.
  • Human oversight by design: scores and recommendations are assistive; coaches/managers remain in control. No fully automated adverse decisions.
  • Explainability: every ✅ is supported with a verbatim quote and timestamp, so reviewers can see exactly why something scored.
  • Alignment & policy guardrails: prompt-injection defenses, output filters, and allow/deny lists prevent unauthorized tool actions or data exfiltration.
  • Accuracy notes: LLMs can err. We display confidence signals and provide easy "flag and correct" tools. Corrections flow back to improve your workspace model.
  • Telemetry boundaries: we collect only what's needed to secure and improve the service; admin controls let you limit or disable diagnostics where permitted.

5) Security & compliance

We partner with a leading security provider to deliver enterprise-grade protections enforced by SOC 2 Type II controls, 256-bit encryption, GDPR-aligned processing, and 99.9% uptime. We combine their certified infrastructure with our own application-level controls (role-based access, SSO/SCIM, audit trails, IP allowlists, and customer-managed retention). See Security & Privacy for reports and partner attestations.

6) Data retention (script-only workflow)

  • Uploaded scripts (text only): We currently accept scripts/transcripts you upload (e.g., TXT, DOCX, PDF). We do not ingest audio/video files and do not provide a service to convert audio/video to text. Default retention: 180 days (admin-configurable: 30–365+ days) or for the duration of your subscription, whichever is shorter. Admins can set workspace-level rules to shorten or extend retention.
  • Derived coaching artifacts: Scores, checklists, verbatim quotes with timestamps (as referenced in your script), evaluator comments, and other analysis outputs generated from your uploaded scripts. Default retention: same as the associated script or until deletion, whichever comes first.
  • Product logs & telemetry: Limited diagnostic and security logs (e.g., feature usage, performance metrics). Default retention: 30–180 days, depending on log type and legal requirements.
  • Exports & deletion: Workspace admins can export or delete scripts and derived artifacts at any time. Deletions propagate to our processors; content may persist in encrypted backups for up to 30 days before final removal.
  • No media processing: Because we don't process audio/video, you are responsible for generating any transcripts externally before upload and for obtaining any required permissions to create those transcripts.

7) Sharing & sub-processors

We share data only with service providers that help us run Velsia (cloud hosting, storage, analytics, support, communications, AI inference). A current list of sub-processors, including any foundation-model providers used for transcription or analysis, is maintained on our website. We require data-processing agreements (DPAs), confidentiality, and appropriate security.

We do not sell personal data. We do not share for cross-context behavioral advertising.

8) International transfers

Where data moves outside its origin (e.g., to the U.S.), we use approved transfer mechanisms (EU SCCs/UK IDTA, adequacy decisions) and supplementary measures.

9) Your rights & controls

Depending on your region (e.g., GDPR, UK GDPR, CCPA/CPRA, LGPD), you may have rights to access, correct, delete, restrict, port, or object to processing, and to opt out of certain uses (e.g., personalized analytics). Workspace admins control many settings; you can also email privacy@velsia.ai. We respond within statutory timelines.

You may opt out of:

  • Inclusion of your workspace content in model improvement;
  • Transcript storage beyond a specified period;
  • Analytics/telemetry (where supported).

10) Children

Velsia is for business use only and not directed to children under 18. We do not knowingly process children's data.

11) Cookies & similar tech

We use essential cookies for authentication and security. Analytics/marketing cookies are opt-in where required. See our Cookie Notice for details and controls.

12) Product-specific notices

  • Independent coaches: you are the data controller for your client recordings and must obtain all required consents for recording/analysis.
  • Teams & enterprises: we act as a processor under your DPA; recording/consent banners and retention rules can be enforced at the workspace level.
  • Recording consent: recording/transcription features include configurable pre-call consent notices and privacy prompts for invitees.

13) How to contact us & complaints

Questions or requests: privacy@velsia.ai
EU/UK residents may lodge complaints with their local supervisory authority.

14) Changes to this policy

We'll post updates here and adjust the "Last updated" date. For significant changes, we'll notify admins or all users as appropriate.

For questions about this privacy policy, contact us at privacy@velsia.ai