Velicoo
WholesaleFeaturesPricingIntegrationsCustomers
Sign inTalk to sales

Legal

Data Processing Agreement

Last updated: 2026-05-07

Velicoo offers a standard Data Processing Agreement (DPA) under GDPR Article 28 to every merchant on the platform. The DPA covers Velicoo as data processor, with the merchant as data controller.

What it covers

  • Subject matter, duration, nature and purpose of processing.
  • Categories of personal data and data subjects.
  • Subprocessor list (Vercel, Fly.io, Resend, Stripe) and the approval flow for adding new ones.
  • EU Standard Contractual Clauses (SCCs) for any transfer outside the EU/EEA.
  • Security measures (TLS 1.3, AES-256, scoped access, audit logs).
  • Breach notification within 72 hours.
  • Audit rights and reasonable cooperation with data-subject requests.

How to get a copy

DPA is signed automatically on the Custom tier and available on request for all other plans. Email hello@velicoo.com with the subject "DPA" — we send the current version the same working day, ready for counter-signature.

Need redlines?

On Custom we accept redlines and negotiate the DPA against your own template. Smaller plans use the standard DPA — one document, no per-customer variations, so it stays auditable.

Velicoo

Commerce infrastructure for European wholesale. Built in Stockholm; running on tenants across the EU.

© 2026 Velicoo

Platform

  • Wholesale
  • Features
  • Integrations
  • Pricing

Resources

  • Migrating from another platform
  • Developers & API
  • Customers

Company

  • About
  • Contact
  • Book a demo

Data hosted in the EU · GDPR-native · DPA on file with all customers

TermsPrivacyDPA