Privacy Policy

1. Who we are and scope

Vectra24 (or the entity identified in your account or on our website) operates the Vectra24 platform and is the data controller for the personal data we process in connection with the Service. We provide our Service from Italy and serve users in Italy, across the European Union (EU) and European Economic Area (EEA), and internationally. This Privacy Policy explains what data we collect, why we use it, how long we keep it, and what rights you have. It applies to our website, dashboard, API, and any use of our AI team and messaging integrations (e.g. Telegram, WhatsApp).

2. Legal basis (EU/EEA and UK)

Where you are in the EU, EEA, or UK, we process your personal data only when we have a valid legal basis under the General Data Protection Regulation (GDPR) and applicable national law: (a) performance of our contract with you (e.g. account and Service delivery); (b) your consent where we ask for it (e.g. marketing, optional features); (c) our legitimate interests (e.g. security, analytics, improving the Service), where they are not overridden by your rights; (d) compliance with legal obligations. We will indicate the basis for each category of processing where relevant.

3. Data we collect and how we use it

• Account and profile: email address, name, password (hashed), and any profile details you provide. We use this to create and manage your account, authenticate you, and communicate about the Service. Legal basis: contract.
• Usage and billing: plan and subscription details, token or usage metrics (we meter usage by token consumption and enforce plan limits), and payment-related identifiers (e.g. from our payment provider). We use this to provide the Service, meter usage, enforce limits, and handle billing. Our billing model is based on token usage and the subscription plan you choose. Legal basis: contract; legitimate interests (fraud prevention, analytics).
• Content you provide:instructions, prompts, and content you submit to your AI teams and any outputs generated in your workspace. We process this to run the Service and to improve reliability and security. We do not use your content to train general-purpose AI models for third parties. Legal basis: contract; legitimate interests (security, product improvement within our systems).
• Channel and integration data: identifiers and metadata related to connected channels (e.g. Telegram or WhatsApp) so we can route messages to your team and deliver responses. Legal basis: contract.
• Technical and logs: IP address, device and browser information, and logs of access and errors. We use this for security, abuse prevention, and troubleshooting. Legal basis: legitimate interests; legal obligation where applicable.
• Communications: when you contact support or send us feedback, we keep the content of those communications. Legal basis: contract; legitimate interests.

4. How long we keep your data

We retain your data only as long as necessary for the purposes described above and to comply with legal obligations. Account and profile data are kept while your account is active and for a limited period after closure for support and legal purposes. Usage and billing data are retained as required for accounting and tax (typically several years where required by law). Logs and security-related data are kept for a limited period (e.g. 12–24 months) unless a longer retention is required for legal or regulatory reasons. You may request erasure of your personal data subject to applicable retention obligations; see “Your rights” below.

5. Sharing and recipients

We share personal data only with trusted service providers who assist in operating the Service (e.g. hosting, authentication, payment processing, email delivery). These processors act on our instructions and are bound by data protection agreements. We may also disclose data when required by law (e.g. court order or regulatory request) or to protect our rights, users, or the public. We do not sell your personal data. If we expand to new regions, we may work with local partners subject to the same privacy and security standards.

6. International transfers

Your data may be processed in Italy, elsewhere in the EU/EEA, and in some cases in countries outside the EU/EEA (e.g. where we or our providers use data centres or support teams there). For transfers from the EU/EEA or UK to countries not recognised as providing an adequate level of data protection, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms. You may request more detail on the safeguards we use for specific transfers by contacting us.

7. Security

We implement technical and organisational measures to protect your data against unauthorised access, loss, or misuse. These include access controls, encryption where appropriate, and secure development practices. No system is completely secure; we encourage you to use a strong password and keep your credentials safe.

8. Your rights (especially in the EU/EEA and UK)

Depending on where you live, you may have the right to: access your personal data; rectify inaccurate data; request erasure (“right to be forgotten”); restrict processing; data portability; object to processing based on legitimate interests; and, where processing is based on consent, withdraw consent at any time. If you are in the EU/EEA or UK, you also have the right to lodge a complaint with a supervisory authority (e.g. in Italy: Garante per la protezione dei dati personali; in your country of residence: your national data protection authority). To exercise your rights, contact us using the details below; we will respond within the time limits required by applicable law (e.g. one month under the GDPR).

9. Cookies and consent

We use cookies and similar technologies (e.g. local storage) to operate the Service, keep you signed in, remember preferences, and where you have consented, for analytics or marketing. In the EU and in line with the ePrivacy Directive and GDPR, we obtain your consent before setting non-essential cookies. When you first visit, you can accept all cookies, reject non-essential cookies, or manage preferences by category (necessary, analytics, marketing, preferences). Necessary cookies are required for the site to function and cannot be disabled.

Your choices are stored in a first-party cookie and persist until you withdraw consent or the cookie expires. You can change or withdraw your consent at any time via the “Cookie preferences” link in the footer or on this page; we will then stop setting non-essential cookies for the categories you revoke and re-show the consent banner if you clear the cookie. We may treat your browser’s Do Not Track (DNT) signal as a preference to limit non-essential cookies where we support it. For details of the cookies we use, see the cookie list below.

Cookie list

Name, purpose, provider, typical duration, category.

10. Minors

The Service is not directed at minors. We do not knowingly collect personal data from anyone under 16 (or the higher age required in your country for consent). If you believe we have collected data from a minor, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on our website and update the “Last updated” date. For material changes that affect how we use your data, we will notify you by email or through the Service where appropriate. In the EU/EEA, we may be required to obtain your consent for new uses of your data where the legal basis is consent. We encourage you to review this policy periodically.

12. Contact and data protection enquiries

For privacy-related requests, to exercise your rights, or for questions about this policy, contact us at the address or email provided on our website or in your account. If you are in the EU/EEA and we have appointed a representative, their contact details will be indicated on our website or in your jurisdiction.