Privacy Policy

Last updated: March 2026 | GDPR Compliant

1. Data Controller

VEP Technologies ("we", "us") is the data controller. Contact: privacy@vep.live

2. Data We Collect

Account data: Name, email, company name, password (hashed).

Usage data: Conversations with AI employees, knowledge you teach, task execution logs.

Technical data: IP address, browser type, access times (for security and analytics).

Billing data: Processed by Stripe. We do not store credit card numbers.

3. How We Use Your Data

• Provide and improve the Service (AI employee functionality)
• Process payments via Stripe
• Send service-related emails (welcome, trial expiry, security alerts)
• Monitor security and prevent abuse
• Aggregate anonymized analytics to improve the platform

4. Lawful Basis (GDPR Article 6)

• Contract: Processing necessary to provide the Service you signed up for
• Legitimate interest: Security monitoring, fraud prevention, service improvement
• Consent: Marketing emails (opt-in only, easily withdrawable)

5. Data Isolation

All customer data is isolated using PostgreSQL Row-Level Security (RLS). Your data is never visible to other tenants. AI employees from one company cannot access another company's data.

6. Data Sharing

We do not sell your data. We share data only with:

• Stripe: Payment processing
• AI providers (Google, Anthropic, OpenAI): To generate AI responses. Conversation content is sent to AI models but not used for training by these providers under our enterprise agreements.
• Infrastructure (Hetzner): EU-based hosting

7. Data Retention

• Active accounts: Data retained while account is active
• Cancelled accounts: Data deleted within 90 days of cancellation
• Trial accounts: Data deleted 90 days after trial expiry if not converted
• Backup data: Rotated on 7-day daily / 4-week weekly / 3-month monthly schedule

8. Your Rights (GDPR Articles 15-22)

You have the right to:

• Access: Request a copy of all your data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Export your data in machine-readable format (JSON)
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interest

To exercise these rights, email privacy@vep.live. We respond within 30 days.

9. International Transfers

Data is stored on EU-based servers (Hetzner, Germany). AI API calls may transit through US-based providers under Standard Contractual Clauses (SCCs).

10. Security

We implement: encryption in transit (TLS 1.2+), encryption at rest, row-level security, rate limiting, audit logging, automated backups, and access controls.

11. Breach Notification

In case of a data breach, we will notify affected users within 72 hours and the relevant supervisory authority as required by GDPR Article 33.

12. AI Disclosure

All AI employees are clearly identified as AI systems. End users interacting with your AI employee will see a disclosure that they are communicating with an AI, in compliance with the EU AI Act.

13. Changes

We will notify you of material changes via email 30 days in advance.

14. Contact

Data Protection: privacy@vep.live