Privacy Policy

Last updated: January 19, 2025

1. Introduction

Vertos AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered automation platform for trade contractors.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies, please do not use our services.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, job title when you register
  • Business Data: Job schedules, customer information, invoices, and operational data you upload for automation
  • Communication Data: Messages, support tickets, and feedback you send us
  • Payment Information: Billing details processed by our payment provider (Stripe) - we do not store full card numbers

2.2 Information Collected Automatically

  • Usage Data: Features used, actions taken, time spent on platform
  • Device Information: Browser type, operating system, IP address
  • Cookies: Session cookies for authentication, preference cookies for settings
  • Log Data: Access times, pages viewed, error logs

2.3 AI Processing Data

Our AI systems process your business data to provide automation services. This includes:

  • Scheduling optimization and dispatch routing
  • Automated follow-up and communication workflows
  • Invoice generation and processing
  • Performance analytics and reporting

Important: Your data is never used to train our AI models without explicit consent. Your business data remains private and is only used to provide services to you. For details on how our AI systems work, see our AI Transparency Documentation.

3. How We Use Your Information

We use collected information for:

  • Service Delivery: Providing scheduling, dispatch, follow-up, and invoicing automation
  • Account Management: Managing your account, authentication, and preferences
  • Communication: Sending service updates, security alerts, and support responses
  • Improvement: Analyzing usage patterns to improve our platform (aggregated, anonymized)
  • Legal Compliance: Meeting regulatory obligations and responding to legal requests
  • Security: Detecting and preventing fraud, abuse, and security incidents

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

  • Service Providers: Cloud hosting (Vercel), authentication (Clerk), payment processing (Stripe), email (Resend) - all bound by data processing agreements
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with merger, acquisition, or asset sale (with notice)
  • With Consent: When you explicitly authorize sharing

5. Data Security

We implement industry-standard security measures:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Enterprise-grade hosting infrastructure
  • Regular security assessments
  • Role-based access controls
  • Multi-factor authentication support

6. Data Retention

We retain your data as follows:

  • Account Data: Duration of account plus 30 days after deletion request
  • Business Data: As required by regulations or until you request deletion
  • Usage Logs: 90 days for operational purposes
  • Backups: 30 days rolling retention

7. Your Rights (GDPR/CCPA)

Depending on your location, you may have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain processing activities
  • Withdraw Consent: Withdraw previously given consent
  • Non-Discrimination: Exercise rights without discriminatory treatment (CCPA)

To exercise these rights, contact us at privacy@vertosai.com or use the data management tools in your account settings.

8. Data Processing Locations

Your data is processed and stored in the following locations:

8.1 Primary Infrastructure

  • Application Hosting: Vercel (United States, US East region)
  • Database: Neon PostgreSQL (United States, AWS us-east-1)
  • Authentication: Clerk (United States)
  • Payment Processing: Stripe (United States)
  • Email Services: Resend (United States)

8.2 Content Delivery

Static content (images, CSS, JavaScript) is distributed globally via Vercel's edge network and cached at locations nearest to users for optimal performance. No personal data is stored in edge caches.

Enterprise Data Residency: Enterprise customers with specific data residency requirements can contact sales@vertosai.com to discuss regional deployment options. See our Data Residency Documentation for more details.

9. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914)
  • Data Processing Agreements with all sub-processors
  • Compliance with EU-US Data Privacy Framework where applicable
  • Transfer Impact Assessments as required post-Schrems II

9.1 Sub-processors

We engage third-party service providers (sub-processors) to help deliver our services. All sub-processors are bound by data protection obligations and are listed on our Sub-processors page. We notify customers of any changes to sub-processors at least 30 days in advance.

9.2 GDPR Compliance

For customers in the European Economic Area (EEA), we provide:

  • A Data Processing Agreement (DPA) compliant with GDPR Article 28
  • Standard Contractual Clauses for international transfers
  • Technical and organizational security measures
  • Data Subject rights procedures (access, rectification, erasure, portability)

10. Cookies and Tracking

We use the following types of cookies:

  • Essential: Required for authentication and core functionality
  • Functional: Remember your preferences and settings
  • Analytics: Understand how users interact with our platform (anonymized)

You can manage cookie preferences in your browser settings. Disabling essential cookies may affect platform functionality.

11. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately.

12. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or prominent notice on our platform. Continued use after changes constitutes acceptance.

13. Contact Us

For privacy-related inquiries:

For EU residents, you have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.

← Back to Home