Legal document

Privacy Policy.

This Privacy Policy explains how Velar ("Velar", "we", "us") processes personal data when you use https://velar.xyz and the Velar service.

Last updated
April 22, 2026
Operator
Onside.io B.V.
Address
Amsterdam · NL
Contact
legal@velar.xyz
Contents - 14 sections
§ 01

What Velar does

Velar is an AI-powered performance agent that analyzes engineering workflows using tools like GitHub and Jira, and generates team insights, scorecards, and leadership reports.

Most data we process comes from our customers' internal tools.

In plain language
Velar is operated by Onside.io B.V., Keizersgracht 555, 1017 DR Amsterdam, The Netherlands. Contact: legal@velar.xyz.
§ 02

Roles under GDPR

Under the General Data Protection Regulation:

  • Your company is the Data Controller.
  • Velar (Onside.io B.V.) is the Data Processor.

For limited cases, like website analytics or access requests, we act as a Controller.

§ 03

What data we process

a) Website & access requests.

  • Work email.
  • Timestamp.
  • Browser / device info.
  • Source, such as landing page.

Stored in internal systems, such as Google Sheets.

b) Account & workspace setup.

  • Name, email.
  • Role, team membership.
  • GitHub username.
  • Jira account identifiers.

c) Data from integrations.

GitHub:

  • Username.
  • Commits, including timestamps and lines added/deleted.
  • Pull requests, including titles, summaries, and status.
  • Reviews and comments.
  • Repository activity.

Jira:

  • Issue titles and descriptions.
  • Status, labels, issue types.
  • Assignee and reporter details.
  • Activity timestamps.

We may store raw API payloads in addition to processed metrics.

d) Generated analytics.

We generate:

  • Activity metrics, such as commits, PRs, and reviews.
  • Cycle time and review speed.
  • Rework / churn indicators.
  • Weekly scorecards and summaries.

These may be linked to identifiable individuals.

e) AI-generated content.

We use OpenAI to generate reports. This may involve:

  • Sending structured performance data to AI models.
  • Receiving generated summaries and insights.

We do not use AI outputs to make automated decisions without human review.

f) Logs & monitoring.

  • Error logs and system events.
  • Request metadata and technical context.

We use Sentry for monitoring. Configuration may include limited personal data, such as request context.

§ 04

Important note on workplace analytics

Velar processes individual-level performance data.

This may qualify as:

  • Employee monitoring.
  • Profiling under the General Data Protection Regulation.

Customers are responsible for:

  • Having a valid legal basis.
  • Informing employees.
  • Complying with local labor laws, such as works council requirements.

Velar does not independently decide how this data is used.

Important - workplace analytics
Individual-level performance analytics can create employment and privacy obligations. Customers decide how the data is used and must make sure those uses are lawful.
§ 05

Why we process data

We process data to:

  • Operate the Velar service.
  • Generate engineering insights and reports.
  • Deliver summaries, including via Telegram if configured.
  • Maintain security and reliability.
  • Debug and improve the system.

We do not use customer data for unrelated purposes.

§ 07

Data sharing

We do not sell personal data.

We share data only with necessary providers:

  • DigitalOcean - backend hosting and databases.
  • Vercel - website hosting and performance analytics.
  • GitHub - data source.
  • Atlassian - data source.
  • OpenAI - report generation.
  • Telegram - optional report delivery.
  • Sentry - logging and diagnostics.
  • Google services - lead storage, such as Sheets.

All providers are subject to data protection obligations.

§ 08

International transfers

Data may be processed outside the EU.

We use safeguards such as:

  • Standard Contractual Clauses.
  • Providers with appropriate security standards.
§ 09

Data retention

We retain data:

  • As long as needed to provide the service.
  • According to customer instructions.
  • For security and legal obligations.

Customers can request deletion of their data.

§ 10

Security

We implement:

  • Encryption in transit.
  • Access controls.
  • Logging and monitoring.

Access to production systems is restricted.

§ 11

Your rights

Under the General Data Protection Regulation, individuals can:

  • Access their data.
  • Request correction.
  • Request deletion.
  • Object to processing.

If your data is processed via your employer, contact them first.

§ 12

Cookies & analytics

We use minimal tracking:

  • Website performance analytics via Vercel.
  • Google Analytics, only when you consent through the cookie alert.
  • Security and functionality.

No intrusive tracking, advertising cookies, or ad personalization.

§ 13

Changes

We may update this policy.

Material changes will be communicated where required.

§ 14

Contact

Onside.io B.V.
Keizersgracht 555
1017 DR Amsterdam
The Netherlands

Email: legal@velar.xyz