Privacy Policy
Effective Date: March 22, 2026 · Last Updated: March 22, 2026
1. Introduction and Scope
Velocity Labs, LLC ("Velocity Labs," "Company," "we," "us," or "our") is a Florida limited liability company committed to protecting your privacy and ensuring the security of your personal information. We provide software-as-a-service ("SaaS") solutions specifically designed for exotic and luxury car rental businesses, enabling them to manage customer relationships, process bookings, and streamline operations.
This Privacy Policy ("Policy") describes in detail how we collect, use, process, disclose, retain, and safeguard your personal information when you access or use our platform, website located at managevelocity.com, mobile applications, application programming interfaces (APIs), and all related services, features, and functionalities (collectively, the "Services"). This Policy also explains your rights regarding your personal information and how you can exercise those rights.
This Privacy Policy applies to: (a) business users who subscribe to our platform to manage their vehicle rental operations ("Business Users"); (b) employees, agents, and representatives of Business Users who access the Services on behalf of the Business User; and (c) end consumers who interact with Business Users through our platform, including individuals who submit rental inquiries, make bookings, or receive communications ("End Users"). The specific data we collect and how we use it may vary depending on your relationship with us.
We are committed to processing your personal information in accordance with applicable privacy laws and regulations, including but not limited to the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the General Data Protection Regulation (GDPR) where applicable, and other federal, state, and international privacy requirements.
PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY ACCESSING OR USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS OR USE OUR SERVICES.
2. Information We Collect
We collect various types of information from and about you and your use of our Services. The categories of information we collect depend on how you interact with us and which Services you use. Below is a comprehensive description of the information we may collect:
2.1 Information You Provide Directly
We collect information that you voluntarily provide to us when you register for an account, subscribe to our Services, make a purchase, contact us for support, or otherwise communicate with us. This information may include:
- Account and Registration Information: Full legal name, email address, telephone number, business name or DBA, business address, billing address, tax identification numbers, and account credentials (username and password).
- Business Profile Information: Business description, company logo and branding materials, vehicle inventory details (make, model, year, specifications, photos), pricing schedules, availability calendars, service area information, and terms of service.
- Payment and Financial Information: Credit card numbers, debit card numbers, bank account information, billing history, transaction records, and payout preferences. Note that payment card data is processed and stored by our PCI-compliant payment processor, Stripe, and we do not store full payment card numbers on our systems.
- Communications and Correspondence: All messages, emails, and communications exchanged through our platform, including SMS/text messages, Instagram Direct Messages, email correspondence, in-app messages, and customer support tickets.
- Booking and Transaction Information: Rental inquiry details, reservation dates and times, vehicle selection preferences, driver information, rental agreements, transaction amounts, payment confirmations, and rental history.
- Consent Records and Preferences: Records of consent for communications, SMS opt-in and opt-out timestamps, marketing preferences, communication channel preferences, and privacy setting selections.
- User-Generated Content: Any content you create, upload, or share through the Services, including photographs, videos, reviews, comments, and other materials.
2.2 Information Collected Automatically
When you access, browse, or use our Services, we automatically collect certain technical and usage information through cookies, web beacons, log files, and other tracking technologies. This information includes:
- Device and Technical Information: IP address, device type and model, operating system and version, browser type and version, screen resolution, device identifiers (such as IDFA or GAID), hardware model, and mobile network information.
- Usage and Activity Information: Pages and screens viewed, features accessed and used, actions taken within the Services, clickstream data, navigation paths, search queries, access dates and times, session duration, referring URLs, and exit pages.
- Location Information: General geographic location based on IP address geolocation, time zone settings, and language preferences. We do not collect precise GPS location data without your explicit consent.
- Log Data: Server logs that record information about your requests to our servers, including timestamp, request type, response status, and system activity.
2.3 Information from Third-Party Platforms and Integrations
When you connect third-party accounts or use third-party integrations with our Services, we may receive information from those platforms in accordance with the permissions you grant and the third party's privacy practices:
Instagram/Meta Platform
When you connect your Instagram Business or Creator account, we receive: access tokens and refresh tokens for API authentication, Instagram account ID and username, connected Facebook Page information, Direct Message conversations (read and write access), basic profile information of users who message your account, and message delivery status. We use this information to enable automated messaging features and customer engagement through Instagram.
