Privacy Policy.

veloflux Studio (“veloflux”, “we”, “us”, “our”) builds premium websites for coaches and consultants. This Privacy Policy explains how we handle personal information when you visit velofluxstudio.com (and our demo sites at demo1–demo3.velofluxstudio.com), get in touch with us, or become a client.

This policy covers visitors and clients from the markets we serve — the United Kingdom, United States, Canada, Australia, and New Zealand — and, because veloflux is based in the Czech Republic (EU), visitors in the European Union / EEA. Country-specific rights are in Section 09.

Questions, or want to exercise your privacy rights? Email [email protected].

We keep data collection to a minimum. We only collect:

a. Information you give us directly

• Contact form: your name, email address, and the message you write (“your question”).
• Booking a call: when you book an onboarding call, our scheduling provider (Cal.com) collects your name, email address, your chosen time, and anything else you add to the booking.
• If you become a client: the billing details we need to issue your invoice (such as your billing name and address) and the information and account access we need to build and deliver your website.

b. Information collected automatically

• Basic technical data: when you load the site, our hosting and security provider (Cloudflare) processes limited technical data such as your IP address, browser type, and the time of your request — to deliver the site and protect it from abuse.
• Privacy-friendly analytics: we use Cloudflare Web Analytics — a cookieless, privacy-first tool — to understand in aggregate how the site is used (such as page views and where visitors arrive from). It sets no cookies, doesn’t track you across other websites, and builds no advertising or behavioural profile of you.
• We do not use tracking pixels, advertising cookies, or cross-site behavioural profiling, and we don’t build individual profiles about you.

We don’t collect sensitive/special-category data, and we ask that you don’t send it through the contact form.

We use your information only to:

• respond to your enquiry and communicate with you;
• schedule and hold your onboarding call;
• provide, maintain, and secure our website and services;
• understand, in aggregate, how visitors use our website so we can improve it;
• deliver your website, process your payment, and issue your invoice;
• provide the support and maintenance you request (for example, over WhatsApp);
• keep records of our communications and transactions; and
• comply with our legal obligations.

We do not sell your personal information, and we do not use it for advertising.

Legal bases (UK and EU/EEA visitors). Where UK or EU GDPR applies, we rely on your consent (when you submit the contact form or book a call), our contract with you (to deliver the service you buy), our legitimate interests (responding to you, securing the site, running our business), and legal obligation (where the law requires us to keep records, such as invoices). You can withdraw consent at any time — see Section 09.

We use as few cookies as possible, and no advertising cookies (our analytics is cookieless). The only cookies that may be set are:

• Strictly necessary: a security/performance cookie from Cloudflare to keep the site running and protected.
• Booking embed: when you click a booking button, the Cal.com scheduler opens and may set cookies needed for booking to work. These load only after you choose to open the scheduler.

Because our analytics is cookieless and we run no marketing cookies, there’s nothing non-essential to consent to from our own tools. You can block or delete cookies any time in your browser settings (blocking the booking cookies may stop the scheduler from working).

We don’t sell or rent your data. We share it only with the service providers that help us run the site and deliver our service, and only so they can perform that service for us:

• Web3forms — delivers contact-form submissions to our inbox (name, email, message).
• Google (Gmail) — the inbox where your messages and our emails to you arrive (name, email, message, correspondence).
• Cal.com — scheduling of onboarding calls (name, email, booking details).
• Cloudflare — website hosting, content delivery, security, and privacy-friendly analytics (IP address, technical request data, aggregate usage data).
• Wise — processing your payment, for clients (name, email, payment details).
• Fakturoid — issuing your invoice and maintaining our tax/accounting records, for clients (billing name, address, email, invoice details).
• WhatsApp — support and maintenance messages, for clients (phone number, message content).

We may also disclose information if required by law, or to protect our rights, safety, or property.

We serve clients across the UK, EU/EEA, US, Canada, Australia, and New Zealand, and some of our providers (above) process data on servers outside your home country, including in the United States and the European Union. Where personal data is transferred internationally, we rely on those providers’ own safeguards and standard contractual protections. By contacting us or booking a call, you understand your information may be processed in these locations.

We keep enquiry and booking information for as long as needed to respond to you, provide our services, and keep reasonable business records — then we delete or anonymise it. Invoices and related tax/accounting records are kept for the period required by law. You can ask us to delete your information at any time (Section 09), and we’ll do so unless the law requires us to keep it (for example, invoicing records).

We take reasonable technical and organisational measures to protect your information, including using reputable providers and limiting access. No internet transmission is 100% secure, but we work to protect your data — and we keep our exposure low by collecting so little of it.

Exercise any right below by emailing [email protected]. We’ll respond within the time your local law requires, we may need to verify your identity first, and we won’t discriminate against you for asking.

Depending on where you live, you may have the right to: access the information we hold about you · correct it · delete it · object to or restrict how we use it · withdraw consent · and receive a copy in a portable format.

• United Kingdom (UK GDPR & PECR). You have all the rights above. Unhappy with how we’ve handled your data? You can complain to the Information Commissioner’s Office (ICO) at ico.org.uk.
• European Union / EEA (EU GDPR). You have all the rights above — access, correction, deletion, objection, restriction, withdrawing consent, and data portability — plus the right to complain to a supervisory authority. As we’re established in the Czech Republic, our lead authority is the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů, ÚOOÚ) at uoou.gov.cz; you may also contact the authority in your own EU/EEA country.
• United States (California CCPA/CPRA & similar state laws). You have the right to know what we collect, to access, delete, and correct it, and to opt out of the “sale” or “sharing” of personal information. We do not sell or share your personal information, and have not done so. The categories we collect are identifiers (name, email, IP address), the contents of any message you send, aggregate internet and usage activity, and — for clients — billing and transaction information. You may use an authorised agent, and we won’t discriminate against you for exercising these rights.
• Canada (PIPEDA). You have the right to access and correct your information and to withdraw consent. Concerns can go to the Office of the Privacy Commissioner of Canada at priv.gc.ca.
• Australia (Privacy Act 1988 / Australian Privacy Principles). You have the right to access and correct your information. Complaints can go to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
• New Zealand (Privacy Act 2020). You have the right to access and correct your information. Complaints can go to the Office of the Privacy Commissioner at privacy.org.nz.

Our website and services are intended for business owners and are not directed to children. We don’t knowingly collect personal information from children. If you believe a child has provided us information, contact us and we’ll delete it.

We may update this Privacy Policy from time to time. When we do, we’ll change the “last updated” date above. Because we maintain this policy ourselves, we review it whenever our tools, data practices, or the law change.

veloflux Studio · Email: [email protected]. A real person reads every message.