VeloDB Acceptable Use Policy

Effective Date: June 1, 2026

Last Updated: June 15, 2026

This is the canonical VeloDB Acceptable Use Policy. Any summary, package copy, or reference page should point to this version rather than maintain a separate AUP body. Customer-specific exceptions must be stated in the applicable Agreement, Order Form, or signed written exception.

This Acceptable Use Policy ("AUP") applies to Customer's and Authorized Users' use of VeloDB products and services, including VeloDB Cloud, SaaS warehouses, BYOC Services, support services, APIs, consoles, trials, previews, beta features, Documentation, and any related service components made available by VeloDB (collectively, the "Services"). Capitalized terms not defined here have the meanings given in the VeloDB General Terms and Conditions (the "Agreement"). In the event of a conflict between this AUP and the Agreement, the Agreement controls unless the Agreement or an applicable Order Form expressly states otherwise.

This AUP is intended to protect the Services, Customer environments, VeloDB, other customers, cloud providers, and third parties while allowing customers to run legitimate analytics, operational, testing, and evaluation workloads. Customer is responsible for its Authorized Users, Affiliates, contractors, service accounts, credentials, applications, integrations, and other activity under Customer's accounts.

1. Permitted Responsible Use

Customer may use the Services for Customer's internal business purposes in accordance with the Agreement, the applicable Order Form, Documentation, usage limits, and applicable shared-responsibility requirements. The following activities are generally permitted when performed in a reasonable, non-disruptive manner and within the applicable Service functionality and limits:

• normal data warehouse, analytics, administration, backup, export, monitoring, and operational workflows;
• use of published APIs, drivers, connectors, command-line tools, integrations, and Documentation as intended;
• non-public evaluation, testing, and benchmarking of generally available Services;
• collection, export, and review of Customer Data, Customer-controlled logs, and customer-available audit or activity records through supported Service features;
• submission of reasonably necessary logs, diagnostics, screenshots, configuration information, reproduction steps, and support materials for support, security, troubleshooting, or incident-response purposes; and
• internal compliance, procurement, security, and architecture review of the Services.

If Customer is unsure whether a planned activity is permitted, Customer should contact VeloDB through the applicable support channel or the contact listed in Section 9 before beginning that activity.

2. Prohibited Uses

Customer and Authorized Users will not use the Services, or permit any third party to use the Services, to:

