We are committed to safeguarding your personal information.
Effective Date: 28 June 2026
Operated by EQ-AI Bridge Advisory LLC (operating as Velocity Labs)
Licence No. 2539564.01 | Sharjah Media City, Sharjah, United Arab Emirates
----------------------------------------------------------------------------------------------------------------------
We are committed to safeguarding personal data and to being transparent about how we handle it.
This Privacy Policy explains how EQ-AI Bridge Advisory LLC, operating as Velocity Labs (“Velocity Labs”, “we”, “our”, or “us”), collects, uses, shares, and protects personal data in connection with the Velocity Labs platform and services. It should be read together with the Velocity Labs Terms & Conditions. By using our services, or by connecting any account or system to our platform, you acknowledge the practices described in this Policy.
Velocity Labs is a commerce, marketing, and automation platform for small and medium-sized businesses. The platform connects to a business Client’s POS, eCommerce, messaging, and social media systems to help that Client re-engage its existing customers and grow revenue.
We handle personal data in two distinct capacities, and the protections in this Policy differ accordingly. This distinction follows the UAE Personal Data Protection Law, Federal Decree-Law No. 45 of 2021, and its implementing regulations as in force from time to time (the “PDPL”).
As a Controller. For personal data about our business Clients and their authorised users, such as the people who register, log in, and manage a Velocity Labs account, we decide how and why the data is processed. We are the Controller of this data, and Sections 2 to 9 describe how we handle it.
As a Processor. For personal data about a Client’s own customers and contacts, which we access through connected POS, eCommerce, messaging, or social media systems, the Client decides how and why the data is processed. The Client is the Controller and we act as Processor on the Client’s instructions. We process this data only to deliver the services the Client has asked us to perform. If you are an end customer of one of our Clients and have questions about your data, please contact that business directly, as it controls the data; we will support the business in responding to your request.
When a business registers for and uses Velocity Labs, we collect:
Registration and contact data: business name, the names and roles of authorised users, business email addresses, and phone numbers.
Authentication data: login identifiers and public profile information used to identify and authenticate the user granting access.
Billing data: information needed to invoice and process payment for paid services. Card payment details are handled by our payment providers and are not stored by us.
Usage and technical data: information about how the platform is used, device and log data, and support communications.
Where a Client connects a POS or eCommerce system, which may include Foodics, Lightspeed, Salla, Zid, Shopify, WooCommerce, Wix, and others, we access and process the data made available through that integration in order to deliver the services. This may include the Client’s customer records and contact details, such as names, phone numbers, and email addresses, and order, purchase, and transaction history. We process this data as a Processor on the Client’s instructions, to identify re-engagement opportunities and to help the Client deliver relevant offers to its existing customers.
Where a Client uses the AI WhatsApp Agent, the agent is configured to reflect the Client’s brand and tone of voice and operates within Meta’s messaging framework. To generate replies, the agent processes the content of WhatsApp conversations between the Client’s business and its customers, including message text and supported media, and the associated phone numbers, on a transient basis. Conversation data processed by the agent is retained only for a rolling 24-hour period from the last message in a conversation and is automatically deleted thereafter, as described in Section 5. We do not build or maintain a standalone customer database from WhatsApp conversations. Our personnel have limited administrative and monitoring access for quality assurance, troubleshooting, and support only, and do not otherwise access or use conversation content. We process this data as a Processor on the Client’s instructions, and WhatsApp messaging is also governed by Meta’s own terms and policies.
Where a Client connects social media accounts, which may include Facebook, Instagram, X, LinkedIn, and TikTok, we collect, with the Client’s authorisation:
Account content and activity: posts, content, comments, and direct messages on the connected accounts, to the extent needed to publish, schedule, and respond as instructed.
Analytics and insights: performance data, post-level insights, engagement metrics, and audience analytics used to report on and optimise the service.
Public account information: public details about the connected accounts, such as account name, public profile URL, and profile picture.
We use the information we collect to operate, maintain, secure, and improve the Velocity Labs services. In particular:
Service delivery: to re-engage a Client’s existing customers, generate and publish content, schedule and send messages and posts, respond to comments and messages where configured, and run campaigns, all as instructed by the Client.
