LEGAL
Privacy Policy
Last updated: 19 April 2026
Summary
We collect only the minimum data needed to operate your blog: your email address, billing details (processed securely by Stripe), and the content you publish. We do not sell your data, we do not run behavioural advertising, and we keep third-party sub-processors to a minimum. For any questions, email legal@velocms.org.
Data we collect
- Account email and hashed password (blog owners)
- Reader email and newsletter preferences (blog readers who subscribe)
- Billing details — stored exclusively by Stripe; we hold a customer reference ID
- Your published content (posts, pages, media, comments)
- Your own Stripe/AI API keys, if you bring them — stored encrypted at rest (AES-256-GCM)
- Basic usage logs for security and abuse prevention (IP hash, user agent, timestamps)
Sub-processors
We rely on the following trusted third parties to operate. Each is bound by a Data Processing Agreement with equivalent safeguards.
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing, subscriptions, VAT | US (UK entity) |
| Railway | Application + database hosting | US |
| Cloudflare | DNS, CDN, media storage (R2), custom domains | Global |
| Resend | Transactional email delivery | US |
| Google (Gemini) | AI content generation (platform key) | US |
| Sentry | Error monitoring | US |
| Plausible | Analytics (cookieless, anonymised) | EU (Estonia) |
AI data processing
When you use the built-in AI features, your prompt is sent to Google Gemini via the platform API key. Google does not train on data sent through this API and does not retain prompts beyond the request lifetime. If you bring your own AI key (BYOK), your prompts are sent to the provider of your choice under their terms.
Analytics
We use Plausible Analytics to measure aggregate page views and onboarding completion rate. Plausible is cookieless and does not collect personal data. No profile, session, or cross-site tracking occurs.
Right to deletion
You can delete your account at any time from /admin/account/delete. On deletion:
- Your Stripe subscription is cancelled immediately
- Your posts, pages, members, and media are soft-deleted and retained for 30 days in case you reconsider
- After 30 days all data is hard-deleted from our databases and R2 storage
- Stripe retains payment records per its own retention policy (7 years, required by UK law)
- Sub-processor logs (Sentry, Plausible) expire per their default retention (90 days / 24 months respectively)
Your rights (UK GDPR)
You have the right to access, rectify, port, or erase your personal data, to restrict or object to processing, and to lodge a complaint with the Information Commissioner's Office (ICO). Email legal@velocms.org for any of these — we action requests within 30 days.
Contact
VeloCMS Ltd, United Kingdom. Questions: legal@velocms.org.
This policy has been founder-reviewed and reflects current processing activities. A solicitor review is scheduled before the general public launch on 2026-05-06.