Skip to main content

Legal

Privacy Policy

Effective 01 January 2026. Plain-English summaries where possible.

Book a demoChat on WhatsApp

This Privacy Policy describes how Velosta Technologies ("Velosta", "we", "us") collects, processes, and protects personal information when you use our platform.

1. Information we collect

  • Account data: name, email, phone, organization details for staff accounts.
  • Customer data (your renters): name, phone, address, masked Aadhaar (last 4 digits only), driving license metadata, passport metadata for foreigners. Image of the ID is processed in-memory and discarded; we never store the raw image.
  • Booking and payment metadata: vehicle assignment, dates, amount, GST details, payment method.
  • System logs: IP address, user-agent, and timestamps for authentication and audit purposes.

2. How we use your information

  • To deliver the Velosta platform and its features.
  • To enable WhatsApp and email communications with your customers (initiated by you).
  • To detect and prevent fraud — including the opt-in cross-vendor blacklist.
  • To meet legal, accounting, and tax obligations (e.g., GST invoicing).

3. Aadhaar and passport handling

Aadhaar and passport images are uploaded to our system only to extract text via OCR. The image is processed in-memory by our OCR pipeline and discarded immediately after parsing. Only the parsed text fields — and masked identifiers (last 4 digits of Aadhaar) — are persisted to the database.

4. Data storage and security

  • Data is hosted on AWS infrastructure in India (ap-south-1).
  • Files are stored in segregated, server-side encrypted S3 buckets.
  • Authentication uses short-lived JWT access tokens with rotated refresh tokens.
  • Access is role-based with 24+ permission keys and branch-scoped membership.

5. Sharing and disclosure

We do not sell your data. We share data only with:

  • Sub-processors required to operate the service (AWS, Google Cloud Vision for OCR, WhatsApp Business API, payment processors, SMTP providers).
  • Law enforcement, when compelled by valid Indian legal process.
  • Other Velosta-powered rental stores, only in the form of the opt-in cross-vendor blacklist (and only the flag, category, and approximate month — never the renter's identity).

6. Your rights

  • Access and export your data on request.
  • Correct inaccurate information.
  • Delete your account or organization, subject to a 30-day grace window, after which all PII is permanently purged.
  • Withdraw consent for non-essential processing.

7. Retention

We retain account and booking data for the duration of your subscription and as required by accounting/tax law (typically 7 years for financial records). PII associated with deleted accounts is purged after the 30-day grace window, except where retention is legally mandated.

8. Contact us

For privacy questions, data access requests, or complaints, reach our team at support@velosta.com.

This policy is a working summary. Final policy text will be provided on the production deployment.