Velohost Velohost

Data protection & compliance

Data Processing Policy

This policy explains how Velohost processes data, the roles we assume under UK data-protection law, and the safeguards applied across our infrastructure and services.

Effective date: 01 January 2026

1. Purpose of this policy

This Data Processing Policy is intended to clarify how Velohost processes data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

It should be read alongside the Privacy Policy and Terms & Conditions .

2. Controller and processor roles

Velohost acts primarily as a data controller for its own operational data, including website access, service configuration, and compliance obligations.

In limited cases, Velohost may act as a data processor where a service explicitly processes data on behalf of another party.

Velohost does not operate large-scale data-processing services, user content platforms, or customer data warehouses.

3. Categories of data processed

Depending on the service, Velohost may process limited categories of data, including:

  • Domain names or hostnames submitted for analysis
  • Configuration parameters explicitly provided by users
  • Technical request metadata required for service delivery
  • Operational security and abuse-prevention logs

Velohost does not process special category data at scale and does not intentionally collect personal identifiers.

4. Purpose limitation

Data is processed strictly for defined and legitimate purposes, including:

  • Providing requested infrastructure or diagnostic services
  • Ensuring platform security and stability
  • Preventing abuse and misuse
  • Meeting legal and regulatory obligations

Data is not repurposed for advertising, profiling, or resale.

5. Data minimisation and retention

Velohost applies strict data-minimisation principles.

Unless explicitly stated, data is processed transiently and discarded immediately after a request completes.

Where retention is required (for example, security logging), retention periods are limited and proportionate.

6. Sub-processors and infrastructure providers

Velohost relies on established infrastructure providers to operate its services, including hosting, networking, deployment, and development platforms.

These providers act as independent controllers or processors under their own data-protection frameworks.

Details of these relationships are documented in the Privacy Policy .

7. International data transfers

Where data is processed outside the UK, appropriate safeguards are applied in accordance with UK GDPR requirements.

Velohost does not knowingly transfer personal data to jurisdictions lacking adequate protection without lawful safeguards.

8. Security measures

Velohost implements technical and organisational measures designed to protect data against unauthorised access, loss, misuse, or alteration.

Further details are available in the Security Policy .

9. Data subject rights

Where applicable, individuals retain rights under UK GDPR, including access, rectification, and erasure.

As Velohost minimises personal data processing, many requests may result in confirmation that no personal data is held.

10. Contact and updates

For data-processing enquiries, contact:

[email protected]

This policy may be updated to reflect changes in law, services, or operational practices.