1. violate applicable laws or rights, including privacy, data protection, export control, sanctions, anti-corruption, anti-money laundering, intellectual property, publicity, confidentiality, or consumer protection laws or third-party rights;
2. access the Services from, provide access to, or make the Services available for the benefit of any person or entity that is prohibited by applicable sanctions, export control, or similar laws;
3. process, store, transmit, or make available malicious code, malware, phishing content, credential-harvesting content, botnets, spam, or other materials designed to disrupt, damage, compromise, or obtain unauthorized access to systems, data, networks, accounts, or credentials;
4. gain or attempt to gain unauthorized access to VeloDB systems, the Services, other customers' environments, Customer Cloud Environments not authorized for the applicable account, cloud providers, third-party systems, accounts, credentials, networks, or data;
5. bypass, disable, interfere with, or probe authentication, authorization, access controls, rate limits, usage limits, license restrictions, security controls, metering, billing, logging, audit, entitlement, or isolation mechanisms;
6. interfere with, degrade, overload, disrupt, or unfairly consume the Services, VeloDB-controlled systems, other customers' use of the Services, cloud provider resources, or networks connected to the Services, including through denial-of-service activity, abusive automation, cryptocurrency mining, resource-hoarding workloads, or workloads designed primarily to consume resources outside agreed limits;
7. conduct vulnerability scans, penetration tests, exploit testing, denial-of-service tests, stress tests, load tests, scraping, probing, or other security or resilience testing except as expressly permitted under Section 4 or approved in writing by VeloDB;
8. use undocumented, unsupported, or unauthorized APIs, automated user-interface interactions, scraping tools, crawlers, bots, credential-sharing workflows, or bulk extraction methods, except where the activity uses documented interfaces as intended and does not violate this AUP, the Agreement, or Documentation;
9. scrape, harvest, export, persist, republish, or use Service metadata, audit records, credentials, tokens, keys, configuration data, query records, diagnostic records, support records, telemetry, Usage Data, operational records, or other service-generated information in a way that is not needed for Customer's authorized use, support, security, compliance, or administration of the Services;
10. submit, process, or expose protected health information, payment card data, children's data, biometric data, consumer health data, government identifiers, classified information, export-controlled data, data subject to the International Traffic in Arms Regulations, or other data subject to specialized legal regimes (collectively, "Restricted Data," as further defined in the Agreement) unless VeloDB has confirmed in writing that the applicable Services configuration supports the use case and the parties have executed any required additional terms;
11. use the Services for fraud, deception, unlawful surveillance, harassment, abuse, threats, exploitation, discrimination, human-rights violations, or activity that could reasonably cause unlawful harm to individuals, organizations, infrastructure, or property;
12. use the Services for child sexual abuse material, exploitation or endangerment of minors, human trafficking, terrorism, violent extremism, or other unlawful exploitation or abuse;
13. use the Services for life-support systems, weapons systems, emergency response systems, critical infrastructure control, high-risk artificial-intelligence or automated decisioning systems for which the Services' output is the direct and primary control mechanism for the high-risk decision, or other high-risk activities where failure or misuse could reasonably be expected to result in death, personal injury, rights violations, or severe physical, environmental, or property damage, unless VeloDB expressly approves the use case in writing;
14. reverse engineer, decompile, attempt to derive source code from, copy, modify, or create derivative works of the Services except to the extent expressly permitted by applicable law or by an applicable open-source license;
15. use the Services, Documentation, outputs, performance information, system behavior, non-public information, or VeloDB Confidential Information to develop, train, improve, or provide a product or service that competes with, substitutes for, or is materially similar to the Services, except as expressly permitted by law, by an applicable open-source license, or by written approval from VeloDB; this restriction does not limit any rights Customer holds in independently obtained open-source software under the terms of its applicable open-source license;
16. remove, obscure, or alter proprietary notices, attribution, product identifiers, usage metering, watermarking, security notices, or legal notices in the Services;
17. misrepresent Customer's identity, account status, authority, affiliation, use case, security posture, benchmark results, or relationship with VeloDB; or
18. encourage, enable, assist, or permit any third party to do any of the above.

3. Data, Logs, and Support Materials

Customer is responsible for Customer Data and for determining whether the Services are appropriate for Customer's intended data, workload, region, configuration, and compliance requirements. Customer should avoid placing Restricted Data or unnecessary sensitive information in query text, object names, logs, alert payloads, tickets, screenshots, diagnostic bundles, profiles, support attachments, remote-support sessions, or other materials submitted to or generated through the Services unless VeloDB has approved that use case in writing.

Customer may use supported features to access, export, retain, or analyze Customer Data and customer-available operational records for legitimate administration, security, compliance, backup, migration, and support purposes. This AUP does not restrict Customer's ordinary use of supported export, backup, audit, monitoring, or logging features. However, Customer may not use those features to bypass access controls, extract credentials or secrets, reconstruct non-public VeloDB systems, harvest service metadata unrelated to Customer's authorized use, or expose information about other customers, VeloDB-controlled systems, or third-party systems.

4. Security Testing

Customer may test Customer-controlled applications, configurations, networks, and cloud resources that do not target, affect, or interact with VeloDB-controlled systems or other customers. Customer must obtain VeloDB's prior written approval before performing any security testing that targets or may affect the Services, VeloDB-controlled systems, VeloDB-managed support paths, BYOC Control Plane components, VeloDB-created cloud resources, other customers, or cloud provider shared infrastructure.

