Privacy Policy (General)

1. Introduction and Scope

Vitral AI, Inc. (“Vitral”) is committed to protecting the privacy and security of our users' personal information. This Privacy Policy explains how we collect, use, and protect the information you provide when using our services, including AI agents, LLMs, and file storage features among others. The services provided through our platform are designed to enhance your experience by using your data to deliver personalized and efficient solutions. This policy applies to all users, regardless of age, and covers all data processed through our platform.

2. Information We Collect

Vitral AI, Inc. may collect the following types of information from users of our platform:

Account Information: Personal details such as your name, email address, and profile/avatar image, necessary to create and manage your account.
Usage Data: Data related to your interaction with our platform, including pages visited, actions taken, and time spent on the platform. This information helps us understand how users engage with our services and allows us to improve the user experience.
Device and Browser Information: Information about your device and browser, such as IP address, device type, and browser type, to optimize the platform's performance and security.
Information You Provide: Any other information you choose to provide, such as project details, team member information, or content uploaded to the platform, to facilitate the services you use within Vitral.
Automated Data Collection: We use cookies solely for managing user sessions, ensuring a smooth and secure experience on our platform. These cookies are essential for the platform's operation, and opting out of them is not possible if you wish to use our services.
Potential Third-Party Data Collection: Although we currently do not collect data from third-party sources, in the event that this changes, we will update this policy to include specific details of any third-party data collection practices. Any such data will be treated with the same level of care and security as the data you provide directly.

3. Use of Information and Legal Basis for Processing

We use the information we collect for the following purposes:

Service Provision: To provide, operate, and improve our platform and services, ensuring that all features, including AI agents and LLMs, function smoothly and effectively.
Personalization: To personalize your experience on the platform, tailoring our features and offerings to meet your specific needs and preferences.
Communication: To communicate with you about your account, provide updates, respond to inquiries, and inform you about new features, services, or promotions that may be of interest to you.
Analysis and Improvement: To analyze usage patterns and trends to enhance the platform, making data-driven decisions that improve user experience and service quality.
Fraud Prevention: To detect, prevent, and respond to potential fraud, unauthorized activities, or other risks that could harm Vitral AI, Inc. or its users.
Legal Compliance: To comply with legal and regulatory requirements, including fulfilling our obligations under data protection laws such as the GDPR.
Offerings and Personalization: To offer a more personalized experience and targeted offerings, ensuring that the services and communications you receive are relevant to your interests and usage patterns.

Legal Basis for Processing: Our processing of your personal data is based on the following legal grounds:

Consent: When you have given clear consent for us to process your data for specific purposes, such as subscribing to newsletters or using certain features of the platform.
Contractual Necessity: When processing is necessary to perform a contract with you, including providing access to our platform and its features.
Legal Obligation: When processing is necessary to comply with legal obligations, such as maintaining records for regulatory compliance.
Legitimate Interests: When processing is necessary for our legitimate interests, such as improving our services or enhancing security, provided that these interests are not overridden by your rights.

4. User Rights and Choices

Data Portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format. To exercise this right, please visit our Support Section and submit a request.
Opt-Out Options: You can opt out of receiving newsletters and promotional communications by clicking the unsubscribe link provided in the emails. As for cookies, since we only use necessary cookies for session management, no opt-out is available for these; however, if we introduce additional cookies in the future, we will provide you with controls to manage your cookie preferences.
GDPR Rights: If you are a resident of the European Union or European Economic Area, please refer to the GDPR Compliance and Your Rights section for detailed information about your rights under the GDPR.
CCPA Rights: If you are a resident of California, please refer to the California Privacy Rights section for detailed information about your rights under the CCPA.

5. Data Sharing, Disclosure, and Third-Party Integrations

We may share your information with third parties under the following circumstances:

Third-Party Service Providers: We share your data with third-party service providers who assist us in operating our platform, such as hosting services, payment processors, and customer support tools. These providers are required to protect your data in accordance with our privacy policy and applicable laws.
Third-Party Tools and Integrations: Vitral utilizes Large Language Models (LLMs) and other AI tools provided by third-party vendors. While Vitral itself does not train or retrain any AI models using user input data, these third-party providers may collect and use data input through their APIs to improve their models, as per their own privacy policies. We strongly encourage you to review the data usage policies of each provider to understand how they handle your information:

Legal Obligations: We may disclose your data to law enforcement or other government entities as required by law, such as in response to a subpoena or other legal process.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such change in ownership or transfer of assets and your data, along with any choices you may have regarding your information.