Performance and reporting: to generate reports for the Client, measure campaign performance, and improve the effectiveness of the Client’s strategy.
Account and support: to manage accounts, provide customer support, troubleshoot, and communicate service updates.
Security and compliance: to protect the platform and our Clients, prevent fraud and abuse, and meet legal and regulatory obligations.
We will never sell personal data to third parties.
We use third-party AI tools to deliver parts of the services. We do not input a Client’s confidential business data, end-customer personal data, or sensitive commercial information into any third-party AI platform on terms that allow that platform to use the data to train or improve its models, without the Client’s prior written consent. We use AI providers on terms that prohibit such training, or otherwise restrict use of the data to delivery of the agreed services. We do not use Client or end-customer data to train our own models for any purpose beyond delivering the agreed services.
Where we act as Controller, we process personal data on the bases permitted by the PDPL, which include the performance of our contract with the Client, our legitimate interests in operating and securing the platform, compliance with legal obligations, and consent where required. Where we act as Processor, the lawful basis for processing end-customer data is determined by the Client as Controller, and the Client is responsible for ensuring a valid basis exists, including any required opt-in for marketing.
We share data only as needed to provide the services or where legally required:
With the Client: data, reports, and performance insights are shared with the Client as the core output of the service.
With service providers and sub-processors: we engage third parties for hosting, data storage, communications, AI processing, and analytics. They are bound by confidentiality and may use the data only to perform services on our behalf.
With connected platforms: to operate the services, data is exchanged with the platforms a Client chooses to connect, such as Meta, POS providers, eCommerce providers, and social media platforms. These platforms act as independent controllers under their own terms and privacy policies.
For legal reasons: we may disclose information where we have a good-faith belief that it is necessary to comply with a law, legal process, or lawful request, to prevent fraud, or to protect the rights and safety of our users or the public.
A current list of the categories of sub-processors we use is available to Clients on request.
We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law.
WhatsApp chat data: retained for a rolling 24-hour period from the last message in a conversation, then automatically deleted. Clients are responsible for exporting any conversation data they wish to keep within that window.
Connected-account data: retained for the duration of the active service. When a Client terminates the relationship or revokes our access, we delete the associated content, activity, and analytics data within a reasonable timeframe, unless a legal obligation requires us to retain it longer.
Deletion requests: a Client may request deletion of its data at any time by contacting us. End customers should direct deletion requests to the relevant business, which controls the data.
Some of our service providers and connected platforms process data outside the United Arab Emirates. Where personal data is transferred outside the UAE, we take steps to ensure the transfer is subject to appropriate safeguards consistent with the PDPL. By using the services and connecting platforms that operate internationally, you acknowledge that data may be processed in other jurisdictions for the purpose of delivering the services.
We apply reasonable and industry-standard technical and organisational measures to protect personal data from unauthorised access, loss, and misuse, including secure communication protocols and internal security practices. No system can be completely secure, so we cannot guarantee the absolute security of data. We will notify affected Clients without undue delay after becoming aware of a personal data breach affecting data we process on their behalf, and will provide the information reasonably available to help them meet their own obligations.
Subject to the PDPL and any other applicable law, individuals have rights in relation to their personal data, which may include the right to access, correct, erase, or restrict processing of their data, to object to certain processing, to withdraw consent, and to data portability.
If you are a Client or authorised user, where we act as Controller, you may exercise these rights by contacting us using the details in Section 11.
If you are an end customer of one of our Clients, the Client controls your data and you should contact that business to exercise your rights. We will support the business in responding.
The services are intended for businesses and are not directed at children. We do not knowingly collect personal data of minors. Clients must not make the personal data of minors available to us except where lawful and expressly agreed in writing in advance.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy on this page and, where appropriate, through the service. Your continued use of the services after the changes take effect constitutes acceptance of the updated Policy.
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: john.robinson@eq-aibridge.com
Website: https://velocity-lab.ai/
Entity: EQ-AI Bridge Advisory LLC (operating as Velocity Labs)
Address: Sharjah Media City, Sharjah, United Arab Emirates
© 2026 EQ-AI Bridge Advisory LLC. All Rights Reserved.