Privacy Policy

Velyon AI is an AI automation and bespoke software development agency incorporated and operating in Cyprus. We design, build, and deploy intelligent automation systems, AI agents, and custom software solutions for businesses across Cyprus and the European Union.

For the purposes of the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Cyprus data protection legislation, Velyon AI acts as the Data Controller for personal data collected through our website, communications, and client engagements.

We collect only the personal data that is necessary to provide our services, respond to enquiries, and fulfil our legal obligations. We do not collect data we do not need.

Data you provide directly

• Full name and email address when you submit a contact form or book a call
• Company name, role, and business details when enquiring about our services
• Any information you voluntarily share in messages, emails, or calls with our team
• CV, portfolio links, or professional background when applying for a role

Data collected automatically

• IP address and approximate geographic location
• Browser type, operating system, and device information
• Pages visited, time spent on site, and referral source
• Cookie identifiers and session data (see Cookies section)

Data from third-party sources

• Professional profile information from LinkedIn if you connect or interact with us there
• Contact details lawfully provided by partners or referral sources

We use your personal data only for specific, clearly defined purposes. We do not sell your data to any third party, and we do not use it for purposes beyond those described in this policy.

• To respond to enquiries, contact form submissions, and booking requests
• To provide, manage, and deliver our automation and software services to clients
• To send service-related updates, proposals, and project communications
• To process job applications and evaluate candidates for open roles
• To improve our website, services, and user experience through analytics
• To comply with our legal and regulatory obligations under EU and Cyprus law
• To protect our legitimate business interests, including fraud prevention and security
• To send marketing communications, only where you have given explicit consent

Under the GDPR, we are required to have a lawful basis for processing your personal data. We rely on the following legal bases:

We do not sell, rent, or trade your personal data. We may share data with carefully selected third parties only where necessary and under strict contractual obligations that require them to protect your data.

Categories of third parties we may share data with

• Cloud infrastructure and hosting providers (e.g. AWS, Vercel, or equivalent)
• Analytics and website performance tools (e.g. Google Analytics — anonymised)
• CRM and communication platforms used to manage client relationships
• Payment processors for invoicing and billing (where applicable)
• AI model providers (e.g. OpenAI) where their APIs are used to deliver your contracted service
• Legal, accounting, or compliance advisors where required by law

All third-party processors are bound by Data Processing Agreements (DPAs) and are required to handle your data in accordance with GDPR and applicable data protection law.

Some of our third-party service providers operate outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place in accordance with GDPR Chapter V. These safeguards include:

• European Commission adequacy decisions for countries deemed to offer equivalent protection
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules where applicable
• Other lawful transfer mechanisms as recognised under GDPR

We do not transfer personal data to countries without an adequate level of data protection unless one of the above safeguards is in place.

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Our standard retention periods are:

Once data is no longer required, it is securely deleted or anonymised so it can no longer be linked to an individual.

As a data subject under the GDPR, you have the following rights in relation to your personal data. These rights apply to all individuals whose data we process within the EU and EEA.

To exercise any of these rights, please contact us at privacy@velyon.ai. We will respond within 30 days as required by GDPR Article 12.

Our website uses cookies and similar tracking technologies to operate effectively, analyse performance, and improve your experience. We categorise cookies as follows:

You can manage your cookie preferences at any time via our Cookie Settings panel or by adjusting your browser settings. Note that disabling certain cookies may affect site functionality.

For a complete list of cookies we use, their providers, and their lifetimes, please refer to our Cookie Declaration, available via the cookie consent banner.

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child under 16, please contact us immediately at privacy@velyon.ai and we will delete the data without delay.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or via a notice on our website.

We encourage you to review this policy periodically. Continued use of our website or services after any changes constitutes your acknowledgement of the updated policy.