Vitral is not responsible for the data handling practices of third-party providers. If you have any concerns regarding data usage, please consult the policies above or contact the respective provider directly.

Google OAuth Data Access and Usage

Vitral AI, Inc. ("Vitral") uses Google’s OAuth 2.0 for user authentication. When you log in using your Google account, we request access to specific information from your Google profile. Below, we outline how we access, use, store, and share the Google user data you provide:

1. Data Accessed

When you log in using Google OAuth, we request access to the following Google user data:

Profile Information: This includes your Google profile picture, name, and email address.
OpenID: We use the OpenID scope to verify your identity securely.

2. Use of Google User Data

We use the Google user data for the following purposes:

Authentication: To allow you to log in to our platform securely and access your account.
Personalization: To personalize your experience by displaying your profile information within the platform.
Account Management: To manage your account settings and preferences.

We do not use your Google user data for any other purposes without your explicit consent.

3. Data Storage

The Google user data we collect is securely stored in our system using industry-standard encryption protocols. We only store the data necessary to fulfill the purposes outlined above, and we retain this data as long as you maintain an account with Vitral or as required by law.

4. Data Sharing

We do not share your Google user data with any third parties, except as necessary to provide our services, comply with legal obligations, or with your explicit consent. We may share your data with trusted service providers who assist us in operating our platform, but they are contractually obligated to protect your data in compliance with our Privacy Policy and applicable laws.

5. Compliance with Google’s Limited Use Requirements

Vitral adheres to Google’s Limited Use requirements, ensuring that your Google user data is only used for the purposes described in this Privacy Policy. We do not use this data for advertising or other commercial purposes, nor do we sell or transfer your data to third parties for these purposes.

6. In-Product Privacy Notifications

We provide clear and accessible in-product privacy notifications regarding the use of Google user data. These notifications are prominently displayed within our app interface so that you can easily find this information.

7. Updates to Google OAuth Data Use

Our use of Google user data, as well as our related privacy practices, may be updated from time to time. Any changes will be reflected in this Privacy Policy and communicated to you through appropriate channels, such as in-app notifications or email. Continued use of our services after any changes constitutes your acceptance of the updated terms.

6. Data Security and Transfers

Data Security and Incident Response: We employ industry-standard security measures, including TLS encryption, to protect your personal information from unauthorized access, disclosure, or misuse. Your data is securely hosted on first-class data centers in the United States, and we employ several layers of security to protect your information. In the event of a data breach or security incident, we will notify you via email as soon as possible and take appropriate steps to mitigate the impact.
International Data Transfers: Most of the data processing occurs in data centers located in the United States. In cases where data is transferred to other locations, we will ensure that such transfers comply with applicable data protection regulations, including GDPR. We will use appropriate safeguards, such as standard contractual clauses, to protect your data during international transfers.

7. Children’s Privacy

While our services are not intended for children under the age of 13 (or 16 in certain jurisdictions), the privacy policy applies equally to all users. We encourage parents and guardians to monitor their children’s use of the platform and to contact us through our Support Section if they believe a child has provided personal information without parental consent. Any data collected from children is handled with special care and in compliance with relevant laws, specifically COPPA (Children’s Online Privacy Protection Act) for U.S. users.

8. Updates to the Privacy Policy

This Privacy Policy may be updated at any time. Changes will take effect immediately upon posting the updated policy on our platform. Continued use of our services after any changes constitutes your acceptance of the new terms.

9. Contact Information

For any questions or concerns regarding this Privacy Policy, or to contact our Data Protection Officer, please visit our Support Section and submit your inquiry. Our team will ensure your concerns are addressed promptly.

10. Dispute Resolution

Please refer to the Dispute Resolution section in our Terms of Use for details on how disputes related to privacy or other issues will be resolved.

California Privacy Rights

This section supplements the information contained in the general Privacy Policy of Vitral AI, Inc. and applies solely to residents of the state of California. We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this section.

1. Categories of Personal Information Collected

The following are the categories of personal information that we collect from California residents:

Identifiers: Such as name, email address, IP address, and device identifiers.
Personal Information Categories: Such as payment information (e.g., credit card details).
Commercial Information: Such as records of products or services purchased, obtained, or considered on our platform.
Internet or Other Electronic Network Activity: Such as browsing history, search history, and interactions with our website and services.
Geolocation Data: Such as physical location or movements.
Inferences: Derived from the information we collect to create a profile about a consumer reflecting their preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

2. Sources of Personal Information

We collect personal information from the following sources:

Directly from You: When you provide it to us during account creation or use of our services.
Indirectly from You: Through automated technologies such as cookies when you interact with our website.
From Third Parties: We may collect data from third-party services that you integrate with our platform, though this is not currently in practice.

