Veloraa Privacy Policy — how we collect, use, and protect your personal data
What we collect
Account, payment, learning, and usage data
Why we collect it
To deliver, improve, and personalize our services
Who we share with
Only trusted partners and where law requires
Your rights
Access, correct, delete, and port your data
Data controller: Veloraa ("we", "us", "our") is the data controller for personal data collected through 2strength.in and our associated platforms. By using our website, enrolling in our programs, or engaging with our consulting services, you agree to the collection and use of your personal data as described in this Privacy Policy. Where Veloraa processes data on behalf of a corporate client, we act as a data processor under a separate Data Processing Agreement.
Veloraa is a global training, consulting, and certification solutions provider operating at 2strength.in. We specialize in ISO management systems, Artificial Intelligence Management Systems (AIMS) under ISO/IEC 42001, professional auditing, and workforce development programs.
- General enquiries: info@2strength.in
- Privacy and data protection: privacy@2strength.in
- Legal matters: legal@2strength.in
- Website: 2strength.in
If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us at privacy@2strength.in. We aim to respond to all privacy-related enquiries within 5 business days.
We collect personal data in the following categories depending on how you interact with us:
| Category | Data collected | Source |
|---|---|---|
| Account data | Full name, email address, password (hashed), country, job title, organization name | Provided by you at registration |
| Payment data | Billing name, address, invoice details. Card/payment data is processed by our payment provider and not stored by Veloraa. | Provided by you at checkout |
| Learning data | Course enrollment, progress, completion status, assessment scores, certificates issued | Generated by your use of our platform |
| Communication data | Emails, support tickets, enquiry forms, survey responses, live session chat logs | Provided by you when contacting us |
| Usage and technical data | IP address, browser type, device information, pages visited, session duration, referring URL | Automatically collected via cookies and analytics |
| Corporate / consulting data | Organization's AI system details, process documentation, gap analysis findings shared during AIMS or ISO consulting engagements | Provided by the corporate client during service delivery |
| Marketing data | Email preferences, newsletter subscriptions, event attendance, campaign interaction | Provided by you or inferred from usage |
We do not intentionally collect sensitive personal data (such as health, biometric, or political information) and ask that you do not submit such data through our Platform.
We process personal data only where we have a lawful basis for doing so. The table below sets out our purposes and corresponding legal bases:
| Purpose | Legal basis |
|---|---|
| Creating and managing your account | Contract performance |
| Delivering enrolled courses, programs, and consulting services | Contract performance |
| Processing payments and issuing invoices | Contract performance / legal obligation |
| Issuing and verifying certificates and credentials | Contract performance / legitimate interest |
| Providing customer support and responding to enquiries | Legitimate interest / contract performance |
| Sending transactional communications (enrollment confirmations, course updates) | Contract performance |
| Sending marketing communications and newsletters | Consent (opt-in) / legitimate interest where permitted |
| Improving our platform, content, and user experience | Legitimate interest |
| Analytics and platform performance monitoring | Legitimate interest |
| Complying with legal and regulatory obligations | Legal obligation |
| Fraud prevention and platform security | Legitimate interest / legal obligation |
Where we rely on consent as our legal basis, you may withdraw that consent at any time by contacting us at privacy@2strength.in or using the unsubscribe link in any marketing email.
Veloraa uses cookies and similar tracking technologies to operate and improve our Platform. Cookies are small text files stored on your device that help us recognize you, remember your preferences, and understand how you use our site.
| Type | Purpose | Consent required |
|---|---|---|
| Essential | Authentication, session management, security. Required for the Platform to function. | No — strictly necessary |
| Functional | Remembering your preferences, language, and settings across sessions. | Yes |
| Analytics | Understanding how visitors use our site (e.g. Google Analytics, Hotjar). Data is aggregated and anonymized where possible. | Yes |
| Marketing | Tracking engagement with our campaigns and enabling targeted advertising on third-party platforms. | Yes |
You can manage your cookie preferences through the cookie consent banner on our website, or by adjusting your browser settings. Note that disabling certain cookies may affect your ability to use some features of the Platform.
For detailed information about the specific cookies we use and how to opt out, please see our Cookie Policy at 2strength.in/cookies.
Veloraa does not sell your personal data. We share your data only in the following circumstances:
We share data with trusted third-party vendors who help us operate our Platform and deliver our services. These include payment processors, cloud hosting providers, video and LMS platform providers, email delivery services, and analytics tools. All processors are contractually bound to handle data in accordance with our instructions and applicable data protection law.