Requests for approved security testing should describe the scope, timing, methods, source IPs, accounts, target resources, expected traffic levels, emergency contacts, and safeguards. VeloDB may deny, condition, pause, or stop testing if VeloDB reasonably believes the testing may create security, legal, operational, service-integrity, customer-impact, cloud-provider, or compliance risk.

For security testing that VeloDB has authorized under this Section 4 and that Customer performs in good faith and within the approved scope, VeloDB will treat the activity as authorized access, will not pursue legal action against Customer or its authorized testers under computer-misuse, anti-hacking, or similar laws in connection with that authorized testing, and will work with Customer in good faith if testing inadvertently affects systems or data outside the approved scope, provided Customer promptly reports and ceases the out-of-scope activity.

Customer will not publicly disclose suspected vulnerabilities, security findings, exploit details, test results, or non-public security information relating to the Services without coordinating with VeloDB and allowing a reasonable opportunity (and at least 90 days from Customer's report unless the parties agree otherwise in writing) to investigate and remediate, except where disclosure is required by law.

5. Benchmarking and Public Comparisons

Customer may conduct internal, non-public benchmarks, evaluations, and comparative tests of generally available Services within the applicable usage limits and Documentation. Customer may publish benchmark results or comparative performance claims only if:

• the results are based on generally available Services and not on trials, previews, beta features, early-access features, private roadmap features, or non-public configurations unless VeloDB approves in writing;
• the publication does not disclose VeloDB Confidential Information, security-sensitive information, non-public service behavior, non-public pricing, non-public roadmap information, or information about other customers;
• the publication includes enough information about the methodology, workload, data set, configuration, Service version or release, region, deployment model, and measurement method to allow reasonable replication;
• the publication is not misleading, deceptive, disparaging, or presented as endorsed by VeloDB unless VeloDB has approved that endorsement in writing; and
• the testing did not violate the Agreement, this AUP, Documentation, usage limits, security-testing requirements, or any cloud provider or third-party terms.

If providing the replication information described above would require disclosing information VeloDB reasonably considers non-public, Customer should contact VeloDB before publishing to agree on the level of detail that may be published; VeloDB will not unreasonably withhold or delay that cooperation.

VeloDB may request that Customer correct, qualify, remove, or provide replication information for published benchmark or comparative claims that VeloDB reasonably believes are inaccurate, misleading, non-reproducible, security-sensitive, or inconsistent with this AUP. VeloDB may also publish or provide its own responsive benchmark information.

6. BYOC and Customer-Controlled Environments

For BYOC Services or other customer-managed deployment models, Customer is responsible for the Customer Cloud Environment and Customer-controlled resources, including cloud accounts, regions, identities, roles, policies, keys, secrets, networks, endpoints, storage, logs, backups, monitoring, integrations, and cloud provider costs. The Agreement, any applicable BYOC Addendum, Order Form, and Documentation describe the shared-responsibility model for the applicable BYOC Services, including Customer-controlled resources and VeloDB-controlled service components.

Customer will not modify, revoke, delete, disable, rotate, restrict, or otherwise change required VeloDB-created or VeloDB-used resources, permissions, keys, credentials, endpoints, agents, policies, network paths, service accounts, roles, managed identities, trust relationships, or configurations in a way that materially impairs the Services or creates security, legal, operational, service-integrity, availability, or support risk, except as permitted by Documentation, an Order Form, a BYOC Addendum, written VeloDB guidance, or an approved offboarding process.

Customer may revoke VeloDB BYOC access during offboarding or under an approved security process, but Customer remains responsible for coordinating timing, preserving required data and evidence, and understanding that revocation or deletion of customer-controlled roles, keys, endpoints, storage, buckets, logs, backups, networks, service accounts, managed identities, trust relationships, or VeloDB-created resources may make BYOC Services unavailable or unrecoverable.

