Velohost Velohost

Transparency & collaboration

Open-Source Policy

This policy explains how Velohost engages with open-source software, what components are released publicly, and how open-source and proprietary systems are deliberately separated.

Effective date: 01 January 2026

1. Open-source philosophy

Velohost supports open-source software as a foundation of a transparent, resilient, and verifiable internet.

Where appropriate, Velohost releases tools, libraries, and integrations as open-source projects to allow inspection, contribution, and reuse by the wider community.

2. What Velohost open-sources

Velohost may publish the following components as open-source:

  • Framework plugins and integrations
  • Client-side utilities and SDKs
  • Developer tooling and helpers
  • Documentation examples and reference implementations

These projects are intended to be auditable, forkable, and usable without vendor lock-in.

3. What is not open-sourced

Certain components are intentionally not released as open-source, including:

  • Core backend infrastructure
  • Operational automation and orchestration logic
  • Abuse-prevention, rate-limiting, and security controls
  • SEO systems, ranking logic, and internal analytics pipelines

This separation protects platform integrity, availability, and security.

4. Licensing

Open-source Velohost projects are released under clearly stated licences (such as MIT or Apache-2.0), which are included in each repository.

Licensing terms apply only to the specific repository and do not grant rights to proprietary Velohost systems or branding unless explicitly stated.

5. Use of third-party open-source software

Velohost relies on a wide range of third-party open-source libraries and frameworks.

These dependencies are selected based on:

  • Security track record
  • Maintenance activity
  • Licence compatibility
  • Community adoption

Licence obligations are respected in accordance with their terms.

6. Contributions and pull requests

Contributions to Velohost open-source projects may be accepted where they align with project goals and quality standards.

Contributors retain rights to their own work, subject to the repository licence.

Velohost reserves the right to decline contributions that conflict with security, stability, or scope.

7. Security and responsible disclosure

Open-source projects may expose security issues that should be reported responsibly.

Security issues should be disclosed privately before public discussion. See the Security Policy for reporting guidance.

8. Relationship to commercial services

Open-source availability does not imply service guarantees, support obligations, or commercial SLAs.

Hosted Velohost services may include additional features, operational safeguards, or integrations beyond what is available in open-source releases.

9. Policy updates

This Open-Source Policy may be updated as projects, licences, or practices evolve.

The current version is always published within the Velohost Trust Hub.