Security & Trust

Security & Trust

Velim is committed to protecting the confidentiality, integrity, and availability of data processed through the platform. We implement appropriate technical and organizational measures to ensure a high level of security, taking into account the nature of the service and associated risks.

1. Data protection by design
Security and data protection principles are integrated into the design and operation of the Velim platform. Personal data are processed only for defined purposes and with appropriate safeguards in place.

2. Encryption
Data processed within the Velim platform are protected using encryption in transit and at rest.

• Communication between client applications and backend services is secured using industry-standard transport encryption (e.g. TLS).
• Stored data are protected using strong encryption mechanisms and managed through controlled key-management processes.
• Access to encrypted data is restricted to authorized processes and personnel on a strict need-to-know basis.

Backups containing personal data are protected using encryption and are subject to access controls and retention policies consistent with the security of the primary systems.

Encryption does not prevent processing necessary to provide the service or comply with legal obligations, but it significantly reduces the risk of unauthorized access.

3. Access control
Access to systems and data is restricted using role-based access controls and authentication mechanisms. Employees and contractors are granted access only to the extent required to perform their duties.

All persons with access to personal data are subject to confidentiality obligations.

4. Monitoring and logging
Velim maintains logging and monitoring mechanisms to support system reliability, detect incidents, and investigate security-relevant events. Logs are protected against unauthorized access and are retained in accordance with applicable legal and operational requirements.

5. Infrastructure security
Velim operates its services on secured infrastructure with appropriate network protection, system hardening, and regular maintenance. Security updates and patches are applied in a timely manner.

6. Incident management
Velim maintains procedures for identifying, assessing, and responding to security incidents. In the event of a personal data breach, Velim will notify affected customers without undue delay in accordance with applicable data protection laws.

7. Sub-processors
Where third-party service providers are used to support the operation of the platform, Velim ensures that such providers are subject to contractual data protection and security obligations consistent with GDPR requirements.

8. Compliance
Velim’s security and data protection measures are aligned with applicable legal requirements, including the General Data Protection Regulation (GDPR). Detailed information on data processing and roles is available in the Privacy Policy, Data Protection Notice, and Data Processing Agreement.