Privacy policy

Veloraa Privacy Policy — how we collect, use, and protect your personal data

What we collect

Account, payment, learning, and usage data

Why we collect it

To deliver, improve, and personalize our services

Who we share with

Only trusted partners and where law requires

Your rights

Access, correct, delete, and port your data

Data controller: Veloraa ("we", "us", "our") is the data controller for personal data collected through 2strength.in and our associated platforms. By using our website, enrolling in our programs, or engaging with our consulting services, you agree to the collection and use of your personal data as described in this Privacy Policy. Where Veloraa processes data on behalf of a corporate client, we act as a data processor under a separate Data Processing Agreement.

Contents — click to jump

Veloraa is a global training, consulting, and certification solutions provider operating at 2strength.in. We specialize in ISO management systems, Artificial Intelligence Management Systems (AIMS) under ISO/IEC 42001, professional auditing, and workforce development programs.

Contact details
  • General enquiries: info@2strength.in
  • Privacy and data protection: privacy@2strength.in
  • Legal matters: legal@2strength.in
  • Website: 2strength.in

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us at privacy@2strength.in. We aim to respond to all privacy-related enquiries within 5 business days.

We collect personal data in the following categories depending on how you interact with us:

CategoryData collectedSource
Account dataFull name, email address, password (hashed), country, job title, organization nameProvided by you at registration
Payment dataBilling name, address, invoice details. Card/payment data is processed by our payment provider and not stored by Veloraa.Provided by you at checkout
Learning dataCourse enrollment, progress, completion status, assessment scores, certificates issuedGenerated by your use of our platform
Communication dataEmails, support tickets, enquiry forms, survey responses, live session chat logsProvided by you when contacting us
Usage and technical dataIP address, browser type, device information, pages visited, session duration, referring URLAutomatically collected via cookies and analytics
Corporate / consulting dataOrganization's AI system details, process documentation, gap analysis findings shared during AIMS or ISO consulting engagementsProvided by the corporate client during service delivery
Marketing dataEmail preferences, newsletter subscriptions, event attendance, campaign interactionProvided by you or inferred from usage

We do not intentionally collect sensitive personal data (such as health, biometric, or political information) and ask that you do not submit such data through our Platform.

We process personal data only where we have a lawful basis for doing so. The table below sets out our purposes and corresponding legal bases:

PurposeLegal basis
Creating and managing your accountContract performance
Delivering enrolled courses, programs, and consulting servicesContract performance
Processing payments and issuing invoicesContract performance / legal obligation
Issuing and verifying certificates and credentialsContract performance / legitimate interest
Providing customer support and responding to enquiriesLegitimate interest / contract performance
Sending transactional communications (enrollment confirmations, course updates)Contract performance
Sending marketing communications and newslettersConsent (opt-in) / legitimate interest where permitted
Improving our platform, content, and user experienceLegitimate interest
Analytics and platform performance monitoringLegitimate interest
Complying with legal and regulatory obligationsLegal obligation
Fraud prevention and platform securityLegitimate interest / legal obligation

Where we rely on consent as our legal basis, you may withdraw that consent at any time by contacting us at privacy@2strength.in or using the unsubscribe link in any marketing email.

Veloraa uses cookies and similar tracking technologies to operate and improve our Platform. Cookies are small text files stored on your device that help us recognize you, remember your preferences, and understand how you use our site.

Types of cookies we use
TypePurposeConsent required
EssentialAuthentication, session management, security. Required for the Platform to function.No — strictly necessary
FunctionalRemembering your preferences, language, and settings across sessions.Yes
AnalyticsUnderstanding how visitors use our site (e.g. Google Analytics, Hotjar). Data is aggregated and anonymized where possible.Yes
MarketingTracking engagement with our campaigns and enabling targeted advertising on third-party platforms.Yes

You can manage your cookie preferences through the cookie consent banner on our website, or by adjusting your browser settings. Note that disabling certain cookies may affect your ability to use some features of the Platform.

For detailed information about the specific cookies we use and how to opt out, please see our Cookie Policy at 2strength.in/cookies.

Veloraa does not sell your personal data. We share your data only in the following circumstances:

Service providers and processors

We share data with trusted third-party vendors who help us operate our Platform and deliver our services. These include payment processors, cloud hosting providers, video and LMS platform providers, email delivery services, and analytics tools. All processors are contractually bound to handle data in accordance with our instructions and applicable data protection law.