Stripe Payment Services
When you enable payment features, we receive information from Stripe including: connected account status and verification information, transaction details and payment confirmations, payout information and transfer records, dispute and chargeback notifications, and account balance information. Stripe processes and stores all sensitive payment card data in accordance with PCI-DSS requirements.
Twilio Communications
When you use SMS features, we receive information from Twilio including: phone number verification status, SMS delivery status and receipts, carrier information, message segment counts, and error notifications. Message content is transmitted through Twilio's infrastructure for delivery to recipients.
AI Service Providers
When you use AI-powered features, conversation data may be processed by our AI service providers (including Anthropic) to generate responses. We implement appropriate data processing agreements and security measures with these providers to protect your information.
2.4 Information from Other Sources
We may also collect information about you from other sources, including publicly available information, information from our business partners, and information from data providers. We may combine information we collect from these sources with information we receive from you.
3. How We Use Your Information
We use the information we collect for various purposes, all of which are designed to provide, maintain, and improve our Services, communicate with you, and ensure the security and integrity of our platform. Below is a detailed description of how we use your information:
3.1 To Provide, Operate, and Maintain the Services
- • Process account registration, authentication, and account management
- • Facilitate bookings, reservations, payments, and financial transactions
- • Enable communication between Business Users and their customers (End Users)
- • Provide AI-powered automated messaging and response capabilities
- • Process and fulfill customer service requests and support tickets
- • Manage vehicle inventory, pricing, and availability information
- • Generate invoices, receipts, and financial documentation
- • Synchronize calendars and scheduling across integrated platforms
- • Deliver SMS messages and other communications on your behalf
3.2 To Improve, Personalize, and Develop the Services
- • Analyze usage patterns, trends, and preferences to improve functionality and user experience
- • Customize and personalize content, features, and recommendations based on your preferences
- • Train, improve, and enhance our AI and machine learning models using anonymized and de-identified data
- • Develop, test, and implement new products, features, and services
- • Conduct research and analysis to better understand user needs and behaviors
- • Perform A/B testing and experimentation to optimize the Services
- • Generate aggregated, anonymized statistics and analytics for internal reporting
3.3 To Communicate With You
- • Send transactional emails, including account confirmations, password resets, and payment receipts
- • Provide customer support and respond to your inquiries and requests
- • Send service-related announcements, updates, and notifications
- • Deliver marketing and promotional communications (where you have consented)
- • Notify you of changes to our Services, Terms of Service, or this Privacy Policy
- • Send surveys and request feedback to improve our Services
- • Communicate about your account status, billing, and subscription information
3.4 For Security, Fraud Prevention, and Legal Compliance
- • Detect, prevent, investigate, and respond to fraud, abuse, and security threats
- • Protect the security and integrity of our Services, systems, and infrastructure
- • Enforce our Terms of Service, Acceptable Use Policy, and other agreements
- • Verify your identity and prevent unauthorized access to your account
- • Comply with applicable legal obligations, regulations, and industry standards
- • Respond to lawful requests from law enforcement, government agencies, and courts
- • Protect the rights, property, and safety of Velocity Labs, our users, and the public
- • Investigate and resolve disputes and enforce our legal rights
3.5 Legal Bases for Processing (GDPR)
For users in the European Economic Area (EEA), we process your personal data based on the following legal bases:
- • Contractual Necessity: Processing necessary to perform our contract with you or take steps at your request before entering into a contract
- • Legitimate Interests: Processing necessary for our legitimate business interests, provided those interests do not override your fundamental rights
- • Legal Obligations: Processing necessary to comply with our legal obligations
- • Consent: Processing based on your specific, informed, and freely given consent
4. Instagram and Social Media Integration
Our Services integrate with Instagram and other social media platforms to provide automated messaging capabilities.
Data We Access from Instagram
- Instagram Business/Creator account ID and username
- Connected Facebook Page information
- Direct Message conversations (read and write access)
- Basic profile information of users who message the account
We comply with Meta's Platform Terms. We do not sell Instagram data to third parties or share it with data brokers.
5. SMS/Text Message Communications
Information Collected for SMS
- Mobile phone number and consent timestamp
- Opt-in/opt-out status and history
- Message content and delivery status
We do not sell your phone number or SMS consent data.
