Home | Legal | Privacy Policy

Privacy Policy

Last Updated on: May 14, 2026

Velsera Inc. and its subsidiaries, including but not limited to Seven Bridges Genomics Inc., PierianDx, Inc. and UgenTec NV (collectively “Velsera,” “we,” “us,” or “our”) are committed to protecting the privacy of our website visitors and users. This Privacy Policy explains how we collect, use, share and protect the personal information you provide to us through our website and online properties that link to this Policy (the “Site”). It also describes your privacy rights and how to exercise them.

I. SCOPE

This Privacy Policy describes our practices for information collected through this Site. Processing of data performed on behalf of customers under agreements (e.g., Enterprise Agreements, DPAs, or SOWs – including any protected health information (“PHI”) processed under a Business Associate Agreement) is governed exclusively by those contracts and not this Privacy Policy.

II. COLLECTION OF PERSONAL INFORMATION

We collect the following personal information from you when you visit our Site or fill out a form.

A. Information you provide
Identifiers and contact details (name, email, phone, employer, role), account and authentication data, form submissions, support tickets, event registrations, feedback, and marketing preferences.

B. Information we collect automatically
Device and usage data (IP address, device identifiers, browser/OS, pages viewed, referring URLs), telemetry, and performance analytics. Where required by law, we obtain consent before using non-essential cookies or similar technologies.

C. Information from third parties
Business contact enrichment, channel partners/resellers, conference organizers, and public/professional sources – only where permitted and subject to your choices.

For personal information collected through the Site, Velsera Inc. acts as a data controller.

When Velsera processes personal data on behalf of customers under a contract (e.g., Enterprise Agreement, Master Service Agreement, Data Processing Addendum or Statement of Work), Velsera acts as a data processor and such processing is governed by those agreements. For protected health information, Velsera acts as a Business Associate under applicable Business Associate Agreement and HIPAA/HITECH.

III. LEGAL BASES (EEA/UK)

We process on the following legal bases: performance of a contract or steps at your request; legitimate interests in operating, securing, and improving the Site and communicating about Velsera offerings; consent where required; and compliance with legal obligations. Where we request personal information to enter into or perform a contract with you, provision of such information is necessary. If you choose not to provide it, we may be unable to provide the requested service. Where processing is based on consent, provision is voluntary and there is no legal or contractual requirement to provide the personal information.

IV. USE OF PERSONAL INFORMATION

We use personal information to:

  • Communicate with you and respond to inquiries.
  • Provide newsletters or promotional materials where legally permitted (and with consent where required).
  • Operate, analyze, secure, and improve the Site (including troubleshooting, usage analytics, and performance).
  • Personalize content and user experience on the Site.
  • Comply with legal and regulatory obligations and enforce our terms and policies.
  • Prevent fraud, abuse, and security incidents.

Velsera does not sell or share personal information, including for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA). If this practice changes in the future, we will update this Privacy Policy and provide all required notices and opt-out mechanisms in accordance with applicable law.

V. DISCLOSURE OF PERSONAL INFORMATION

We disclose personal information for the purposes described above to:

  • Service providers and processors (for example, cloud hosting, security, analytics, CRM, email delivery, event management, payment processing, and professional services) under written agreements that restrict their use of the information to our documented purposes and require appropriate security measures.
  • Affiliates within the Velsera group for the purposes set out in this Policy.
  • Enterprise customers about their authorized users and accounts (for example, administrative and billing matters).
  • Professional advisors, auditors, and insurers under duties of confidentiality.
  • Governmental, regulatory, or law enforcement authorities, courts, and private litigants, where required or permitted by law.
  • Third parties in connection with a corporate transaction, such as a merger, acquisition, financing, or sale of all or part of our business or assets; we will take reasonable steps to ensure that the recipient will honour this Policy or a successor policy with materially comparable protections.

VI. COOKIES AND OTHER TRACKING TECHNOLOGIES

We use cookies, pixels, tags, SDKs, and similar technologies to:

  • Enable core Site functions and security (strictly necessary cookies).
  • Remember choices (functional cookies).
  • Measure and improve performance and user experience (analytics/performance cookies).
  • Where applicable and permitted, support limited advertising or retargeting for Velsera products and services (not third-party cross-context behavioural advertising).

We use a cookie consent tool that allows users to manage their cookie preferences, including the ability to accept or reject non-essential cookies. In the EU and UK, this tool is designed to present users with choices regarding non-essential cookies, and is used to support applicable consent requirements.

Your Choices. You can manage cookies in your browser settings. Where required by law, we seek consent for non-essential cookies and provide users with options to manage their preferences. Disabling certain cookies may affect Site functionality.

