What We Receive and When

Information arrives at different moments throughout your relationship with us. When you first register with Velcord, we ask for identification fundamentals: your name, email address, and country of residence. This occurs before any investment activity begins.

As you move deeper into our services—submitting investment preferences, adjusting portfolio settings, or reaching out through support channels—additional details emerge. Transaction history builds naturally from your actions. Communication records develop when you contact our team. Device fingerprints get captured through standard web protocols whenever you access your dashboard.

Financial verification happens when regulatory requirements demand it. Depending on your jurisdiction and investment volume, we may request government-issued identification documents, proof of address, or source-of-funds documentation. This intake occurs only when legally mandated, not as a standard procedure for every client.

Why Each Element Matters

Every piece of information we request serves a defined function. Nothing gets collected "just in case" or for undefined future purposes.

Investment preferences—risk tolerance, time horizons, sector interests—directly shape the portfolio recommendations and asset allocation strategies we present. Support conversations create records that prevent repeated explanations and enable continuity when different team members assist you over time.

How Information Moves Internally and Externally

Within Velcord, access follows a principle of operational necessity. Not everyone sees everything. Our investment advisors view portfolio data and preferences. Customer support personnel access communication history and account status. Technical staff monitor system logs and security events. Finance teams handle transaction records and payment processing. Each group reaches only what they require to perform their specific function.

These external entities operate under contractual restrictions. They cannot repurpose your information, cannot combine it with data from other sources, and must delete it when our business relationship ends. We select partners based partly on their own privacy practices and security certifications.

Legal demands occasionally force disclosure. Court orders, regulatory investigations, or law enforcement requests backed by proper legal authority may compel us to provide specific records. When this occurs, we verify the legitimacy of the demand and narrow the scope to only what the legal instrument requires.

Protection Measures and Remaining Risks

Security at Velcord combines technical controls, procedural discipline, and architectural choices designed to reduce exposure. We encrypt data both during transmission and while stored in databases. Access credentials undergo hashing with cryptographic algorithms that prevent reverse computation. Network traffic passes through monitored firewalls. System logs capture access attempts and administrative actions for audit review.

Employee access requires multi-factor authentication and gets reviewed quarterly. We maintain separate development, testing, and production environments to prevent accidental data exposure during software updates. Regular vulnerability scans and penetration tests identify weaknesses before attackers can exploit them.

You bear responsibility for protecting your own credentials. Weak passwords, credential sharing, or accessing your account from compromised devices creates risks outside our control. We recommend unique passwords, password manager usage, and avoiding public computers for financial activities.

Your Control Options

Canadian residents—and in certain cases, residents of other jurisdictions—possess specific rights regarding their information. You can request to view what we hold about you. You can ask us to correct inaccuracies. You can demand deletion of your records, subject to legal retention requirements that may prevent immediate removal. You can object to certain processing activities or request that we restrict handling to specific purposes only.

Marketing communications can be stopped at any time through the unsubscribe mechanism in each message or by contacting support directly. Operational messages—account notifications, security alerts, regulatory disclosures—cannot be opted out of while you maintain an active account.

If you believe we've mishandled your information, you can file a complaint with the Office of the Privacy Commissioner of Canada. Contact details for that office can be found on their official government website. We commit to working with regulatory authorities to resolve any concerns.

Legal Foundation and Jurisdiction

Velcord operates under Canadian federal privacy legislation and Ontario provincial securities law. Our processing relies on several legal bases depending on the activity: contractual necessity for service delivery, legal obligation for regulatory compliance, legitimate interest for fraud prevention and system security, and explicit consent for marketing communications.

We do not specifically target European Union residents, but if you access our services from the EU, certain GDPR protections may apply. Cross-border data transfers outside Canada occur only with partners maintaining adequate safeguards through standard contractual clauses or equivalent mechanisms.

Changes to this privacy statement occur when legal requirements shift, business practices evolve, or new services launch. Material revisions trigger email notification to active account holders thirty days before taking effect. Continued use of Velcord services after that period constitutes acceptance of the updated terms.