Privacy Policy

Vessel Tech Inc. ("VXL," "we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the VXL platform and related services (the "Service").

This policy complies with the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

By using our Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

For the purposes of GDPR and other data protection laws, the data controller is:

For privacy-related inquiries, data subject requests, or concerns about how we handle your data, please contact us at the email address above.

We collect several types of information to provide and improve our Service:

3.1 Information You Provide Directly

• Account Information: Name, email address, phone number, company name, job title, billing address
• Authentication Data: Login credentials, OAuth tokens (Google, GitHub)
• Payment Information: Credit card details, billing information (processed by third-party payment providers)
• Configuration Data: Call scripts, greetings, business hours, routing preferences, CRM integration settings
• Support Communications: Messages sent to our support team, feedback, and survey responses

3.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on platform, click patterns, search queries
• Device Information: IP address, browser type and version, operating system, device identifiers
• Log Data: Access times, error logs, API requests, system diagnostics
• Cookies & Tracking Technologies: Session cookies, preference cookies, analytics cookies (see Section 10)

3.3 Call & Conversation Data

• Call Recordings: Audio recordings of calls handled by AI agents (when legally permitted and disclosed)
• Transcripts: Text transcriptions of voice conversations
• Call Metadata: Phone numbers, call duration, timestamps, outcomes, routing information
• Lead Information: Customer names, contact details, preferences, and intent data captured during calls

3.4 Information from Third Parties

• CRM Data: Contact information, deal stages, notes synced from HubSpot or other integrated platforms
• