Skip to content
velzio Back to velzio.io
Draft. This overview describes our intended architecture. It is not a certification and is not final.
Resources · draft

Security overview

This page expands on the summary shown on the homepage. It describes how Velzio is designed to handle data, not a completed audit or certification.

Deployment model

A signed installer runs on each employee device (Windows MSI, macOS PKG), typically pushed through your existing MDM. It is not a background agent or kernel-level tool; it runs as a standard signed application.

Authentication

Admins sign in through your connected Microsoft Entra ID tenant, or another supported identity provider. The employee client uses the employee's existing device session to identify which steps apply to them.

Data minimization

Targeting and completion reporting are built around identifiers (user, group and tenant IDs) from your directory, not names, emails, or file and message content. Admin accounts and workspace settings are stored because your team needs them to manage rollouts and see who has completed what.

Customer isolation

Velzio is built around tenant-scoped workspaces: each customer's rollouts, targeting rules and completion data are associated with that customer's workspace and are not exposed to other customers.

Audit-friendly history

Admin actions such as publishing a rollout, changing settings, or editing access are recorded in an activity log inside the portal, viewable from Settings.

Backups

Workspace data is backed up as part of our hosting provider's standard infrastructure practices. Formal backup and recovery SLAs are not yet published.

Hosting

Hosted on Microsoft Azure in the West Europe region. See the sub-processors page for the vendors involved.

Reporting a vulnerability

If you believe you've found a security issue, contact hello@velzio.io. We do not yet operate a formal bug bounty program.

Velzio does not currently hold ISO, SOC 2 or other third-party certifications. This page will be updated if that changes.