Built for regulated aerospace work.

Velorum runs on EU-region cloud infrastructure. Project data is stored using Supabase, hosted on AWS in the EU region. Each customer's data is isolated at the database level through row-level security, so authenticated users can only access data belonging to their own projects and teams.

• Hosting: AWS EU region via Supabase managed Postgres
• Encryption: at rest (AWS-managed AES-256) and in transit (TLS 1.2+)
• Isolation: row-level security with tenant-scoped data access
• Backups: automated daily backups retained per infrastructure provider policy
• Uptime target: 99.5% during the pilot phase

VAESIR LABS is registered in the Netherlands. Project data resides in the EU by default. Our infrastructure providers (AWS, Supabase, Vercel, Resend) all operate in the EU region for VAESIR-served traffic.

• Company registration: Netherlands
• Data residency: EU, with no cross-region replication outside the EU
• Applicable law: Dutch law and EU GDPR
• Supervisory authority: Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl)

Your project content belongs to you. Velorum does not share, sell, or use your engineering content for any purpose other than providing the service you have signed up for.

• Zero-training policy: your project content is never used to train any model, ours or any third party's
• Retention: project data retained while your account is active; deleted or anonymised within 30 days of account termination
• Export: full project data export available on request at any time, in standard formats
• Access: only you and team members you explicitly grant access to can view your projects
• Sub-processors: a current list is available on request

Velorum is offered primarily as a shared-tenancy cloud service during the pilot programme. Additional deployment options are available or on the roadmap for customers with specific regulated-industry requirements.

• Shared tenancy — default for all pilot and commercial tiers, hosted on VAESIR-managed EU infrastructure
• Dedicated tenancy — Enterprise tier, isolated database per customer
• Private cloud — roadmap, Enterprise tier; VAESIR-deployed on your AWS account

VAESIR LABS operates under EU GDPR today. Certifications are on the roadmap and will be earned and documented as the company matures.

• GDPR: compliant. Data Processing Agreement available on request.
• ISO 27001: on the roadmap. Timeline disclosed during qualification conversations.
• SOC 2: on the roadmap, following ISO 27001.
• Underlying infrastructure: AWS and Supabase hold ISO 27001, SOC 2 Type II, and additional certifications applicable to their managed services.

The following documents are available to prospective customers during qualification or to active customers at any time. Contact us to request any of them.

• Data Processing Agreement (DPA)
• Security questionnaire response — standard procurement Q&A
• Architecture and data-flow diagram — how data moves through the system
• Incident response plan summary
• Sub-processor list
• Privacy impact assessment template — for programmes that require one before vendor approval

Security questions: security@vaesir.com

Privacy and data-subject requests: privacy@vaesir.com

We aim to respond to security and privacy enquiries within two business days.