Velleo - Privacy Policy

1. Introduction

This Privacy Policy explains how Velleo processes personal data when providing a booking system for salons.

Velleo is a software product owned and operated by MLSoft, currently operating as a self-employed business (sole trader) in the United Kingdom, with the intention to transition into a limited company (Ltd) in the future.

Velleo is committed to protecting personal data and complying with applicable laws, including UK GDPR and the Data Protection Act 2018.

2. Roles in Data Processing

MLSoft, as the owner of Velleo, acts as a Data Processor.

The salon using Velleo acts as the Data Controller, as it determines the purposes and means of processing personal data.

Clients of the salon are the Data Subjects.

3. Personal Data We Process

Client data:

  • Name
  • Phone number
  • Email address (optional)
  • Appointment history
  • Notes added by salon staff

Salon staff data:

  • Name
  • Email address
  • Role

Salon data:

  • Salon name
  • Contact details
  • Business address

4. Purpose of Processing

Personal data is processed solely to provide the Velleo system:

  • managing salon appointments
  • enabling online booking
  • storing client history and notes
  • sending booking confirmations and reminders
  • managing staff schedules

5. Legal Basis

Personal data is processed based on:

  • the legitimate interests of the salon in managing bookings
  • the performance of the service agreement between the salon and MLSoft (Velleo)

6. Data Security

Velleo implements technical and organisational safeguards:

  • HTTPS encryption
  • secure password hashing
  • access control restrictions
  • regular database backups

Data is hosted within the United Kingdom using secure cloud infrastructure provided by Velters.

7. Data Retention

Personal data is retained only for as long as necessary to provide the service.

Salons (Data Controllers) can delete client records within the system at any time.

8. Third-Party Services

Velleo uses sub-processors, including:

  • Twilio (SMS notifications)
  • SendGrid (email delivery)
  • Stripe (payment processing)
  • Velters (cloud infrastructure hosting in the UK)

9. Data Subject Rights

Individuals have rights under UK GDPR, including:

  • right of access
  • right to rectification
  • right to erasure
  • right to restrict processing

Requests should generally be directed to the salon (Data Controller) where the booking was made.

10. Contact

MLSoft (Velleo)

Email: privacy@velleo.app

Website: velleo.app

11. Governing Law

This Privacy Policy is governed by the laws of England and Wales.

Any disputes are subject to the exclusive jurisdiction of the courts of England and Wales.

Back to onboarding