General Privacy Statement
VelanVApps operates enterprise software engineering and workflow systems with a focus on minimizing data exposure and maintaining operational integrity. This privacy statement explains what information we collect, how we use and protect it, and the choices available to our customers and users. We process personal data strictly to provide and maintain our services, support contractual relationships, and comply with legal obligations. Operational practices described here reflect our technical and organizational measures as of the effective date below.
Definitions
This section provides concise definitions of terms used throughout the policy to ensure consistent interpretation. Where local law provides specific definitions, those statutory meanings shall apply in addition to these explanations.
- Personal data refers to any information relating to an identified or identifiable natural person, such as name, contact details, job title, and identifiers that can be reasonably linked to an individual in the context of our services.
- Processing means any operation performed on personal data, whether automated or manual, including collection, recording, organization, structuring, storage, retrieval, use, disclosure, erasure, and destruction.
- User refers to any individual who interacts with VelanVApps services or platforms, including customers, administrators, employees of customer organizations, trial users, and individuals who contact our support or sales teams.
- Service denotes the enterprise software engineering and workflow systems provided by VelanVApps, including hosted applications, on-premises deployments, integrations, APIs, and related professional services.
- Cookies are small data files stored on a user’s device by a web browser at the request of a website, used to remember stateful information such as session identifiers and user preferences for functional and analytical purposes.
Data Collection
VelanVApps collects data necessary to deliver, secure, and improve services. Collection is limited to categories required for clear operational purposes. We separate data provided directly by users from data collected automatically during service use or via third-party integrations.
Data Provided by Users
Data users actively provide when registering, configuring services, requesting support, or engaging professional services. This data is used to enable account management, system configuration, and contractual performance.
- Account and contact information: company name, contact person, business email addresses, phone numbers, and billing address.
- Authentication and access data: usernames, role definitions, authorization settings, and connection credentials stored and managed according to customer policies.
- Configuration and usage metadata: workflow definitions, automation rules, integration endpoints, and metadata uploaded as part of service configuration.
- Support and professional services data: correspondence, diagnostic logs provided for troubleshooting, and documentation platform during projects.
- Transactional records: invoices, purchase orders, contract references, and records of service delivery and acceptance.
- Legal and compliance information: data required to fulfill regulatory or contractual obligations, such as identity verification and corporate identifiers.
Data Collected Automatically
During normal operation of hosted services and websites, VelanVApps collects certain technical and usage data to support platform stability, security, billing, and product improvement. Collection is limited and aggregated where practical.
- Technical logs: server logs, API request metadata, timestamps, source IP addresses in connection contexts.
- Usage metrics: feature usage counts, performance metrics, error rates, and anonymized analytics for product development.
- Device and browser data: user agent strings, browser capabilities, screen resolution and locale settings for compatibility purposes.
- Cookies and local storage identifiers used to manage sessions and preferences in web interfaces.
- Security and monitoring data: intrusion detection alerts, access event records, and audit trails necessary for incident response.
- Billing telemetry relevant to usage-based plans, such as processed transactions and metered resource consumption.
Data from Third Parties
We may receive data about users from third parties where necessary for service delivery, integrations, or lawful obligations. Third-party data transfers are governed by contracts that require appropriate protections.
- Identity and corporate information platform through authorized integrations with customer systems or identity providers.
- Payment processing details handled by our payment service providers under contractual safeguards; we do not store raw payment card numbers.
- Analytics and monitoring data collected by authorized third-party tooling under contractual limits and retained for product improvement.
Purposes of Processing
We process personal data only for specified, explicit, and legitimate purposes. The primary processing purposes are described below, each aligned with necessary operational functions and compliance requirements.
- Provision and maintenance of VelanVApps services, including authentication, access control, and configuration management.
- Customer support and professional services delivery, including diagnostics, troubleshooting, and implementation activities.
- Billing, invoicing, and business administration of service subscriptions and professional engagements.
- Security, fraud prevention, and incident response, including monitoring, forensics, and remediation actions.
- Product improvement and research using aggregated and de-identified analytics to inform engineering priorities.
- Legal compliance and risk management, addressing regulatory requests and contractual obligations.
- Communication about service changes, critical operational notices, and information required for ongoing service management.
- Enforcement of our agreements and protection of the legal rights, property, or safety of VelanVApps, our customers, or others.
Legal Bases for Processing
Where applicable laws require identification of a legal basis for processing personal data, VelanVApps relies on one or more of the grounds described below depending on the type of processing and the relationship with the data subject.
- Performance of a contract: processing necessary to provide services, deliver features, and perform obligations under customer agreements.
- Legal compliance: processing required to meet legal or regulatory obligations such as tax, audit, and lawful requests from authorities.
- Legitimate interests: processing for security, platform improvement, and prevention of abuse, where such interests are balanced against individual rights.
- Consent: where voluntary consent is obtained for optional features such as marketing communications or certain analytics beyond essential operation.
Rights Under Applicable Data Protection Laws
For users and customers subject to data protection laws aligned with the GDPR framework, we recognize data subject rights and follow documented procedures to respond to requests. Our commitments reflect current best practices for enterprise service providers.
- Right of access: individuals may request confirmation of whether personal data concerning them is processed and obtain a copy of such data.
- Right to rectification: users may request correction of inaccurate or incomplete personal data held by us.
- Right to erasure: where applicable, users may request deletion of personal data that is no longer necessary for the original purposes or where the law permits.
- Right to restriction or objection: users can request restriction of processing or object to processing on grounds relating to their particular situation.
- Right to portability: where technically feasible and lawful, users may request transfer of provided data in a structured, commonly used format.
- Right to withdraw consent: where processing is based on consent, users can withdraw consent at any time for future processing.
