Security overview
This page expands on the summary shown on the homepage. It describes how Velzio is designed to handle data, not a completed audit or certification.
Deployment model
A signed installer runs on each employee device (Windows MSI, macOS PKG), typically pushed through your existing MDM. It is not a background agent or kernel-level tool; it runs as a standard signed application.
Authentication
Admins sign in through your connected Microsoft Entra ID tenant, or another supported identity provider. The employee client uses the employee's existing device session to identify which steps apply to them.
Data minimization
Targeting and completion reporting are built around identifiers (user, group and tenant IDs) from your directory, not names, emails, or file and message content. Admin accounts and workspace settings are stored because your team needs them to manage rollouts and see who has completed what.
Customer isolation
Velzio is built around tenant-scoped workspaces: each customer's rollouts, targeting rules and completion data are associated with that customer's workspace and are not exposed to other customers.
Audit-friendly history
Admin actions such as publishing a rollout, changing settings, or editing access are recorded in an activity log inside the portal, viewable from Settings.
Backups
Workspace data is backed up as part of our hosting provider's standard infrastructure practices. Formal backup and recovery SLAs are not yet published.
Hosting
Hosted on Microsoft Azure in the West Europe region. See the sub-processors page for the vendors involved.
Reporting a vulnerability
If you believe you've found a security issue, contact hello@velzio.io. We do not yet operate a formal bug bounty program.