طلب عرض توضيحي

VELENTS CUSTOMER AGREEMENT

ENTITIES

US Entity: Velents Technologies, Inc., Delaware Corporation

SR No. 20210566401 | File No. 5200670

KSA Partner Entity: شركة أذكي المواهب لتقنية المعلومات (Azkia Al-Mawahib for IT)

CR No. 7034867213 | Riyadh, Saudi Arabia

REPRESENTATIVE

Mr. Mohamed Hossam Eldin Gaber Abdelwahed

President and Chief Executive Officer

PLATFORM & PRODUCTS

Platform: Velents.ai — AI-Powered Enterprise Solutions

Product Lines:

  • Velents Agent (Agent.sa) — AI Customer Service & Operations Agent
  • Velents ATS — AI-Powered Applicant Tracking System
  • Velents Wisdom — RAG-as-a-Service
  • SAFHA — Advanced Document Parsing & Analysis
  • Velents APIs — White-Label AI APIs

EFFECTIVE DATE

February 14, 2026

VERSION

2.0

TABLE OF CONTENTS

  • PART 1: SERVICE DESCRIPTION & COMMITMENTS
  • PART 2: PRIVACY POLICY
  • PART 3: CONSENT MANAGEMENT
  • PART 4: SECURITY COMMITMENTS
  • PART 5: PRIVACY CHANGE MANAGEMENT
  • PART 6: PRIVACY REQUESTS & COMPLAINTS
  • PART 7: GENERAL TERMS

PART 1: SERVICE DESCRIPTION & COMMITMENTS

1.1 Company Overview

Velents is a pioneering AI company specializing in workforce automation, customer engagement, document intelligence, and digital transformation, and enterprise digital transformation. Inspired by Saudi Arabia’s Vision 2030, Velents is at the forefront of AI-driven digital transformation, streamlining recruitment, customer engagement, and operational efficiency for organizations across finance, healthcare, government, and retail sectors globally.

The company leverages proprietary psychometric analysis, multilingual AI models optimized for Arabic, African dialects, and MENA markets, and a uniquely adaptable architecture supporting white-label APIs, local hosting in KSA (GCP Dammam), and on-premises deployment. Velents’ technology delivers 94% judgment accuracy and 200ms latency on voice AI interactions.

1.2 Products & Services

Velents operates five primary product lines, each addressing distinct enterprise needs:

1.2.1 Velents Agent (Agent.sa)

AI Customer Service & Operations Agent

Velents Agent automates customer interactions and internal operations through two-way AI voice and messaging capabilities:

  • AI WhatsApp conversations and phone call automation with 94% judgment accuracy and 200ms latency
  • 24/7 availability with natural language processing and customizable workflows
  • IVR integration, call listening, and automatic insight generation
  • Intelligent WhatsApp management supporting text, voice messages, local dialects, locations, and link handling
  • Smart personalized workflows with conditional logic for optimal contact timing
  • NLP transcription with dialect support and automatic quality assurance
  • Per-call analysis including speaker identification, intent/tone analysis, compliance monitoring, and automated coaching highlight generation
  • Auto-rating on greeting quality, technical knowledge, empathy, resolution efficiency, and compliance adherence
  • Certified Genesys Partner in MENA region
  • Reduces QA costs by 95%, operational expenses by 50%, and headcount needs by 80%

Use Cases: Employee onboarding, sales calls and follow-up, customer service automation, surveys and NPS collection.

Data Processed: Call recordings, WhatsApp messages, voice data, conversation transcripts, customer interaction metadata, IVR signals, business logic rules.