VII. INTERNATIONAL DATA TRANSFERS

We operate globally, and your personal information may be transferred to, stored, or processed in jurisdictions outside your country of residence, including the United States, where data protection laws may differ.

Where required under applicable law, we implement appropriate safeguards to protect personal information transferred internationally, including the use of Standard Contractual Clauses approved by relevant authorities and, where applicable, transfer impact assessment, supplementary technical and organizational measures. You may contact us at privacy@velsera.com to obtain further information about such safeguards.

Where applicable, Velsera Inc. relies on its certification to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as a mechanism for transferring personal data from the European Union, the United Kingdom, and Switzerland to the United States.

VIII. DATA PRIVACY FRAMEWORK (DPF)

Velsera complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”), as set forth by the U.S. Department of Commerce. Velsera has certified to the U.S. Department of Commerce that it adheres to the Data Privacy Framework Principles (“DPF Principles”) with respect to the processing of personal data received from the European Union, the United Kingdom (and Gibraltar), and Switzerland in reliance on the DPF. To learn more about the Data Privacy Framework program, and to view our certification, please visit: https://www.dataprivacyframework.gov/

Scope of Commitment. Velsera commits to subject all personal data received from the EU, UK, and Switzerland in reliance on the applicable DPF to the DPF Principles.

Accountability for Onward Transfers. Velsera is responsible for the processing of personal data it receives under the DPF and subsequently transfers to third parties acting as agents on its behalf. Velsera complies with the DPF Principles for all onward transfers of personal data, including the onward transfer liability provisions.

Disclosure to Public Authorities. Velsera may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Inquiries and Complaints. In compliance with the DPF Principles, Velsera commits to resolve complaints about our collection or use of your personal information. Individuals in the EU, UK, and Switzerland with inquiries or complaints regarding our handling of personal data received in reliance on the DPF should first contact us at privacy@velsera.com. We will respond to complaints within forty-five (45) days of receipt.

Independent Recourse Mechanism. If a complaint cannot be resolved through Velsera’s internal processes, Velsera has committed to refer unresolved complaints to BBB National Programs, an independent, U.S.-based non-profit organization that provides dispute resolution services. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit the BBB National Programs Data Privacy Framework Services website at https://bbbprograms.org/programs/all-programs/dpf to file a complaint or obtain more information. These dispute resolution services are provided at no cost to you. (As part of this process, BBB National Programs enables individuals to escalate unresolved complaints after first contacting the company and waiting for a response within 45 days.)

Binding Arbitration. Under certain conditions, individuals may invoke binding arbitration to resolve complaints regarding Velsera’s compliance with the DPF Principles that have not been resolved by other means. This arbitration option is available only after other available dispute resolution mechanisms have been exhausted and is limited to specific claims under the DPF Principles.

Regulatory Oversight. Velsera is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Human Resources Data (if applicable). With respect to personal data received in the context of an employment relationship, Velsera commits to cooperate with and comply with the advice of the competent European data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable.

IX. SECURITY

We maintain appropriate administrative, technical, and physical safeguards designed to protect personal information against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. Measures include access controls, least-privilege principles, encryption in transit and at rest where appropriate, network and application security, logging and monitoring, vulnerability management, secure development practices, personnel training, and vendor oversight. No system can be completely secure; we cannot guarantee absolute security.

Coordinated Vulnerability Disclosure. If you believe you have discovered a security vulnerability, please notify us at security@velsera.com. To help us evaluate and respond, please provide following information, preferably in English, to expedite analysis, prioritization and remediation:

  • Detailed description of the vulnerability and steps to reproduce it along with screenshot, if any
  • Location of discovery (e.g. URL)
  • Potential impact of the exploitation
  • Your contact information, in case you offer voluntary support in the remediation process

X. DE-IDENTIFIED AND AGGREGATED DATA

We may create, use, and disclose de-identified and/or aggregated information for research, analytics, benchmarking, product development, security, and similar purposes. We will not attempt to re-identify data that we maintain in de-identified form and will require recipients to refrain from doing so.

XI. DATA RETENTION

We retain personal information only for as long as reasonably necessary to fulfil the purposes described in this Privacy Policy, including to comply with legal, regulatory, tax, accounting, or reporting obligations; to resolve disputes; and to enforce our agreements.

Where specific retention periods cannot be predetermined, we apply objective criteria to determine retention, including the nature and sensitivity of the information, the purposes for which it was collected, our relationship with you, potential risk of harm from unauthorized use or disclosure, and applicable legal requirements. When personal information is no longer required, it is securely deleted, anonymized, or de-identified.

