Privacy Policy
Last updated: March 8, 2026
Veldspark Labs is a trading name of GVD Holdings (HK) Limited (CR No. 78025335), registered at Unit 2A, 17/F, Glenealy Tower, No.1 Glenealy, Central, Hong Kong S.A.R. ("Company", "we", "us", "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit veldspark.com and use our products and services.
1. Information We Collect
We collect information that you provide directly to us, as well as information collected automatically: Information you provide: - Name, email address, and company name when you submit a contact form - Email address when you subscribe to our newsletter or join a product waitlist - Account credentials and profile information when you register for our products - Any other information you choose to provide in communications with us Information collected automatically: - Device and browser information (type, version, operating system) - IP address and approximate geographic location - Pages visited, time spent, and navigation patterns - Referring URL and search terms used to find our website - Cookies and similar tracking technologies (see Section 4)
2. How We Use Your Information
We use the information we collect for the following purposes: - To provide, maintain, and improve our products and services - To respond to your inquiries, requests, and provide customer support - To send you product updates, technical notices, and security alerts - To send marketing communications with your consent (you can opt out at any time) - To analyze usage patterns and improve user experience - To detect, prevent, and address fraud, abuse, or technical issues - To comply with legal obligations and enforce our Terms of Service - To protect the rights, property, and safety of our users and the public Direct Marketing: We will never send you unsolicited marketing communications without your explicit prior consent. You may withdraw consent at any time.
3. Legal Basis for Processing
We process your personal data on the following legal bases: - Consent: Where you have given clear consent (e.g., newsletter signup, marketing emails) - Contract: Where processing is necessary to perform a contract with you (e.g., providing our services) - Legitimate interest: Where processing is necessary for our legitimate business interests (e.g., analytics, security, fraud prevention), provided these interests do not override your rights - Legal obligation: Where processing is necessary to comply with applicable laws and regulations
4. Cookies and Tracking Technologies
We use the following types of cookies and tracking technologies: Essential cookies: Required for the website to function properly. These cannot be disabled. Analytics cookies: We use PostHog for product analytics to understand how visitors interact with our website. PostHog processes data in accordance with its privacy policy. You can opt out of analytics tracking through your browser's Do Not Track setting. No advertising cookies: We do not use advertising or retargeting cookies. We do not sell your data to advertisers. You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.
5. Third-Party Services and Data Sharing
We share your information with the following categories of third-party service providers, solely for the purposes described in this policy: - Hosting and infrastructure: Railway (application hosting), Vercel (CDN) - Email services: Resend (transactional emails and newsletters) - Analytics: PostHog (product analytics) - AI processing: Groq (AI chat functionality on our website) - Payment processing: Stripe (when applicable for paid products) These providers are contractually obligated to protect your data, process it only on our instructions, and comply with applicable data protection laws. We do not sell, rent, or trade your personal information to any third party. We may disclose your information if required by law, court order, or governmental authority.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected: - Contact form submissions: 2 years from last interaction - Newsletter subscriptions: Until you unsubscribe - Waitlist entries: Until the product launches or you request removal - Product account data: For the duration of your account, plus 30 days after deletion - Analytics data: 12 months (anonymized after this period) - Legal and compliance records: As required by applicable law You can request deletion of your data at any time by contacting us.
7. International Data Transfers
As we operate across multiple jurisdictions (Hong Kong, Netherlands, Thailand, United States), your personal data may be transferred to and processed in countries outside your country of residence. Where such transfers occur, we ensure appropriate safeguards are in place, including: - EU Standard Contractual Clauses (SCCs) for transfers from the EU/EEA - PCPD recommended Model Contractual Clauses for transfers from Hong Kong - Adequate protections as required under the Thailand PDPA for cross-border transfers - EU-US Data Privacy Framework adequacy decision where applicable These providers process data on our behalf under appropriate data processing agreements.
8. Your Data Rights
Depending on your location, you have the following rights regarding your personal data: All Jurisdictions (HK PDPO, GDPR, PDPA, CCPA): - Right to access your personal data - Right to correct inaccurate data - Right to request deletion / erasure - Right to withdraw consent at any time EU/EEA Residents (GDPR): - Right to restriction of processing - Right to data portability - Right to object to processing - Right not to be subject to automated decision-making - Right to lodge a complaint with a supervisory authority (e.g., Autoriteit Persoonsgegevens in the Netherlands) Thailand Residents (PDPA): - Right to data portability - Right to restrict processing - Right to object to processing - Right to lodge a complaint with the Personal Data Protection Committee (PDPC) California Residents (CCPA/CPRA): - Right to know what personal information is collected - Right to request deletion - Right to opt out of sale or sharing of personal information - Right to non-discrimination for exercising your rights We do not sell or share personal information as defined under the CCPA. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or within the timeframe required by applicable law).
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS/SSL), access controls, regular security assessments, and secure hosting infrastructure. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
10. Children's Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we may also notify you by email. Your continued use of our services after any changes indicates your acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at: GVD Holdings (HK) Limited (trading as Veldspark Labs) Unit 2A, 17/F, Glenealy Tower, No.1 Glenealy Central, Hong Kong S.A.R. Email: [email protected]