1.2.2 Velents ATS

AI-Powered Applicant Tracking System

Velents ATS automates and accelerates the entire hiring process using advanced AI assessment and matching:

  • Automated candidate screening, AI-powered interviews, and intelligent assessment with unlimited candidate capacity
  • Candidate ranking by job criteria match using proprietary psychometric and technical analysis
  • Skills assessments, psychometric analyses, CV screenings, stress-level analyses, and AI one-way video interviews
  • Comprehensive reporting and development plan generation
  • Capacity to conduct 5,000 interviews simultaneously
  • 400% increase in weekly interviews per recruiter
  • 80% reduction in hiring financial costs
  • 87% accuracy compared to human assessment output
  • 73% of candidates prefer AI-assisted interviews over traditional formats
  • Hiring timeline: 3 days with Velents vs. 39 days using traditional methods

Data Processed: Candidate CVs and resumes, video interview recordings, assessment responses, psychometric analysis data, skills test results, personality analysis data, stress-level analysis data, behavioral analysis outputs.

1.2.3 Velents Wisdom

RAG-as-a-Service

Velents Wisdom enables customers to deploy retrieval-augmented generation (RAG) systems for interactive data analysis and insight discovery:

  • Upload data to secure Velents-managed cloud or deploy on-premises RAG system
  • Chat-like interface for querying data with ChatGPT-style natural language interaction
  • Multi-format data support (PDFs, documents, spreadsheets, databases, etc.)
  • Customizable deployment options: cloud-based or on-premises installation
  • Real-time insights and automated intelligence from data assets
  • Multilingual support including Arabic language processing
  • Pre-built integrations with Slack, Google Drive, SAP, Notion, Oracle, Gmail, Monday, Zoho, HubSpot, and enterprise systems

Use Cases: Chat applications, AI assistants, AI-powered business tools, research and analytics.

Data Processed: Customer-uploaded documents and data files, chat query logs, indexed RAG content, system logs.

1.2.4 SAFHA

Advanced Document Parsing & Analysis (Powered by Velents.ai, Partnership with ELM)

SAFHA provides enterprise-grade AI-powered document processing and intelligent data extraction:

  • Intelligent parsing and data extraction from structured and unstructured documents (PDFs, Word documents, scanned images, handwritten content)
  • Contract analysis extracting terms, parties, obligations, payment terms, risk factors, and expiration dates
  • Invoice and billing processing capturing merchant name, tax details, amounts, line items, and system integration
  • Legal and compliance review with policy adherence checks and identification of missing or conflicting clauses
  • Batch processing and multi-document analysis for large volumes
  • API integration with adaptable AI models and open APIs for ERP, CRM, and document management systems
  • Enterprise-grade security with on-premises deployment option
  • Multilingual and Arabic-language document processing

Target Industries: Financial Services, Legal & Compliance, Retail & E-commerce, Government & Enterprises, Healthcare.

Data Processed: Business documents (contracts, invoices, financial statements, legal documents), extracted structured data fields, compliance analysis results, audit trails.

1.2.5 Velents APIs

White-Label AI APIs for Enterprise Integration

Velents APIs provide modular, marketplace-available AI capabilities for seamless enterprise integration:

  • API-friendly tools designed for white-label deployment and enterprise system integration
  • Available on leading marketplaces: Zid, Zoho, Google Cloud Marketplace, Oracle Cloud Marketplace, Salla, SAP Store, PrestaShop Marketplace, RapidAPI, AWS Marketplace
  • Comprehensive API suite includes: Speech-to-Text, Personality Five Traits analysis, Emotions Analysis, Personality Five Traits video analysis, Meeting Summarization, Video Feedback, Documents Parsing & Matching, Keywords Detection in Calls/Meetings, Assessment Automation, AI-Video Avatar generation, Documents Matching, Call/Meeting Sentiment Analysis
  • Unmatched Arabic language processing accuracy
  • Cost-effective and reliable support infrastructure
  • Top-tier security with locally hosted data processing in KSA

Data Processed: Input data per specific API (audio files, video files, documents, meeting recordings, text), API-specific analysis outputs and metadata.

