VeloAI Privacy Policy
1. Introduction
This Privacy Policy outlines how Inspired Testing Ltd (“we,” “our,” or “us”) collects, processes, and protects personal data when you (“User” or “Client”) use VeloAI Testing Co-pilot Software as a Service (“Services”). If you do not agree with this Privacy Policy, you must refrain from accessing or using VeloAI.
2. Definitions
All definitions applicable to this Privacy Policy, the User Terms of Service, and the Acceptable Use Policy are listed in Schedule 1 at the end of this document.
3. Scope and Applicability of This Privacy Policy
This Privacy Policy applies to all data processing activities within VeloAI, including:
- Direct interactions (e.g., account setup, support inquiries, user feedback).
- Use of the Services (e.g., input content processed through VeloAI).
- Third-party integrations (as described in Section 8).
It does not apply to third-party applications or software that integrate with VeloAI (“Third-Party Services”), which operate under their own terms and privacy policies.
For specific security measures, please visit the Security Overview on the VeloAI website.
4. Legal Frameworks: GDPR and POPIA
VeloAI complies with the General Data Protection Regulation (GDPR) and the Protection of Personal Information Act (POPIA). These regulations provide guidelines for data processing, and we are committed to safeguarding your privacy in accordance with these laws.
5. Information We Collect
VeloAI collects and processes the following categories of data:
A. Client Data
Users and Clients provide information such as:
- Messages, files, or content submitted through the Services.
- User account details (e.g., name, email, organisation, role).
- Authorised access data as managed by the Client Administrator.
B. Other Information
We also collect:
- Account Information: Registration details, billing details, and security credentials.
- Third-Party Services Information: Data shared through various integrations, including but not limited to, JIRA, OpenAI, Azure, and CSV files.
- Technical and Usage Data: Metadata, analytics, and system logs.
- User Feedback: Responses to surveys, queries, or support requests.
NOTE: VeloAI does not collect or store User and/or Client Input and Client Output data.
6. How We Process Your Information
We process personal data under the following legal bases:
- Consent: When you explicitly agree to data collection (e.g., account setup, feature requests).
- Contractual Necessity: To provide Services as agreed in the Client’s contract.
- Legal Obligations: To comply with regulatory or legal requirements.
- Legitimate Interests: To improve Services and ensure security, provided your rights are not overridden.
7. Data Sharing and Disclosure
A. Client-Controlled Sharing
The Client determines who has access to VeloAI within their organisation and Inspired Testing provides access only to the specific individual Users identified by the Client.
B. Third Parties
We share data with:
- Service Providers: Third parties supporting our infrastructure and business operations.
- Third-Party Services: Integrations enabled by the Client.
- Corporate Affiliates: Other Inspired Testing entities for service improvement.
- Legal Authorities: If required by law, court orders, or regulatory obligations.
8. Third-Party Integrations
VeloAI integrates with external services, including but not limited to:
- Atlassian JIRA: The privacy policy for JIRA integrations can be found at JIRA Privacy Policy.
- CSV: For CSV imports and exports, data processing adheres to the data policies set by the Client, as CSV is a data format and not governed by a specific privacy policy.
- Azure: The privacy policy for Azure integrations can be found at Microsoft Privacy Statement.
- OpenAI: The privacy policy for OpenAI integrations can be found at OpenAI Privacy Policy.
9. Data Retention
VeloAI retains:
- Client Data is retained in accordance with Client instructions and for as long as necessary to provide the Services.
- Other Information is stored as needed to fulfil processing purposes, comply with legal requirements, and ensure security.
10. Data Security
We implement industry-standard security measures to protect against unauthorised access, misuse, or data loss. However, no system can guarantee absolute security, and Users must also take responsibility for protecting their login credentials as per their company information security policy.
11. International Data Processing
VeloAI may, subject to Client instructions only, process personal data to countries outside your jurisdiction. Such processing may occur due to:
- Client preference for specific Azure data centre regions.
- Third-party integrations with JIRA, OpenAI, and other services.
- Cloud service redundancy and data backup requirements.
- Support and maintenance activities requiring access from different regions.
When such processing occurs: - Under GDPR, Standard Contractual Clauses (SCCs) or other legal mechanisms are used to ensure data protection.
- Under POPIA, all cross-border processing complies with Section 72, ensuring adequate data protection.
- Encryption, access controls, and security measures are in place to protect personal data during processing.
12. Your Rights
Under GDPR
- Access your data.
- Request correction or deletion.
- Restrict or object to processing.
- Data portability.
- Lodge a complaint with a Data Protection Authority.
