How Vela protects your personal data.
This policy is drafted under Article 13 of Regulation (EU) 2016/679 (the “GDPR”). It explains what personal data Vela collects through this website and the Vela platform, why we process it, on what legal basis and for how long, and the rights you have.
1. About this policy
1.1 We take the protection of your personal data seriously and process it in compliance with the GDPR and applicable national law. This policy applies to the Vela website (the “Website”) and, where you become a client, the Vela platform (the “Platform”).
1.2 It does not cover the processing carried out independently by the regulated third parties (“Financial Partners”) and their verification providers that deliver euro payments, custody rails and identity checks. Those parties act as separate data controllers and provide their own privacy notices, which you should read.
2. Who is the controller
2.1 The data controller is Vela Finance (“Vela”, “Vela Finance”, “we”, “us”), the organisation that operates the Vela website and platform.
2.2 For any question about this policy or to exercise your rights, contact us at velayield@gmail.com.
3. Data we collect
3.1 When you request access. Through the “Get access” form we collect your name, work email, organisation (optional) and the profile you select (for example, private individual, family office or institution). We also record limited technical context to understand where requests come from: the page you submitted from, the referring website, any campaign parameters (UTM), your browser type and a one-way, salted hash of your IP address. We never store your raw IP address.
3.2 When you browse the Website. We operate privacy-friendly, first-party analytics. For each visit we record page views and the pages viewed, the referring website and any campaign parameters, your approximate device type and browser language, and a random first-party identifier stored in your browser (see section 5). We do not use third-party advertising trackers, and we do not build cross-site profiles of you.
3.3 When you contact us. If you email us, we process your contact details and the content of your message to respond.
3.4 When you become a client (Platform). To provide the Service we process account and profile data, your public wallet address, and records of the operations you carry out through the interface. Identity-verification documents (KYC/KYB) are collected and held by the Financial Partners and their providers, not by Vela — we may receive only your verification status (for example, verified or declined).
3.5 We do not intentionally collect special categories of data, and we ask that you do not send them to us.
4. Purposes, legal basis & retention
We process personal data for the purposes below. For each we indicate the legal basis under Article 6(1) GDPR and the retention period.
A. Early-access requests
Reviewing and responding to “Get access” submissions and managing onboarding.
- Data
- Name, email, organisation, profile, submission context.
- Legal basis
- Pre-contractual measures at your request — Art. 6(1)(b); and our legitimate interest in assessing prospective clients — Art. 6(1)(f).
- Retention
- Until we complete or decline onboarding, or you ask us to erase the request; in any case no longer than 24 months from last contact.
B. Enquiries & support
Handling questions and support requests.
- Data
- Contact details, message content.
- Legal basis
- Pre-contractual / contractual measures — Art. 6(1)(b); legitimate interest — Art. 6(1)(f).
- Retention
- For the time needed to handle the request and a reasonable period afterward.
C. Website analytics
Understanding traffic and improving the Website using first-party, aggregate measurement.
- Data
- Page views, pages, referrer, campaign parameters, device type, language, first-party identifier.
- Legal basis
- Legitimate interest in operating and improving the Website — Art. 6(1)(f).
- Retention
- Event records are kept for a limited period and then rotated; reporting is aggregate.
D. Providing the Service
Creating and operating your account and enabling the platform features.
- Data
- Account & profile data, public wallet address, operation records.
- Legal basis
- Performance of our contract with you — Art. 6(1)(b).
- Retention
- For the life of the account and as required to conclude pending matters.
E. Compliance (AML/KYC)
Meeting legal obligations relating to financial crime, in cooperation with Financial Partners.
- Data
- Verification status; records required by law. (Documents are held by the Financial Partners.)
- Legal basis
- Legal obligation — Art. 6(1)(c).
- Retention
- For the period required by applicable anti-money-laundering law (typically several years).
F. Security & fraud prevention
Protecting the Website and Service, rate-limiting and detecting abuse.
- Data
- Hashed IP, device/technical data, access logs.
- Legal basis
- Legitimate interest in the security of our systems — Art. 6(1)(f).
- Retention
- For a limited period proportionate to the security purpose.
G. Marketing (optional)
Sending updates about Vela, only where you have asked to receive them.
- Data
- Name, email.
- Legal basis
- Consent — Art. 6(1)(a).
- Retention
- Until you withdraw consent or unsubscribe, and in any case no later than 24 months from last contact.
H. Legal obligations
Complying with tax, accounting and other legal duties and lawful requests from authorities.
- Data
- Relevant identifying and transactional data.
- Legal basis
- Legal obligation — Art. 6(1)(c).
- Retention
- For the period required by applicable law.
I. Defence of legal claims
Establishing, exercising or defending legal claims.
- Data
- Data relevant to the claim.
- Legal basis
- Legitimate interest in defending our rights — Art. 6(1)(f).
- Retention
- For the duration of the matter and applicable limitation periods.
Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. Where processing is based on our legitimate interest, you may object (see section 9).
5. Cookies & browser storage
5.1 The Website does not use third-party advertising or cross-site tracking cookies. We rely on first-party browser storage: a random identifier in localStorage and a session identifier in sessionStorage that let us measure visits and attribute an access request to the visit it came from. This information stays on your device and is first-party to Vela.
5.2 You can clear this storage at any time through your browser settings; doing so does not prevent you from using the Website.
5.3 If we later enable an optional third-party analytics or marketing tag, we will do so on the basis of your consent and will present a cookie notice at that time.
6. Who we share data with
6.1 We share personal data only as necessary, with:
- Service providers (processors) acting on our instructions — for example, hosting and infrastructure, and email delivery — bound by data-processing agreements.
- Financial Partners and their verification providers, which deliver euro payments, custody rails and identity checks and act as independent controllers for the data they collect from you directly.
- Authorities, courts or advisers where required by law or to establish or defend legal claims.
- A successor entity in the context of a merger, reorganisation or business transfer, subject to this policy.
6.2 We do not sell your personal data, and we do not share it with advertising networks.
7. International transfers
7.1 Where a provider processes personal data outside the European Economic Area, we ensure an adequate level of protection through an adequacy decision or appropriate safeguards such as the European Commission’s Standard Contractual Clauses, together with supplementary measures where needed. You may request a copy of the relevant safeguards at velayield@gmail.com.
8. How we protect data
8.1 We apply appropriate technical and organisational measures, including encryption in transit, encryption of secrets at rest, access controls, and the minimisation of sensitive identifiers — for example, we store only a salted hash of IP addresses, never the raw value. Consistent with our self-custodial design, the cryptographic key that controls your wallet is never transmitted to or stored on our servers.
8.2 No system is perfectly secure; you also play a part by keeping your credentials and devices safe.
9. Your rights
9.1 Subject to the conditions in the GDPR, you have the right to: access your data; have it rectified; have it erased; restrict or object to its processing (including profiling and direct marketing); receive it in a portable format; and withdraw consent where processing is based on consent.
9.2 To exercise any right, contact velayield@gmail.com. We will respond within the time limits set by the GDPR (generally one month). We may need to verify your identity before acting.
9.3 You also have the right to lodge a complaint with a data-protection supervisory authority, in particular the one in the EU country of your residence or workplace.
10. Children
10.1 The Website and Service are not directed to persons under 18, and we do not knowingly collect their data. If you believe a minor has provided us with personal data, contact us and we will delete it.
11. Changes to this policy
11.1 We may update this policy from time to time. We will publish the updated version on the Website with a new “last updated” date and, where the change is significant and we hold your contact details, notify you.
12. Contact & complaints
12.1 Questions, requests and complaints about this policy or our processing can be sent to velayield@gmail.com.