1.3 Technology Capabilities

Across all product lines, Velents deploys the following core technology capabilities:

  • Two-way AI conversations with voice and messaging automation for customer support, sales, and team process automation
  • Advanced documents understanding with automated data extraction from CVs, invoices, contracts, and unstructured business documents
  • Test and assessment automation with dynamic generation based on job requirements and competency frameworks
  • Customized insights and reporting including personality analysis, technical assessments, and answer-matching recommendations
  • Media analysis spanning video, audio, images, and documents with personality analysis, stress detection, and transcription
  • Retrieval-Augmented Generation (RAG) as a service for customer data interaction and intelligence
  • Proprietary psychometric analysis framework built from original research and Velents IP
  • Multilingual AI models fine-tuned for Arabic, African dialects, and MENA/Africa regional markets
  • LLM Agnostic architecture enabling integration with multiple AI model providers

1.4 Service Boundaries

Service scope by product line includes all features and capabilities outlined in Section 1.2. API rate limits, concurrent user capacity, data volume limits, and feature-specific boundaries are detailed in individual product documentation and service level agreements. On-premises deployments follow the same functional feature set with customer-controlled infrastructure.

1.5 Data Flows

Data flows for each product line follow a consistent architecture:

Ingress Sources: Customer systems, user devices, integrated platforms, API endpoints

Processing Activities: Data ingestion, normalization, AI model inference, psychometric/biometric analysis, document parsing, conversation transcription, sentiment analysis, insights generation

Storage Location: Google Cloud Platform (Dammam, Saudi Arabia – me-central2 region) or customer on-premises infrastructure

Egress Channels: API responses, dashboard/reporting interfaces, system exports, disaster recovery synchronization to backup regions

1.6 Infrastructure & Deployment

Velents infrastructure utilizes Google Cloud Platform with Saudi Arabia as the primary operational region:

  • Primary: GCP Dammam, Saudi Arabia (me-central2 region) — production data processing and storage
  • Disaster Recovery: GCP Europe-West1 (Belgium) — backup and failover infrastructure
  • Database: Cloud SQL (PostgreSQL) for transactional data
  • Cache: Memorystore (Redis) for performance optimization
  • Storage: Cloud Storage for document and media handling
  • CDN: Cloud CDN for content distribution and latency optimization
  • Load Balancing: Cloud Load Balancing for traffic distribution
  • Security: Cloud Armor for DDoS protection and access control

LLM Agnostic Architecture: Velents can integrate with multiple large language model providers, enabling flexibility and vendor independence.

On-Premises Deployment Option: Customers requiring maximum security control and data residency can deploy Velents solutions on their own infrastructure with Velents-provided architecture and support.

1.7 Availability & Service Level Agreement

Velents commits to the following availability standards:

Target Uptime: 99.9% monthly availability

Service Credits for Downtime:

  • 99.5% – 99.89% uptime: 10% monthly service credit
  • 99.0% – 99.49% uptime: 25% monthly service credit
  • Below 99.0% uptime: 50% monthly service credit

Service credits are the exclusive remedy for downtime-related claims. Scheduled maintenance windows are excluded from uptime calculations with 30-day advance notice.

1.8 Support Model

Velents provides two support tiers:

Standard Support: 4-hour initial response time, business hours support (Monday-Friday, 9 AM – 6 PM KSA time)

Premium Support: 1-hour initial response time, 24/7 availability including weekends and holidays, dedicated support contact

Support channels: Email ([email protected]), phone (+966 583956577 or +201065551455), in-app support portal, web ticketing system.

1.9 Data Processing Locations

Customer data processing locations:

  • Primary Processing: Google Cloud Platform, Dammam, Saudi Arabia (me-central2)
  • Backup and Disaster Recovery: Google Cloud Platform, Europe-West1 (Belgium) — non-continuous, failover-only
  • On-Premises Option: Customer-controlled infrastructure for maximum data residency control

For customers with GDPR, CCPA, or data residency requirements, on-premises deployment eliminates cross-border transfers.