Phone numbers are shared only with Twilio for message delivery and with the specific Business User you are communicating with.
Opting Out of SMS
You can stop receiving text messages at any time by:
- Replying STOP to any message
- Contacting us at info@managevelocity.com
7. Data Retention Policies and Schedules
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, contractual, or reporting requirements. When determining the appropriate retention period, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information, applicable legal requirements, and whether we can achieve those purposes through other means.
7.1 Retention Schedule by Data Category
Account and Profile Data
Legal, tax, and audit requirements under IRS regulations
Financial and Transaction Records
IRS record-keeping requirements and statute of limitations
SMS Consent and Opt-In Records
TCPA compliance and FCC requirements for consent documentation
Communication Logs and Messages
Customer service, dispute resolution, and legal compliance
Third-Party Access Tokens
Immediately deleted upon disconnection or revocation
Usage Analytics and Logs
Service improvement, troubleshooting, and security monitoring
Support Tickets and Correspondence
Quality assurance and potential dispute resolution
Marketing Preferences
Compliance with marketing consent requirements
7.2 Data Deletion
When your personal information is no longer needed for the purposes for which it was collected, or when you request deletion of your data, we will securely delete or anonymize it in accordance with our data retention policies. However, we may retain certain information for longer periods where required by law, for legitimate business purposes, or to resolve disputes.
8. Data Security Measures and Safeguards
Velocity Labs takes the security of your personal information seriously. We have implemented comprehensive technical, administrative, and physical security measures designed to protect your information from unauthorized access, use, alteration, disclosure, or destruction. While no system can guarantee absolute security, we employ industry-standard practices to minimize risks.
8.1 Technical Security Measures
Encryption in Transit
All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher protocols with strong cipher suites
Encryption at Rest
Sensitive data stored in our databases is encrypted using AES-256 encryption algorithms
Access Controls
Role-based access controls (RBAC) limit access to personal information on a need-to-know basis
Authentication
Multi-factor authentication (MFA) options, secure password hashing (bcrypt), and session management
Network Security
Firewalls, intrusion detection systems, DDoS protection, and regular vulnerability scanning
Secure Infrastructure
Hosting on SOC 2 Type II compliant infrastructure with geographic redundancy
8.2 Administrative Security Measures
- Employee Training: All employees receive regular training on data protection, privacy regulations, and security best practices
- Background Checks: Employees with access to personal information undergo appropriate background screening
- Security Assessments: Regular internal and external security audits, penetration testing, and vulnerability assessments
- Incident Response: Documented incident response procedures to quickly address any security events
- Vendor Management: Due diligence and contractual requirements for third-party service providers handling personal information
8.3 Third-Party Security Compliance
Our key service providers maintain industry-standard security certifications and compliance: Stripe maintains PCI-DSS Level 1 compliance for payment processing; Supabase and Vercel maintain SOC 2 Type II compliance for infrastructure; Twilio maintains SOC 2 Type II compliance and is registered with the FCC for telecommunications services.
8.4 Data Breach Notification
In the event of a data breach affecting your personal information, we will notify you and relevant regulatory authorities in accordance with applicable laws. We will provide timely information about the nature of the breach, the types of information involved, the steps we are taking to address the breach, and recommendations for you to protect yourself.
10. Your Privacy Rights and Choices
Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights and providing you with control over your personal data.
10.1 Your Rights Under Applicable Privacy Laws
Right of Access
Request confirmation of whether we process your personal information and obtain a copy of your data
Right to Correction
Request correction or update of inaccurate or incomplete personal information we hold about you
Right to Deletion
Request deletion of your personal information, subject to certain legal exceptions and retention requirements
Right to Data Portability
Request a copy of your personal information in a structured, commonly used, machine-readable format
Right to Restrict Processing
Request that we limit the processing of your personal information under certain circumstances
Right to Object
Object to processing of your personal information for direct marketing or based on legitimate interests
Right to Withdraw Consent
Withdraw your consent at any time where we rely on consent as the legal basis for processing
Right to Non-Discrimination
Not be discriminated against for exercising any of your privacy rights
10.2 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know: The categories and specific pieces of personal information we have collected about you
- Right to Delete: Request deletion of your personal information, subject to certain exceptions
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information (we do not sell or share your data)
- Right to Limit Use: Limit the use and disclosure of sensitive personal information
We do not sell or share your personal information as defined under CCPA/CPRA.
