At VAI.me ("we," "our," or "us"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.
Personal Information: When you create an account, we collect your name, email address, company information, and contact details.
Profile Information: For agency profiles, we collect business registration details, portfolio items, team member information, and service descriptions.
Usage Data: We automatically collect information about how you use our platform, including pages visited, features used, and interaction patterns.
Communication Data: We store messages sent through our platform, review submissions, and customer support communications.
Technical Data: We collect IP addresses, device information, browser types, operating systems, referring URLs, and other technical identifiers for security, analytics, and optimization purposes.
Payment Information: When you make payments, our payment processor (Stripe) collects payment card details, billing address, and transaction information. We do not store full credit card numbers on our servers.
Service Provision: To provide and maintain our platform services, including agency verification and matching.
Account Management: To create and manage your account, process registrations, and provide customer support.
Communication: To send you important updates, security alerts, and marketing communications (with your consent).
Improvement: To analyze platform usage and improve our services, features, and user experience.
Security: To detect fraud, prevent abuse, and maintain the security of our platform and users.
Legal Compliance: To comply with applicable laws, regulations, and legal processes.
Public Profiles: Agency profile information is publicly displayed to help businesses find suitable partners.
Service Providers: We share data with trusted third-party service providers who help us operate our platform.
Business Transfers: In the event of a merger, acquisition, or sale, user information may be transferred as part of the business assets.
Legal Requirements: We may disclose information when required by law, court order, or to protect our rights and safety.
Consent: We may share information with your explicit consent for specific purposes not covered in this policy.
Encryption: We use industry-standard encryption to protect data in transit and at rest.
Access Controls: We implement strict access controls and authentication measures for our systems.
Regular Audits: We conduct regular security audits and vulnerability assessments.
Employee Training: Our team receives regular training on data protection and security best practices.
Incident Response: We have procedures in place to detect, respond to, and recover from security incidents.
Access: You have the right to access and review your personal information.
Correction: You can request corrections to inaccurate or incomplete information.
Deletion: You may request deletion of your personal information, subject to legal and contractual obligations.
Portability: You can request a copy of your data in a machine-readable format.
Objection: You can object to certain processing activities, including marketing communications.
Withdrawal: You can withdraw consent for data processing activities that require consent.
Essential Cookies: We use cookies necessary for platform functionality, authentication, and security.
Analytics Events: We record pseudonymous events as you move through the funnel (homepage view, agency profile view, signup started, signup completed, claim attempted, organization created, service request submitted, subscription started). These events use a randomly-generated anon_id stored in a first-party cookie and localStorage with a one-year expiry, so we can stitch pre-signup and post-signup activity for the same browser. The anon_id is not linked to any third-party identifier.
Google Analytics: We use Google Analytics to collect and analyze information about how visitors use our website, including pages visited, time spent on pages, traffic sources, and user demographics. This data helps us improve our services.
reCAPTCHA: We use Google reCAPTCHA Enterprise to protect our platform from spam and abuse. reCAPTCHA collects hardware and software information, such as device and application data, and sends it to Google for analysis.
Marketing Cookies: With your consent, we use cookies for personalized marketing and advertising.
Third-Party Cookies: Our service providers (including Google and Stripe) may set their own cookies to provide their services.
Cookie Management: You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality.
Active Account Data: Retained while your account is active.
Closed Account Data: Deleted within 30 days of a verified closure request.
Billing & Tax Records: Retained for 7 years to meet legal and tax compliance obligations.
Server Access Logs: Retained for 30 days, then purged.
Email Send Logs: Retained for 90 days for deliverability triage.
Database Backups: Daily snapshots retained for 30 days.
Funnel & Analytics Events: Retained for 12 months in raw form, then aggregated.
Legal Hold: Any of the above may be retained longer when required for legal proceedings or compliance. See vai.me/trust for the operational details.
Stripe (Payments): All subscription billing and payment processing flows through Stripe. Card details are collected and stored by Stripe directly under their Privacy Policy at https://stripe.com/privacy.
Postal (Email Delivery): All transactional and lifecycle email is sent via a self-hosted Postal instance on EU infrastructure. Recipient email, name, and message content are processed for delivery.
Cloudflare (DNS / Edge): Cloudflare provides DNS, DDoS mitigation, and edge caching. They process IP addresses and request metadata across their global edge network. See https://www.cloudflare.com/privacypolicy/.
Hetzner / DigitalOcean (Hosting): Application code, the primary database, and object storage are hosted on EU-based cloud infrastructure (Germany primary). See https://www.hetzner.com/legal/privacy-policy.
Google reCAPTCHA Enterprise: Bot and abuse detection on login, registration, and contact forms. Collects device fingerprint, IP address, and interaction signals. Subject to Google's Privacy Policy at https://policies.google.com/privacy.
Google Analytics: Aggregate usage analytics. Pseudonymous visitor IDs, page views, and referrer data. Subject to Google's Privacy Policy.
Trust Page Reference: A live, plainly-worded list with purpose, data shared, and region for each subprocessor is maintained at vai.me/trust. We will notify customers of material changes at least 30 days before adding a new subprocessor that handles personal data.
Global Operations: We operate globally and may transfer data across international borders.
Adequacy Decisions: We rely on adequacy decisions from relevant data protection authorities where available.
Standard Contractual Clauses: We use standard contractual clauses for transfers to countries without adequacy decisions.
Safeguards: We implement appropriate safeguards to protect data during international transfers.
Local Laws: We comply with local data protection laws in jurisdictions where we operate.
Contact our Data Protection Officer
Stay informed about changes
We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements.
We will notify you of significant changes by:
We're committed to transparency and protecting your personal information. If you have any questions about our privacy practices, don't hesitate to reach out.