1.10 Compliance Certifications & Standards

Velents maintains or is pursuing the following compliance certifications:

  • SOC2 Type II audit (completed)
  • GDPR Data Processing Agreement (DPA) compliant
  • CCPA (California Consumer Privacy Act) compliant
  • HIPAA (Health Insurance Portability & Accountability Act) deployment option available
  • ISO 27001 certification (targeted completion: 2026)
  • KSA Personal Data Protection Law (PDPL) compliant

Detailed compliance documentation and audit reports are available through Velents Trust Center at trust.velents.ai.

1.11 Marketplace Availability & Distribution Channels

Velents products and APIs are available through the following enterprise technology marketplaces and distribution channels:

  • Google Cloud Marketplace
  • Oracle Cloud Marketplace
  • SAP Store
  • Zoho App Marketplace
  • Zid (regional MENA marketplace)
  • Salla (regional MENA marketplace)
  • RapidAPI
  • AWS Marketplace
  • PrestaShop Marketplace

These distribution channels provide additional deployment flexibility and billing integration options for enterprise customers.

PART 2: PRIVACY POLICY

2.1 Data We Collect

Velents collects different categories of data depending on which products and services customers use:

Velents Agent:

  • Call recordings (audio files)
  • WhatsApp messages (text and media)
  • Voice data and audio recordings
  • Conversation transcripts
  • Customer interaction metadata (timestamps, participant identifiers, call duration)
  • IVR signals and system data

Velents ATS:

  • Candidate CVs and resumes
  • Video interview recordings
  • Assessment responses and answers
  • Psychometric analysis data
  • Skills test results and scores
  • Personality and behavioral analysis outputs
  • Stress-level assessment data

Velents Wisdom:

  • Customer-uploaded documents and data files
  • Chat query logs and interaction history
  • Indexed RAG content and metadata
  • System access logs

SAFHA:

  • Business documents (contracts, invoices, financial statements, legal documents)
  • Extracted structured data fields
  • Compliance analysis results
  • Audit trail and processing logs

Velents APIs:

  • Input data per specific API (audio files, video files, documents, meeting recordings, text)
  • API-specific analysis outputs
  • API request/response metadata and usage logs

Common to All Products:

  • Organization and account information
  • User profile data (name, email, role)
  • Technical usage data (features used, actions performed, timestamps)
  • Billing and subscription data
  • System logs and security events

2.2 How We Use Your Data

Velents uses collected data for the following purposes:

  • Service Delivery: Processing customer data through AI models to deliver core product functionality
  • AI Model Training: Improving model accuracy and performance (only with explicit customer consent)
  • Analytics & Reporting: Generating insights into service usage, performance metrics, and business intelligence
  • Security & Fraud Prevention: Detecting unauthorized access, suspicious activity, and system threats
  • Compliance: Meeting legal, regulatory, and contractual obligations
  • Customer Support: Resolving technical issues and improving service quality
  • System Maintenance: Troubleshooting, optimization, and infrastructure management

2.3 Legal Basis for Processing

Velents processes personal data based on the following legal grounds:

  • Consent: Where individuals have provided explicit, informed consent for processing
  • Contractual Necessity: Where processing is required to deliver contracted services
  • Legitimate Interests: Where Velents has legitimate business interests that do not override individual rights
  • Legal Obligation: Where processing is required by law or regulation

2.4 Data Sharing & Sub-Processors

Velents does not sell customer data. Data is shared only in the following circumstances:

  • Infrastructure Providers: Google Cloud Platform (GCP) for hosting, processing, and storage services
  • Integration Partners: Service providers for specific feature integrations (Slack, Notion, Zoho, etc.) — only when customer initiates integration
  • Legal Compliance: When required by law, court order, or regulatory authority
  • Sub-Processors: Third-party service providers who assist with specific functions (analytics, payment processing, support tools)

All sub-processors are contractually bound by data protection obligations equivalent to this agreement.