Under POPIA
- Access and correct personal information.
- Withdraw consent.
- Object to processing for specific purposes.
- Submit complaints to the Information Regulator of South Africa.
13. Age Limitations
The Services are not intended for users under 18 years of age. If you believe a minor has provided personal data, please contact us to facilitate its removal.
14. Updates to This Privacy Policy
We may update this Privacy Policy periodically. Users will be notified of material changes via email or in-app notifications. Continued use of VeloAI after updates constitutes acceptance of the revised policy.
15. Contact Information
For questions about this Privacy Policy, please contact:
- Data Protection Officer: legal@inspiredtesting.com
- General Inquiries: VeloAI@inspiredtesting.com
Schedule 1 – Definitions.
- Acceptable Use Policy (AUP): A set of guidelines outlining acceptable and unacceptable use of VeloAI services, ensuring a secure and ethical environment for all users.
- Account Information: Details provided by a user to create or maintain their account, such as usernames, email addresses, and billing details.
- Administrator: A person responsible for overseeing access to and management of VeloAI services, either as a Client Administrator or VeloAI Administrator.
- AI Oversight: The human monitoring and verification of outcomes generated by VeloAI to ensure they are accurate, relevant, and compliant with applicable standards and regulations.
- Client: The organisation, entity, or individual that has entered into an agreement with Inspired Testing to use VeloAI services.
- Client Administrator: The person designated by the Client with elevated permissions to manage VeloAI usage and integrate Output Content.
- Client Content / Client Data: Any data owned by the Client and processed through VeloAI, including Input Content and Output Content, but excluding Service Data.
- Confidential Information: Any non-public, proprietary, or sensitive data or information submitted by a Client or User that requires protection under applicable agreements and laws.
- Consent: Voluntary permission provided by a User or Client for specific uses of their data, in compliance with GDPR and POPIA regulations.
- Contract: The VeloAI Software Licensing Agreement or Master Services Agreement setting out terms between the Client and Inspired Testing.
- Credit/Token: Units allocated to a User by the Client to enable actions within VeloAI, such as generating Output Content.
- Data Protection Authority: A government body or public authority responsible for enforcing data protection laws in a specific jurisdiction.
- Force Majeure: Events beyond the control of Inspired Testing, such as natural disasters or internet outages, that may affect its ability to deliver services under the terms of the agreement.
- GDPR: General Data Protection Regulation, the legal framework governing data protection and privacy within the European Union.
- Human Oversight: The process of verifying AI-generated outcomes by skilled human users to ensure compliance with applicable standards, laws, and accuracy.
- Input Content: Any data provided by the Client or User for processing in VeloAI, such as text, files, or prompts, to generate Output Content.
- Inspired Testing: The service provider offering VeloAI services, responsible for delivering and maintaining the platform.
- Login Credentials: A combination of a username and password or other secure authentication methods enabling authorised access to VeloAI.
- Metadata: Information about other data collected automatically by VeloAI, such as timestamps, system logs, or usage metrics, to enhance operational functionality.
- Output Content: Any data, text, image, code, or other content generated by VeloAI based on Input Content.
- Other Information: Data collected by VeloAI beyond Client Content, such as feedback, account setup details, or metadata, to enhance its functionality.
- Personal Data: Any information that identifies or can be used to identify an individual, subject to protections under GDPR and POPIA.
- POPIA: Protection of Personal Information Act, the South African legal framework for data protection and privacy.
- Prohibited Activities: Specific actions disallowed under the Acceptable Use Policy, such as unauthorised access, data exploitation, or harmful conduct.
- SaaS (Software as a Service): A delivery model for software applications hosted on the cloud and accessed via the internet, such as VeloAI.
- Security Overview: The set of security measures and practices implemented by VeloAI to safeguard Client Data, as detailed in separate documentation.
- Service Data: Technical data collected or generated during the operation of VeloAI, such as logs, analytics, and system metrics, not including Client Content.
- Third-Party Services: External tools or integrations authorised by the Client to enhance the functionality of VeloAI, such as JIRA, OpenAI, and Azure.
- User: Any individual authorised by the Client or Inspired Testing to access and use VeloAI services.
- VeloAI: An AI-powered Software as a Service (SaaS) designed to enhance software quality assurance processes by automating routine tasks, generating test scripts, and providing testing insights.
- VeloAI Administrator: The individual designated by Inspired Testing to manage and provide access to VeloAI for authorised users.
- Violation: Any breach of the Acceptable Use Policy, User Terms, or Privacy Policy, potentially resulting in enforcement actions such as account suspension.