Where your program is delivered in partnership with an external certification body (such as PECB, Exemplar Global, or others), we will share relevant enrollment and assessment data with that body for the purpose of credential issuance and verification. You will be informed of this sharing at the point of enrollment.
Where you access Veloraa Services through your employer or a corporate training arrangement, your learning progress, completion status, and assessment results may be shared with your organization as the contracting party. The scope of this sharing will be defined in the corporate service agreement.
We may disclose your personal data if required to do so by law, court order, or regulatory authority, or where we believe disclosure is necessary to protect the rights, property, or safety of Veloraa, our users, or others.
In the event of a merger, acquisition, or sale of all or part of Veloraa's business, personal data may be transferred to the acquiring entity. We will notify affected users before any such transfer takes effect.
As a global organization serving learners and organizations in 50+ countries, Veloraa may transfer personal data across international borders. Where data is transferred from the European Economic Area (EEA), the United Kingdom, or other jurisdictions with data transfer restrictions, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions recognizing the destination country's data protection standards
- Binding Corporate Rules or equivalent mechanisms where applicable
You may request information about the specific safeguards applied to transfers of your data by contacting privacy@2strength.in.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our general retention guidelines are:
| Data type | Retention period |
|---|---|
| Account and profile data | Duration of account + 3 years after last activity |
| Learning records and certificates | 7 years (to support credential verification) |
| Payment and billing records | 7 years (legal / tax obligation) |
| Support and communication records | 3 years from last interaction |
| Marketing consent records | Until consent is withdrawn + 2 years |
| Analytics and usage data | 26 months (anonymized after 90 days where possible) |
| Consulting / AIMS engagement data | As specified in the service agreement, typically 5 years |
When data is no longer required, it is securely deleted or anonymized in accordance with our data destruction procedures.
Depending on your location, you may have the following rights regarding your personal data. We honor these rights for all users globally, not only those in jurisdictions where they are legally mandated.
Right to access
Request a copy of the personal data we hold about you.
Right to rectification
Ask us to correct inaccurate or incomplete data.
Right to erasure
Request deletion of your data where there is no legal basis for continued processing.
Right to restrict processing
Ask us to limit how we use your data in certain circumstances.
Right to data portability
Receive your data in a structured, machine-readable format.
Right to object
Object to processing based on legitimate interest, including direct marketing.
Rights re: automated decisions
Not to be subject to solely automated decisions that significantly affect you.
Right to withdraw consent
Withdraw consent for any processing where consent is the legal basis, at any time.
To exercise any of these rights, contact us at privacy@2strength.in with your full name, email address, and a description of your request. We will respond within 30 days. We may need to verify your identity before processing your request. There is no charge for exercising your rights, though we may charge a reasonable fee for manifestly unfounded or excessive requests.
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority (for example, the ICO in the UK, or your EU supervisory authority under GDPR).
Veloraa implements appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:
- TLS/SSL encryption for all data transmitted between your browser and our Platform
- Encryption of data at rest for sensitive personal and payment information
- Access controls ensuring staff access personal data on a need-to-know basis
- Regular security assessments and vulnerability testing of our Platform
- Secure password hashing — we never store plaintext passwords
- Third-party payment processing via PCI-DSS compliant providers — Veloraa does not store card data
- Staff training on data protection and information security practices
No system is entirely immune to security risks. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant supervisory authorities in accordance with applicable law, without undue delay and no later than 72 hours where required.
The Veloraa Platform is intended for users who are 18 years of age or older. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected such data, we will delete it promptly. If you believe a minor has provided us with personal data, please contact privacy@2strength.in immediately.
When Veloraa delivers ISO/IEC 42001 or AIMS consulting services, we may receive information about your organization's AI systems, data processes, and internal operations. This information is processed solely for the purpose of delivering the contracted service and is treated with strict confidentiality. It is not used for Veloraa's own marketing, research, or training purposes without your explicit consent. Applicable terms are governed by the signed service agreement and any Data Processing Agreement in place.
Our Platform may contain links to third-party websites, including certification body portals and partner platforms. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.
Veloraa may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes by email or by posting a prominent notice on our website at least 14 days before the changes take effect. The "last updated" date at the top of this policy reflects when it was most recently revised. Your continued use of the Platform after the effective date of any update constitutes your acceptance of the revised policy.