2.5 Your Data Rights

Subject to applicable law, individuals have the right to:

  • Access: Request and receive a copy of personal data Velents holds
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of data (subject to legal retention obligations)
  • Portability: Receive data in structured, machine-readable format for transfer to other services
  • Restriction: Limit processing of data for specific purposes
  • Objection: Opt-out of processing for non-essential purposes
  • Withdrawal: Withdraw consent at any time without affecting prior processing legality

2.6 Opt-Out Mechanisms

Customers can opt out of specific data processing activities through:

  • In-app privacy settings and consent preferences
  • Email request to [email protected]
  • Web-based consent management portal
  • Direct communication with account manager

Note: Opting out of essential processing may limit service functionality.

2.7 Cookies & Tracking Technologies

Velents uses cookies and similar tracking technologies for:

  • Session Management: Maintaining user authentication and session state
  • Analytics: Understanding user behavior and service usage patterns
  • Security: Detecting and preventing unauthorized access
  • Preferences: Remembering user settings and interface preferences

Customers can manage cookie preferences through browser settings and may opt out of non-essential cookies without impacting core functionality.

2.8 Data Security Measures

Velents implements comprehensive security controls:

  • Encryption: AES-256 encryption for data at rest and TLS 1.2+ for data in transit
  • Access Control: Multi-factor authentication (MFA), role-based access control (RBAC), principle of least privilege
  • Monitoring: Security Information & Event Management (SIEM), intrusion detection, real-time alerting
  • Testing: Annual third-party penetration testing and vulnerability assessments
  • Incident Response: 72-hour breach notification protocol with detailed incident response procedures
  • On-Premises Security: Customers deploying on-premises control infrastructure security directly

For additional details, see PART 4: SECURITY COMMITMENTS.

2.9 International Data Transfers

For GDPR and similar regulations:

  • Primary Processing Location: Google Cloud Platform, Dammam, Saudi Arabia (me-central2)
  • Backup Location: GCP Europe-West1 (Belgium) — only for disaster recovery failover, not continuous processing
  • Legal Mechanism: Standard Contractual Clauses (SCCs) enable compliant transfers
  • On-Premises Option: Customers requiring no cross-border transfers can deploy on-premises

For customers subject to GDPR, Velents provides a Data Processing Agreement (DPA) outlining transfer mechanisms and protections.

2.10 Children’s Privacy

Velents does not knowingly collect personal data from children under 13 years of age. If Velents becomes aware that a child has provided personal data, we will take steps to delete such information and terminate the child’s account. Parents or guardians suspecting unauthorized collection should contact [email protected].

2.11 Privacy Policy Updates

Velents may update this Privacy Policy periodically. Material changes will be communicated via email with a minimum 30-day notice before implementation. Continued use of Velents services after notice constitutes acceptance of the updated policy.

PART 3: CONSENT MANAGEMENT

3.1 Consent Types

Velents recognizes the following consent categories:

  • Explicit Consent: Affirmative, deliberate action (e.g., checkbox, signed agreement) indicating clear agreement to processing
  • Informed Consent: Provided with full understanding of data types, processing purposes, and recipient parties
  • Implied Consent: Derived from user action (e.g., submitting a resume to ATS for evaluation)

3.2 Consent Collection Points by Product

Velents Agent:

Call recording consent collected at customer contact center configuration; WhatsApp integration consent via opt-in confirmation.

Velents ATS:

Candidate consent collected prior to video interview recording, psychometric assessment, and resume upload; confirmation required before starting evaluation.

Velents Wisdom:

Data upload consent collected at document/data submission; users explicitly select “Upload and Index” confirming data processing authorization.

SAFHA:

Document processing consent collected when submitting documents for analysis; batch processing requires per-batch approval.

Velents APIs:

API integration consent collected at authentication/connection point; API-specific usage terms accepted prior to data transmission.