XII. YOUR RIGHTS

You have certain rights with respect to your personal information. These include the right to access, correct, or delete your personal information, the right to object to the processing of your personal information, the right to data portability, right to restrict processing, and withdraw consent where applicable. To exercise these rights, please contact us by emailing dpo@velsera.com.

If you are located in the European Economic Area (EEA) or the United Kingdom (UK) and believe that our processing of your personal information infringes applicable data protection law, you have the right to lodge a complaint with the supervisory authority in your country of residence, place of work, or where the alleged infringement occurred. We encourage you to contact us first so that we may address your concerns directly to us. To exercise these rights, please contact us by emailing dpo@velsera.com.

Individuals whose personal data is covered by the Data Privacy Framework may also have rights under the DPF Principles, including the right to access, correct, or delete their personal data and to obtain recourse for violations of the DPF Principles.

XIII. CHILDREN’S PRIVACY

Our Site is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under the age of 13. If you believe a child has provided personal information to us in violation of this Policy, please contact privacy@velsera.com and we will take appropriate steps. In the EEA/UK, we do not knowingly collect personal data from children under the age of 16.

XIV. AUTOMATED DECISION-MAKING AND PROFILING

We do not use Site-collected personal information to make decisions that produce legal or similarly significant effects based solely on automated processing. If we introduce such processing, we will provide required notices, offer appropriate rights and safeguards, as per applicable laws.

XV. THIRD-PARTY LINKS AND SERVICES

The Site may contain links to third-party websites, applications, plugins, and services. We are not responsible for their privacy practices. We encourage you to review the privacy notices of those third parties before providing them with information.

XVI. CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. We may provide notice where required by law or where changes are material, to reflect changes in our practices, technologies, legal requirements, or other factors. Your continued use of the Site after such modifications will constitute your acceptance of the modified Privacy Policy.

XVII. CALIFORNIA NOTICE AT COLLECTION

Categories of Personal Information We Collect:

  • Identifiers (for example, name, business email, phone, IP address).
  • Internet or other electronic network activity information (for example, browsing history on the Site, usage data).
  • Professional or employment-related information (for example, employer, role).
  • In limited cases, sensitive personal information if you choose to provide it (for example, precise location through device settings). We do not use sensitive personal information to infer characteristics about you.

Purposes for Collection and Use:

  • Operate, maintain, secure, and improve the Site; monitor and prevent fraud and abuse.
  • Communicate with you and fulfill requests; provide events and trainings.
  • Perform analytics and personalize content; manage marketing (with consent where required).
  • Comply with legal obligations and enforce terms; protect rights and safety.

Sale/Sharing. We do not sell personal information and do not share personal information for cross-context behavioural advertising. If that changes, we will update this Notice and provide required opt-out mechanisms and respect universal opt-out signals.

Retention. We retain personal information only for as long as needed for the purposes disclosed above or as required by law, using the criteria described above.

Your California Rights. You have the right to know/access, correct, delete, and obtain a portable copy of your personal information; to opt out of sale/sharing; to limit the use and disclosure of sensitive personal information; and to be free from unlawful discrimination for exercising your rights. We recognize universal opt-out signals as applicable. To exercise rights, contact privacy@velsera.com.

XVIII. ADDITIONAL U.S. STATE PRIVACY RIGHTS

Depending on your state of residence, you may have rights under applicable U.S. state privacy laws, which may include the right to access, correct, delete, or obtain a copy of your personal information; to opt out of certain processing activities such as targeted advertising, sale of personal data, or profiling that produces legal or similarly significant effects; and to appeal our decision if we deny a request.

Where required by applicable law, we recognize and honour valid universal opt-out mechanisms. We will respond to and process such requests in accordance with the timelines and requirements prescribed by law.

XIX. CONTACT US

Velsera Inc.
145 Tremont Street Suite 201
Boston, MA 02111

If you have questions or concerns regarding this Privacy Policy or Velsera’s data protection practices, you may contact us using the appropriate channel below:

  • General legal or policy inquiries: legal@velsera.com
  • Privacy-related requests or questions (including exercising your privacy rights): privacy@velsera.com
  • Data protection escalation: if your privacy-related concern has not been satisfactorily addressed through the channels above, you may escalate the matter by contacting our data protection function at dpo@velsera.com.

We will review and respond to inquiries in accordance with applicable data protection laws.

When required by law or where changes are material, we will provide notice through the Site or by other appropriate means. The “Last Updated” date above indicates when this Privacy Policy was most recently revised.

By using our Site, you acknowledge that you have read and understood this Privacy Policy.