Customer will not use the Customer Cloud Environment, customer-managed logs, customer-managed keys, customer-managed networks, customer applications, customer integrations, or customer cloud provider features to bypass Service controls, interfere with VeloDB-controlled components, extract unauthorized service information, disrupt support or security workflows, or affect other customers or third parties.

7. Third-Party Services and Optional AI Features

The Services may interoperate with cloud providers, marketplaces, identity providers, data sources, data destinations, notification channels, monitoring tools, support tools, optional AI-assisted features, model providers, and other third-party services. Customer is responsible for third-party services and customer-configured destinations that Customer selects, enables, or controls, except to the extent VeloDB expressly assumes responsibility in the Agreement or an Order Form.

If VeloDB makes AI-assisted features, model integrations, or third-party model services available, Customer will comply with any additional terms, use policies, documentation, notices, or technical limits identified by VeloDB or the applicable provider. Customer will not use such features or outputs to create or improve a competing or substitutive service, to violate third-party model provider policies, or to process Restricted Data unless VeloDB has approved the use case in writing and required additional terms are in place.

8. Investigation and Enforcement

VeloDB may investigate suspected violations of this AUP. VeloDB may request information reasonably needed to investigate or remediate a suspected violation, including account information, configuration details, logs, source IPs, workload details, cloud provider information, support materials, and remediation steps.

Customer will promptly notify VeloDB through the applicable support channel or the contacts in Section 9 if Customer becomes aware of any actual or suspected violation of this AUP, or any compromise or unauthorized use of credentials or accounts, involving Customer's use of the Services.

If VeloDB reasonably believes that Customer's use violates this AUP or may create security, legal, operational, service-integrity, customer-impact, cloud-provider, or third-party risk, VeloDB may take one or more of the following actions:

• notify Customer and request remediation;
• require Customer to stop, modify, disable, remove, isolate, or remediate the affected use, workload, account, integration, configuration, data, content, or access path;
• throttle, rate-limit, block, disable, quarantine, remove, or restrict the affected use, workload, account, integration, API, support channel, data, content, or Service component;
• suspend access to the affected Services, accounts, clusters, warehouses, BYOC Services, Control Plane functions, support channels, or service components;
• terminate the affected Services or Agreement if permitted under the Agreement;
• report unlawful activity or comply with law, court orders, government requests, cloud provider requirements, or third-party legal requirements; and
• pursue other rights or remedies available under the Agreement, an Order Form, or applicable law.

Where reasonable under the circumstances, VeloDB will try to provide notice and an opportunity to remediate before taking restrictive action. VeloDB may take immediate action without prior notice where reasonably necessary to address urgent security, legal, operational, service-integrity, customer-impact, cloud-provider, or third-party risk. VeloDB will use commercially reasonable efforts to limit restrictive action to the affected Services and restore access when the issue is resolved. Suspension or restriction under this AUP does not relieve Customer of payment obligations unless the Agreement, Order Form, or applicable law provides otherwise.

VeloDB has no obligation to monitor Customer Data or Customer's use of the Services, but VeloDB may use available technical, operational, support, security, billing, and abuse-prevention signals to operate, secure, support, protect, and enforce the Services in accordance with the Agreement.

9. Updates and Contact

VeloDB may update this AUP from time to time. Each published version will identify an effective date or last updated date. Where practical, VeloDB will provide reasonable notice of material changes through the Services, Documentation, legal center, support channel, customer-success channel, or other appropriate means. Updates are subject to the versioning and active Order Form protections in the Agreement.

Questions about this AUP or suspected abuse reports may be sent through the applicable VeloDB support channel or to support@velodb.io. Requests for security testing approval and reports of suspected vulnerabilities may be sent to security@velodb.io. Privacy questions may be sent to privacy@velodb.io. Customer-specific notices should be sent according to the applicable Order Form or Agreement.