The work your company repeats every day, handled by Velros AI instead of people Get a free assessment →

Security & control

AI does the work.
A person holds the company's responsibility.

In customer service and operations, responsibility matters more than speed. The industry norm is to route anything that moves money, sends a message outside, or changes permissions or personal data through a human check. Velros AI builds that boundary to your company's rules from day one.

Always checked by a person

  • Money, payments, reconciliation
  • Contracts and quote approvals
  • Refunds and compensation
  • Bulk outside sends
  • Changes to personal data

Execution judgment

We don't handle everything the same way.

We split work three ways by how easy it is to undo and how clear the rule is. Easy work goes straight through, unclear work gets a check, risky work stops.

Run it now

Easy-to-undo repeat work with a clear rule, like drafting, organizing, and sending notices, runs on its own.

Delivery status updates · hours replies · receipt confirmations · organizing files

Approval queue

Work involving an amount, terms, or tone gets drafted, then handed to the person in charge for a check before it runs.

Refunds over $50 · discount exceptions · quote approvals · bulk review requests

Stop and hand off

Hard-to-undo or risky work isn't done automatically; it's handed straight to a person.

Deleting or changing personal data · complaints with legal language · contract termination

Why a human check comes first

The data already shows where automation breaks down when control comes later.

Velros AI's approval and logging principles aren't a preference; they follow privacy law and industry data.

A legal right

In the EU and UK, people have the right not to be subject to a solely automated decision and to get a human to step in (GDPR Art. 22). The US has no single federal equivalent, just a state patchwork. Putting an approval step on risky work respects that right.

GDPR Art. 22 (EU/UK)
40%+

Gartner projects that over 40% of agentic AI projects will be scrapped by the end of 2027 because of escalating costs, unclear business value, or inadequate risk controls. Bolt control on later and it's too late.

Gartner · 2025
68%

68% of corporate data breaches involved a non-malicious human element, a mistake or being tricked. For people and machines alike, running without a check is what causes incidents.

Verizon DBIR · 2024 · global
8%

In a Business.com survey, 8% of workers at U.S. companies with fewer than 250 employees preferred an AI-dominated approach. Most preferred a person holding the final call.

Business.com Small Business AI Outlook · 1,009 U.S. workers · 2026
Awaiting approval 09:14

Customer A · send a $50 refund notice

Over the amount threshold · first-time customer

Approve Request a change

Approval card

Laid out so a person can decide in three seconds.

Each approval holds only what the decision needs, so no one has to ask again.

  1. What it wants to do The action in one line. "Send Customer A a $50 refund notice."
  2. Why it decided that The source text and rule behind it, the customer message, order history, and the company rule applied.
  3. What's at stake The risk flags, over the amount threshold, first-time customer, chance of a negative review.
  4. The person's choice Approve, reject, request changes, or hand to the person in charge. What you pick becomes a candidate for the next rule.

Evidence log

Why it was handled that way, reviewable later exactly as it happened.

Every action leaves a record. If something goes wrong you can trace it back, and what went well becomes the next rule.

Time When it came in and when it was handled
Owner Whether AI drafted it and who approved it
What happened What it looked at and what it did
Rule applied Which company rule or exception it followed
Outcome Whether it ran, was held, or was rejected
Edits and reversals The wording staff changed and why

Isolation and permissions

Company information stays inside the company.

Per-company memory

Each client's tone, rules, and exceptions build up separately and are never mixed with another client's.

Role-based views

Staff see their own work; a person sees approvals and reports. Sensitive information shows only to those who need it.

Least-needed access

You don't hand over everything up front. Only what the first task needs, connected after the logging rules are set.

If you have an IT or security team

Principles are not evidence. This is what to ask for before you sign.

The public pages explain the approval, record, and per-company separation principles. A real security review has to check the values and the evidence below, against the work you are handing over and the systems it touches.

Data flow and the model boundary

What data goes where, and is it kept out of model training and out of any other company's processing?

Data-flow diagram · processing purpose · what the model provider may use

Access and accounts

What can your staff, Velros operators, and outside specialists each see, and how is access revoked?

Permission matrix · least-privilege rule · revocation procedure · audit-log fields

Retention, deletion, and return

How long are source messages, attachments, and handling records kept, and what is erased and returned on termination or on request?

Retention schedule · deletion and return procedure · how backups are covered

Subprocessors and integrations

Which data do outside providers actually process, from email and SMS to payments and AI models?

Subprocessor list · country and region · scope of your own accounts

Incidents and failure

When an integration fails, a message goes out wrongly, or data is exposed, who tells you, when, and how does it fall back to manual handling?

Alerting thresholds · escalation contacts · recovery and manual fallback · breach-notification criteria

Procurement and legal packet

In what form can you get the documents your security questionnaire and contract review need?

DPA · security questionnaire · SLA and support scope · contract and handover clauses

The security scope varies with the work, the integrations, and the contract. These are the items to confirm. They aren't a claim that any certification or security level is already in place.

Frequently asked questions

Does Velros AI message customers on its own?+

No. It separates easy-to-undo routine notices from risky outside sends. Any send involving money, contracts, refunds, or a complaint stays in the approval queue and goes out only after a person checks it.

Do I have to hand over everything my staff can see?+

No. You connect only what the first task needs, and for sensitive data you set the permissions and logging rules first. The scope widens as you hand off more.

Does our company's tone or rules get mixed with anyone else's?+

No. Operating memory is kept separate per client, so each company's rules and exceptions are managed on their own.

If something is handled wrong, can I find out why?+

Every handling, approval, and edit is recorded, so you can trace what it looked at and why, and feed that into the next rule.

What happens when the AI isn't sure?+

When confidence is low or risk is high, it doesn't run automatically; it hands off to a person. When it's unclear, stopping is the default.

Design this work the way your company does it.

Working from the channels and files you use today, we settle which work should be handled first, where a person has to approve, and which metric will show whether it worked.

Get an assessment