3.3 Granular Consent Options

Velents enables granular consent across data types:

  • Essential Processing: Required for service delivery (cannot be declined without service interruption)
  • Analytics: Optional consent for aggregated usage analytics
  • AI Model Training: Optional consent for data use to improve AI models
  • Third-Party Integration: Granular consent per integration (Slack, Notion, Zoho, etc.)
  • Marketing Communications: Optional consent for product updates and promotional messages

3.4 Enhanced Consent for Sensitive Data Types

For sensitive data categories, Velents requires explicit, informed consent:

  • Voice Recordings: Call recordings and voice analysis require explicit consent with disclosure of purpose
  • Video Recordings: Interview and assessment video recordings require explicit, separate consent
  • Behavioral/Personality Analysis: Psychometric analysis and personality profiling require informed consent with results disclosure
  • Biometric-Adjacent Data: Stress-level analysis and emotion detection require explicit consent
  • Medical/Health Data: Any health information processed under HIPAA deployments requires HIPAA-compliant consent

Sensitive data consent includes explicit notice of data sensitivity, processing methods, retention periods, and rights to access/delete.

3.5 Consent Records & Audit Trail

Velents maintains detailed consent records including:

  • Timestamp: Date and time of consent grant
  • Version: Policy version associated with consent
  • IP Address: Network location of consent grant
  • Method: How consent was collected (web form, in-app, email, etc.)
  • User ID: Individual who provided consent
  • Consent Type: Specific data categories or processing activities consented to

Records are retained for the duration of the customer relationship plus three (3) additional years for compliance purposes.

3.6 Consent Withdrawal

Individuals can withdraw consent at any time through:

  • In-App Controls: Consent management interface with immediate effect
  • Email: Request to [email protected] with 5-business-day processing time
  • API: Programmatic withdrawal using Velents consent APIs
  • Phone: Direct request to +966 583956577 with verbal confirmation

Withdrawal does not affect previously collected data processed under prior consent or data retention obligations. Service functionality may be affected if essential consent is withdrawn.

3.7 Cookie & Tracking Consent

Velents displays cookie consent banners on initial website visit. Customers can:

  • Accept All: Enable all cookies including analytics and marketing
  • Essential Only: Decline non-essential cookies while maintaining core functionality
  • Customize: Select specific cookie categories for granular control

Consent preferences are remembered for 12 months; users can update preferences anytime via cookie settings link in website footer.

PART 4: SECURITY COMMITMENTS

4.1 Trust Center

Velents maintains a comprehensive Trust Center at trust.velents.ai providing:

  • Security certifications and compliance status
  • Audit reports and third-party assessments
  • Security whitepapers and technical documentation
  • Incident disclosure and transparency reports
  • Data protection agreements and standard contract templates
  • Privacy and security resources for customers

4.2 SOC2 Type II Audit

Velents has completed a SOC2 Type II audit covering security, availability, processing integrity, confidentiality, and privacy. The audit report is available to authorized customers through the Trust Center or upon request with appropriate confidentiality agreements.

4.3 Security Whitepaper

Velents publishes a detailed Security Whitepaper describing:

  • Infrastructure security architecture and controls
  • Data encryption and key management procedures
  • Access control and authentication mechanisms
  • Incident response and disaster recovery procedures
  • Security monitoring and logging infrastructure
  • Compliance with international security standards

The whitepaper is available at trust.velents.ai.

4.4 Customer Security Questionnaire Response

Velents responds to customer security questionnaires (RFIs, RFPs, security assessments) within 5 business days. Customers can submit questions to [email protected].

4.5 Third-Party Penetration Testing

Velents conducts annual third-party penetration testing by independent security firms. Results inform remediation efforts and continuous security improvement. Test findings are not shared externally for security reasons but inform internal security practices.

4.6 Incident Notification & Breach Response

In the event of a data breach or security incident:

  • Velents will notify affected customers within 72 hours of discovering the breach
  • Notification will include incident description, data types affected, and recommended actions
  • Customers will be provided with incident reports and evidence of remediation
  • Velents will fully cooperate with regulatory notifications and investigations

Incident contact: [email protected]

4.7 On-Premises Security Considerations

For customers deploying Velents on-premises:

  • Customers maintain full control of infrastructure security
  • Velents provides security hardening guides and deployment best practices
  • Velents provides regular security patches and updates
  • Customers are responsible for applying patches and updates promptly
  • On-premises deployments eliminate cross-border data transfers
  • Velents offers security consulting for on-premises deployments at additional cost

On-premises deployments provide maximum data residency and security control for regulated industries.