3. Purposes for Collecting Personal Information

We collect and use your personal information for the following business or commercial purposes:

Providing and Managing Services: To provide, maintain, and improve our services.
Personalization: To tailor our services to your preferences and improve your experience.
Security: To maintain the safety, security, and integrity of our services.
Compliance: To comply with legal obligations, including those arising from the CCPA.
Marketing: To communicate offers, services, and events that may interest you, provided you have opted in to receive such communications.

4. Retention of Personal Information

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When we no longer need your personal information, we will securely delete or anonymize it in accordance with applicable laws and regulations.

5. Sharing of Personal Information

We may share your personal information with the following categories of third parties for business purposes:

Service Providers: Such as hosting services, payment processors, and customer support providers.
Business Partners: In the context of a merger, acquisition, or sale of assets.
Legal Authorities: Where required by law, such as in response to a subpoena or court order.

6. Your California Privacy Rights

As a California resident, you have the following rights under the CCPA:

Right to Know: You may request details about the personal information we collect, use, and disclose.
Right to Delete: You may request that we delete personal information that we have collected from you, subject to certain exceptions.
Right to Opt-Out of Sale: While we do not sell personal information, you have the right to opt-out if we ever change our practices.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.

7. How to Exercise Your Rights

To exercise your CCPA rights, you may:

Submit a Request: Contact us through our California Privacy Request Form.
Verification: We may need to verify your identity before processing your request, which helps us protect your privacy and security.

8. Do Not Sell My Personal Information

As of now, Vitral AI, Inc. does not sell personal information as defined under the CCPA. If our practices change, we will provide you with a clear mechanism to opt-out of the sale of your personal information.

9. Financial Incentives

If we offer any financial incentives (e.g., discounts or rewards) in exchange for your personal information, we will provide details on these incentives, including the value of the information, how it is calculated, and how you can opt-in or withdraw from such incentives.

10. Children's Data Collection

We do not knowingly collect or sell personal information from consumers under the age of 16 without affirmative authorization. If you are a parent or guardian and believe we have collected information from your child, please contact us through our Support Section.

11. Updates to this California Privacy Policy

We may update this California Privacy Policy from time to time. Changes will take effect immediately upon posting the updated policy on our platform. Continued use of our services after any changes constitutes your acceptance of the new terms.

12. Contact Information

If you have any questions or concerns about this California Privacy Policy, please contact us through our Support Section.

GDPR Compliance and Your Rights

This section supplements the information contained in the general Privacy Policy of Vitral AI, Inc. and applies solely to residents of the European Union (EU) and European Economic Area (EEA). We adopt this notice to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Any terms defined in the GDPR have the same meaning when used in this section.

1. Legal Basis for Processing

Under the GDPR, we must have a legal basis to process your personal data. We process your personal data under the following legal bases:

Consent: Where you have provided explicit consent for specific purposes, such as subscribing to newsletters or using certain features of our platform.
Contractual Necessity: Where processing is necessary to perform a contract with you, including providing access to our platform and its services.
Legal Obligation: Where processing is required to comply with legal obligations, such as maintaining records for regulatory compliance.
Legitimate Interests: Where processing is necessary for our legitimate interests, such as improving our services, provided that these interests are not overridden by your data protection rights.

2. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

Right to Access: You have the right to request access to the personal data we hold about you, including information on how your data is used and who it is shared with.
Right to Rectification: You have the right to request that we correct any inaccuracies in your personal data.
Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data under certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain conditions, such as when you contest the accuracy of the data.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another data controller where technically feasible.
Right to Object: You have the right to object to the processing of your personal data where we are relying on legitimate interests as the legal basis.
Right to Withdraw Consent: Where we process your personal data based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, particularly in the EU/EEA member state where you live, work, or where the alleged infringement of GDPR took place.

3. Data Transfers Outside the EEA

Vitral AI, Inc. operates globally, and your personal data may be transferred to and processed in countries outside of the European Economic Area (EEA), including the United States. When we transfer your personal data outside the EEA, we ensure that it is protected by implementing appropriate safeguards, including:

Standard Contractual Clauses (SCCs): We rely on Standard Contractual Clauses approved by the European Commission as a primary mechanism to ensure that your data is protected to the same standard required within the EEA. These clauses impose contractual obligations on the recipient of the data to ensure its protection.
Adequacy Decisions: Where applicable, we may transfer data to countries that the European Commission has deemed to provide an adequate level of data protection, meaning that no additional safeguards are required.