Certification and accreditation bodies

Where your program is delivered in partnership with an external certification body (such as PECB, Exemplar Global, or others), we will share relevant enrollment and assessment data with that body for the purpose of credential issuance and verification. You will be informed of this sharing at the point of enrollment.

Corporate clients

Where you access Veloraa Services through your employer or a corporate training arrangement, your learning progress, completion status, and assessment results may be shared with your organization as the contracting party. The scope of this sharing will be defined in the corporate service agreement.

Legal and regulatory requirements

We may disclose your personal data if required to do so by law, court order, or regulatory authority, or where we believe disclosure is necessary to protect the rights, property, or safety of Veloraa, our users, or others.

Business transfers

In the event of a merger, acquisition, or sale of all or part of Veloraa's business, personal data may be transferred to the acquiring entity. We will notify affected users before any such transfer takes effect.

As a global organization serving learners and organizations in 50+ countries, Veloraa may transfer personal data across international borders. Where data is transferred from the European Economic Area (EEA), the United Kingdom, or other jurisdictions with data transfer restrictions, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions recognizing the destination country's data protection standards
  • Binding Corporate Rules or equivalent mechanisms where applicable

You may request information about the specific safeguards applied to transfers of your data by contacting privacy@2strength.in.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our general retention guidelines are:

Data typeRetention period
Account and profile dataDuration of account + 3 years after last activity
Learning records and certificates7 years (to support credential verification)
Payment and billing records7 years (legal / tax obligation)
Support and communication records3 years from last interaction
Marketing consent recordsUntil consent is withdrawn + 2 years
Analytics and usage data26 months (anonymized after 90 days where possible)
Consulting / AIMS engagement dataAs specified in the service agreement, typically 5 years

When data is no longer required, it is securely deleted or anonymized in accordance with our data destruction procedures.

Depending on your location, you may have the following rights regarding your personal data. We honor these rights for all users globally, not only those in jurisdictions where they are legally mandated.

Right to access

Request a copy of the personal data we hold about you.

Right to rectification

Ask us to correct inaccurate or incomplete data.

Right to erasure

Request deletion of your data where there is no legal basis for continued processing.

Right to restrict processing

Ask us to limit how we use your data in certain circumstances.

Right to data portability

Receive your data in a structured, machine-readable format.

Right to object

Object to processing based on legitimate interest, including direct marketing.

Rights re: automated decisions

Not to be subject to solely automated decisions that significantly affect you.

Right to withdraw consent

Withdraw consent for any processing where consent is the legal basis, at any time.

To exercise any of these rights, contact us at privacy@2strength.in with your full name, email address, and a description of your request. We will respond within 30 days. We may need to verify your identity before processing your request. There is no charge for exercising your rights, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority (for example, the ICO in the UK, or your EU supervisory authority under GDPR).

Veloraa implements appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • TLS/SSL encryption for all data transmitted between your browser and our Platform
  • Encryption of data at rest for sensitive personal and payment information
  • Access controls ensuring staff access personal data on a need-to-know basis
  • Regular security assessments and vulnerability testing of our Platform
  • Secure password hashing — we never store plaintext passwords
  • Third-party payment processing via PCI-DSS compliant providers — Veloraa does not store card data
  • Staff training on data protection and information security practices

No system is entirely immune to security risks. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant supervisory authorities in accordance with applicable law, without undue delay and no later than 72 hours where required.

Children's privacy

The Veloraa Platform is intended for users who are 18 years of age or older. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected such data, we will delete it promptly. If you believe a minor has provided us with personal data, please contact privacy@2strength.in immediately.

AI and AIMS consulting data

When Veloraa delivers ISO/IEC 42001 or AIMS consulting services, we may receive information about your organization's AI systems, data processes, and internal operations. This information is processed solely for the purpose of delivering the contracted service and is treated with strict confidentiality. It is not used for Veloraa's own marketing, research, or training purposes without your explicit consent. Applicable terms are governed by the signed service agreement and any Data Processing Agreement in place.

Third-party links

Our Platform may contain links to third-party websites, including certification body portals and partner platforms. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

Changes to this policy

Veloraa may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes by email or by posting a prominent notice on our website at least 14 days before the changes take effect. The "last updated" date at the top of this policy reflects when it was most recently revised. Your continued use of the Platform after the effective date of any update constitutes your acceptance of the revised policy.