4.8 Security Contact & Resources

Security-related inquiries:

  • Email: [email protected]
  • Phone: +966 583956577 (mark as SECURITY URGENT)
  • Trust Center: trust.velents.ai

Security incidents should be reported immediately via phone and email.

4.9 Responsible Disclosure & Bug Bounty Program

Velents welcomes responsible security research and operates a bug bounty program:

  • Security researchers should report vulnerabilities to [email protected] (not via public channels)
  • Velents will acknowledge receipt within 48 hours
  • Velents commits to remediation and coordinated disclosure timelines
  • Qualifying vulnerabilities may be eligible for bounties up to $10,000
  • Researchers who identify valid vulnerabilities receive public recognition (unless they prefer anonymity)

Velents does not pursue legal action against researchers conducting responsible disclosure.

PART 5: PRIVACY CHANGE MANAGEMENT

5.1 Change Notification Triggers

Velents notifies customers of privacy and security changes in the following scenarios:

  • Policy Updates: Modification of privacy policy, data processing practices, or legal bases
  • Data Retention Changes: Changes to how long data is retained
  • Sub-Processor Changes: Addition or removal of third-party sub-processors
  • Processing Location Changes: Changes to where data is processed or stored
  • New Features: Introduction of new data collection or processing activities
  • Security Updates: Changes to encryption, access control, or security practices
  • Regulatory Compliance: Changes required by new laws or regulations

5.2 Notification Methods

Velents communicates privacy changes through:

  • Email: Notification to account email and designated privacy contacts
  • In-App Notification: Alert banner in Velents platform dashboard
  • Website Banner: Prominent notice on velents.ai and trust.velents.ai
  • Legal Notice: Formal letter for material compliance changes

5.3 Notification Timeline

Notification timing depends on change category:

  • Material Changes (GDPR, CCPA scope): Minimum 30 days before implementation
  • Security Incidents: 72 hours from discovery of breach
  • Emergency Changes (regulatory requirement, urgent security patch): Effective immediately with 24-hour notice
  • Non-Material Changes (feature enhancements, minor improvements): 10 business days notice

5.4 Consent Re-Collection for Material Changes

For material changes affecting data processing:

  • Velents will request explicit re-consent for affected data categories
  • Customers can accept, reject, or negotiate change terms
  • Rejection of material changes may result in service limitation or termination
  • For GDPR, consent withdrawal rights are explicitly provided

5.5 Change Approval Workflow

The privacy change approval process includes:

  • Change Assessment: Legal and privacy team evaluation of proposed changes
  • Impact Analysis: Assessment of customer impact and legal implications
  • Notification Preparation: Drafting clear, customer-friendly change descriptions
  • Stakeholder Review: Approval from Chief Privacy Officer and legal counsel
  • Customer Notification: Delivery through all notification channels
  • Feedback Period: Customers can request clarification or escalate concerns
  • Implementation: Change effective on specified date
  • Documentation: Updated policies published to Privacy Center

PART 6: PRIVACY REQUESTS & COMPLAINTS

6.1 How to Submit Privacy Requests

Individuals can submit data subject access requests through multiple channels:

  • Email: [email protected] with “Data Subject Request” in subject line
  • In-App Portal: Privacy request submission form in Velents dashboard (when available)
  • Web Form: Request form at velents.ai/privacy-requests
  • Phone: +966 583956577 or +201065551455 (request verbal confirmation for security)
  • Postal Mail: Velents Technologies, Inc., Attention: Privacy Officer, Riyadh, Saudi Arabia

Requests should include requestor full name, account information, and specific request type.