Vitral AI, Inc. is committed to maintaining the highest standards of data protection. We regularly monitor legal developments related to international data transfers and will update our practices and mechanisms as needed to ensure compliance with the latest regulations and guidance from data protection authorities.

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. The criteria used to determine our retention periods include:

The duration of your relationship with us: As long as you have an active account with us or continue to use our services.
Legal obligations: We may be required to retain your data for longer periods in order to comply with legal obligations.
Dispute resolution: We may retain your data as necessary to resolve disputes or enforce our agreements.

5. Security Measures

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These measures include:

Encryption: We use TLS (Transport Layer Security) to encrypt data in transit.
Access Controls: We restrict access to personal data to employees and service providers who need to know the information to process it on our behalf.
Data Hosting: Your data is securely hosted in First Class data centers in the United States, which comply with industry-leading security standards.

6. Automated Decision-Making and Profiling

We may use automated decision-making and profiling to provide personalized services, such as recommending content or tailoring our offerings based on your usage patterns. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you, unless:

You have given explicit consent.
The decision is necessary for entering into or performing a contract between you and Vitral AI, Inc.
The decision is authorized by applicable law.

If you are subject to automated decision-making, you have the right to obtain human intervention, express your point of view, and contest the decision.

7. Contact Information

If you have any questions or concerns about this GDPR Addendum or wish to exercise your GDPR rights, please contact our Data Protection Officer through our Support Section.

8. Updates to this GDPR Addendum

We may update this GDPR Addendum from time to time. Any changes will be effective immediately upon posting the updated addendum on our platform. Continued use of our services after any changes constitutes your acceptance of the new terms.

Responsible Disclosure Policy

At Vitral AI, Inc., the security and privacy of our users' data are of utmost importance. We are committed to maintaining a safe and secure environment for our platform, and we value the contributions of the security community in identifying and responsibly disclosing potential vulnerabilities. This Responsible Disclosure Policy outlines our approach to handling security issues and provides guidelines for reporting vulnerabilities.

1. Scope

This policy applies to any vulnerabilities or security issues discovered within our AI-based workflow organization platform, including but not limited to:

Web applications
Mobile applications
APIs
Backend systems and infrastructure
Cloud services and data storage

2. Reporting Vulnerabilities

If you believe you have discovered a vulnerability or security issue in our platform, we encourage you to report it to us as soon as possible. Please follow these steps when submitting a report:

Contact Information: Submit your report through our Support Section, where you can select the appropriate category for security-related issues.
Description: Provide a detailed description of the vulnerability, including the potential impact and any steps needed to reproduce the issue.
Supporting Evidence: Include any supporting evidence, such as screenshots, proof-of-concept code, or network traces, that can help us understand and address the vulnerability.
Your Contact Information: Provide your contact details so we can follow up with you if necessary.

3. Responsible Disclosure Guidelines

When reporting a vulnerability, please adhere to the following guidelines to ensure responsible disclosure:

No Exploitation: Do not exploit the vulnerability beyond what is necessary to demonstrate the issue. Avoid accessing, modifying, or deleting data without authorization.
No Public Disclosure: Do not publicly disclose the vulnerability or share it with others until we have had the opportunity to address it. This helps prevent malicious actors from exploiting the vulnerability before a fix is implemented.
Good Faith Cooperation: Work with us in good faith to verify the issue and implement a fix. Provide us with a reasonable amount of time to address the vulnerability before making any disclosures.
Legal Compliance: Ensure that your actions comply with all applicable laws. Unauthorized access to systems, data, or accounts without permission may be illegal.

4. Acknowledgments

We appreciate the efforts of security researchers and ethical hackers who help us enhance the security of our platform. Where appropriate, and with your consent, we will publicly acknowledge your contribution. If you prefer to remain anonymous, we will respect your privacy.

5. Our Commitment

In return for your responsible disclosure, we commit to:

Acknowledging Receipt: We will acknowledge receipt of your report within a reasonable time frame.
Investigating Promptly: We will investigate all valid reports and take appropriate steps to address any confirmed vulnerabilities.
Maintaining Communication: We will keep you informed of our progress in addressing the reported issue and notify you when it has been resolved.

6. Legal Considerations

Vitral AI, Inc. does not authorize or permit any activity that violates applicable laws. By submitting a vulnerability report, you agree that your research was conducted in accordance with all applicable laws and that you have made a good-faith effort to avoid privacy violations, data destruction, and service disruptions.

7. Contact Information

For any questions or concerns regarding this Responsible Disclosure Policy, please contact our security team through our Support Section.