Overview

Velaro V20 is built with security-first architecture. All data is encrypted in transit and at rest, access is role-based, and comprehensive audit logs record every administrative action.

Data Encryption

• In transit — all connections use TLS 1.2+ (HTTPS/WSS)
• At rest — database encryption using Azure SQL Transparent Data Encryption (TDE)
• API keys & secrets — stored in Azure Key Vault, never in application code

PII Message Scrubbing

Enable real-time PII scrubbing under Account Settings → Security → PII Scrubbing. When active, patterns like social security numbers, credit card numbers, phone numbers, and email addresses are automatically redacted from conversation transcripts before storage. Original data is never written to disk.

Role-Based Access Control

Velaro has four access levels:

• Agent — handle conversations, view own stats
• Supervisor — view all conversations, manage agents
• Administrator — full account configuration
• Velaro Superadmin — internal Velaro staff only, never used for customers

Audit Logs

The Activity Log (under Reports → Activity Log) records every admin action with timestamp, user, IP address, and device type. Includes login events, settings changes, bot edits, and agent actions. Retained for 90 days.

SecureForms — In-Chat Data Collection

Need to collect sensitive data (SSN, payment card numbers) in chat? Use SecureForms — data entered in a SecureForm is encrypted end-to-end and never exposed in the conversation transcript or agent view. Enable under Account Settings → Security → SecureForms.

SOC 2 & GDPR

Velaro's compliance roadmap is documented at help.velaro.com/compliance. Contact your account manager for the current SOC 2 report or DPA for GDPR compliance.