6.2 Supported Request Types

Velents processes the following data subject request types:

  • Access Request (GDPR Article 15): Receive all personal data Velents holds
  • Rectification Request (GDPR Article 16): Correct inaccurate or incomplete data
  • Erasure Request (GDPR Article 17): Delete personal data (“Right to be Forgotten”)
  • Restriction Request (GDPR Article 18): Limit processing of data for specific purposes
  • Portability Request (GDPR Article 20): Receive data in structured, machine-readable format
  • Objection Request (GDPR Article 21): Opt-out of processing for non-essential purposes
  • Automated Decision-Making Request (GDPR Article 22): Challenge decisions based solely on automated processing

6.3 Identity Verification

To protect data security, Velents verifies requestor identity using:

  • Account Email Verification: Email confirmation link sent to registered account email
  • Multi-Factor Authentication: If available on account
  • Photo ID Verification: For high-sensitivity requests (erasure, access to sensitive data)
  • Security Questions: Custom questions based on account history

Velents may request additional verification information if requestor identity cannot be confirmed.

6.4 Response Timelines

Velents commits to the following response timelines:

  • Initial Acknowledgment: Within 2 business days of request receipt
  • Identity Verification: Completed within 5 business days
  • Data Access Requests: Provided within 15-30 calendar days (GDPR requirement)
  • Rectification Requests: Processed within 10 business days
  • Erasure Requests: Processed within 30 calendar days (subject to legal obligations)
  • Restriction Requests: Effective within 15 business days
  • Complex Requests: Up to 60 additional days for particularly complex cases with notice

6.5 Complaint Process

If individuals are unsatisfied with Velents’ privacy practices or response to a request:

  • Submit formal complaint to [email protected] with “COMPLAINT:” prefix in subject line
  • Include complaint description, supporting evidence, and desired resolution
  • Velents will acknowledge receipt within 3 business days
  • Formal investigation and response within 15 business days

6.6 Escalation Path

For unresolved complaints, escalation path:

  • Level 1: Privacy Officer ([email protected])
  • Level 2: Chief Legal Officer ([email protected])
  • Level 3: Chief Executive Officer (CEO may be contacted via investor relations)
  • Level 4: Data Protection Authority (where applicable by law)

6.7 Appeals & Further Recourse

If Velents’ response to a data subject request or complaint is unsatisfactory:

  • Individuals may appeal to relevant data protection authorities
  • GDPR subjects may file complaints with their national Data Protection Authority
  • CCPA subjects may contact California Attorney General
  • Velents will cooperate fully with regulatory investigations

Velents does not penalize individuals for submitting requests, complaints, or appeals.

PART 7: GENERAL TERMS

7.1 Governing Law & Jurisdiction

This agreement is governed by:

  • US Entity Agreements: Laws of the State of Delaware (without conflict of law principles)
  • KSA Entity Agreements: Laws of the Kingdom of Saudi Arabia
  • For GDPR compliance: Applicable EU data protection regulations supersede conflicting terms
  • For CCPA compliance: California consumer privacy laws apply to California residents

Disputes will be resolved through binding arbitration (US entity) or KSA jurisdiction (KSA entity) unless otherwise required by applicable law.

7.2 Entire Agreement

This Customer Agreement, along with any separate Service Addendums, Data Processing Agreements, and Schedules, constitutes the entire agreement between Velents and Customer regarding services, privacy, and security. Prior discussions, proposals, and understandings are superseded by this agreement.

7.3 Amendments & Modifications

Velents may amend this agreement by providing written notice to Customer at least thirty (30) days before the amendment becomes effective. Continued use of Velents services after the notice period constitutes acceptance. Customers may reject non-essential amendments by canceling service.

7.4 Severability

If any provision of this agreement is found invalid or unenforceable, that provision will be modified to the minimum extent necessary to make it valid, or if not possible, severed. Remaining provisions continue in full force.

7.5 Contact Information & Support

For all Velents inquiries:

Updates to contact information will be published at www.velents.ai.