10.3 Nevada Residents
Nevada residents may opt out of the sale of certain covered information. We do not sell your personal information. If you are a Nevada resident and have questions, contact us at info@managevelocity.com.
10.4 How to Exercise Your Rights
You can exercise your privacy rights through the following methods:
• Email: Submit a request to info@managevelocity.com
• Online Form: Use our data deletion request form
• Account Settings: Manage certain preferences directly in your dashboard
We will verify your identity before processing your request. For certain requests, we may require you to provide additional information to verify that you are who you claim to be. We will respond to verifiable requests within 45 days (or 30 days for GDPR requests). If we need additional time, we will notify you of the extension and the reason.
10.5 Authorized Agents
You may designate an authorized agent to make requests on your behalf. If you use an authorized agent, we may require: (a) signed written permission from you authorizing the agent; (b) verification of your identity; and (c) direct confirmation that you provided the agent permission to submit the request.
11. Children's Privacy
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@managevelocity.com.
12. International Data Transfers
Velocity Labs is headquartered in the United States, and our Services are primarily operated, hosted, and managed from the United States. If you access our Services from a location outside the United States, please be aware that your personal information may be transferred to, stored, processed, and maintained in the United States and other countries where our service providers operate.
The data protection and privacy laws of the United States and other countries may differ from those of your country of residence. By accessing or using our Services, or by providing us with your personal information, you acknowledge and consent to the transfer, storage, and processing of your information in the United States and other jurisdictions as described in this Privacy Policy.
12.1 Safeguards for International Transfers
When we transfer personal information from the European Economic Area (EEA), United Kingdom (UK), or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards, which may include:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules for transfers within our corporate group
- Certification mechanisms or codes of conduct, where applicable
- Your explicit consent for specific transfers, where appropriate
For more information about international data transfers or to obtain a copy of the safeguards we use, please contact us at info@managevelocity.com.
13. Do Not Track Signals
Our Services do not currently respond to "Do Not Track" signals. However, you can manage your cookie preferences through your browser settings.
14. Changes to This Privacy Policy
We may update, modify, or amend this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make changes to this Privacy Policy, we will take the following steps to notify you:
- Post the revised Privacy Policy on our website and update the "Last Updated" date at the top of this Policy
- For material changes, send an email notification to the address associated with your account
- Display a prominent notice within the Services or dashboard when you next log in
- Where required by law, obtain your consent to material changes before they take effect
We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information. Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the updated Policy.
If you do not agree with any changes to this Privacy Policy, you should discontinue your use of the Services and contact us to delete your account.
15. Contact Us
If you have any questions, concerns, comments, or requests regarding this Privacy Policy, our data practices, or your personal information, please do not hesitate to contact us. We are committed to addressing your privacy inquiries in a timely and transparent manner.
Velocity Labs, LLC
Data Controller · A Florida Limited Liability Company
Privacy Inquiries
Email: info@managevelocity.com
Data Subject Requests
Email: info@managevelocity.com
Website
Data Deletion Requests
Response Commitment
We aim to respond to all privacy-related inquiries within five (5) business days of receipt. For formal data subject requests (access, deletion, correction), we will respond within the timeframes required by applicable law (typically 30-45 days). Business hours are Monday through Friday, 9:00 AM to 6:00 PM Eastern Time, excluding federal holidays.
Supervisory Authority
If you are located in the European Economic Area (EEA) and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority. A list of supervisory authorities is available at: European Data Protection Board.
16. Governing Law and Jurisdiction
This Privacy Policy, and any disputes arising out of or relating to this Privacy Policy or our data practices, shall be governed by and construed in accordance with the laws of the State of Florida, United States of America, without giving effect to any principles of conflicts of law that would cause the application of the laws of any other jurisdiction.
Any legal action or proceeding arising under this Privacy Policy shall be brought exclusively in the state or federal courts located in Miami-Dade County, Florida, and you hereby irrevocably consent to the personal jurisdiction and venue of such courts.
Notwithstanding the foregoing, if you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, nothing in this Privacy Policy shall deprive you of any mandatory consumer protections or data protection rights granted under the applicable laws of your country of residence, including your right to bring proceedings in your local courts.
© 2026 Velocity Labs, LLC. All rights reserved.