Cookies and Tracking Technologies
VelanVApps uses cookies and related technologies to support essential functionality, maintain sessions, and collect aggregated metrics. We provide controls for cookie preferences where required by applicable law.
We use session cookies for authentication, persistent cookies for preferences, and performance cookies for aggregated analytics. Third-party cookies may be set by integrated services such as analytics providers or embedded help desks.
Cookie categories include strictly necessary cookies for service operation, functional cookies for user preferences, and analytics cookies for performance insights. Marketing cookies are used only with explicit user consent.
Users can manage cookie preferences through their browser settings or via consent controls presented on relevant web pages. Disabling certain cookies may affect functionality such as login persistence and personalized settings.
Detailed cookie information is available in our Cookie Policy section and within product settings.
Data Sharing and Disclosure
VelanVApps shares personal data only as necessary for service delivery, compliance, or with contracted service providers. We require third parties to process data according to documented agreements and reasonable security controls.
- Service providers and subprocessors who perform hosting, payment processing, analytics, or support functions on our behalf under contractual restrictions.
- Customers' authorized users and administrators who access account data as part of legitimate management and operational activities.
- Affiliates and partners where necessary for joint service delivery or where explicitly authorized by the customer.
- Legal and regulatory authorities in response to lawful requests, court orders, or to establish or defend legal rights.
- Acquirers or other parties involved in corporate transactions, provided appropriate data protection measures are implemented during any transfer.
- Third-party integrations chosen and enabled by customers; the transfer of data to such vendors is subject to customer configuration and agreement terms.
International Data Transfers
VelanVApps operates in multiple jurisdictions and may transfer personal data across borders to subprocessors or affiliates as necessary for service delivery. Transfers are managed with appropriate safeguards consistent with applicable law.
When transferring data internationally, we implement contractual clauses, standard contractual clauses where available, and technical protections such as encryption. Customers may request details of relevant safeguards for specific subprocessors.
Data Retention
Retention periods are designed to meet operational requirements, contractual obligations, and legal retention mandates while minimizing unnecessary storage of personal data. Where possible, data is archived or deleted when no longer required.
Account records and billing information are retained for the duration of the contractual relationship and for a reasonable period afterward to satisfy tax, audit, and dispute resolution requirements as governed by local law.
Support communications and project correspondence are retained for the period necessary to resolve outstanding issues, maintain a service history, and comply with legal obligations, then archived or deleted according to retention schedules.
Operational and audit logs are retained to support security contribute and compliance; retention periods depend on log type and criticality but are limited and periodically reviewed.
Upon termination or deletion requests where applicable, VelanVApps removes personal data from active systems and follows documented deletion procedures. Residual copies may persist in backups for a limited period until securely purged.
Security of Personal Data
VelanVApps applies industry-standard technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. Security practices are reviewed periodically and updated in response to evolving threats and operational changes.
- Access controls and role-based access to limit data access to authorized personnel only, combined with multi-factor authentication for administrative functions.
- Encryption in transit using TLS and encryption at rest for sensitive repositories where feasible, along with secure key management practices.
- Regular security assessments, vulnerability management, logging, monitoring, and incident response procedures to detect and remediate security events promptly.
User Rights and Requests
Users may exercise rights in relation to their personal data subject to applicable law. Requests are processed in accordance with verification procedures to protect user privacy and system integrity.
- Access — request a copy of the personal data we hold about you and information on how it is processed.
- Rectification and correction of inaccurate or incomplete personal data where applicable.
- Erasure and restriction requests where legal conditions are met, subject to retention requirements for legitimate business or legal purposes.
- Data portability requests for data you have provided in a commonly used, machine-readable format, where technically feasible.
- Request restriction of processing where lawful basis is contested or where you object to processing for direct marketing.
- Object to processing based on legitimate interests, except where VelanVApps demonstrates compelling legitimate grounds.
- Receive your personal data in a structured, commonly used and machine-readable format when portability applies.
- Withdraw consent to specific processing activities at any time without affecting processing conducted prior to the withdrawal.
How to exercise your data rights
To make a rights request related to personal data held by VelanVApps, provide a clear description of the information you seek and any relevant identifiers to help us locate your records. We may ask for additional information to verify your identity and to scope the request. Requests are handled in accordance with applicable Malaysian data protection laws and our internal verification procedures.
We aim to respond to verified requests within 30 calendar days. Where requests are complex or numerous, we may extend the response period and will notify you of any extension, normally not exceeding an additional 30 days.
Marketing communications and choices
VelanVApps uses contact details you provide to send operational messages and, where you consent or where permitted by law, relevant product updates and marketing information tailored to your role in enterprise software engineering and workflow systems. We limit marketing to information that aligns with your expressed interests and our legitimate business relationship. You may control your marketing preferences through your account settings, the unsubscribe link included in marketing emails, or by contacting our privacy team.
To opt out of marketing communications, use the unsubscribe link in any marketing email, update your preferences in your VelanVApps account dashboard, or contact our privacy team at [email protected]. Opting out will not prevent delivery of essential service-related notifications necessary for your account.
Children's privacy
VelanVApps products and services are intended for professional and enterprise users. We do not knowingly collect personal data from individuals under 16 for our core commercial offerings. If we become aware that a minor's personal data has been collected without appropriate authorization, we will take steps to delete the data in accordance with applicable law and internal policies.
Third-party links
Our website and services may contain links to third-party sites, tools or services not operated by VelanVApps. We do not control those third parties' privacy practices and are not responsible for their content or data handling. Review third-party privacy policies before providing personal information to those services.
Changes to this privacy policy
We periodically review and may update our privacy practices to reflect regulatory changes, business developments, or operational improvements. Material changes to how we process personal data for customers will be communicated through our website or direct notification to affected users. Continued use of our services after such notice constitutes acceptance of the updated policy.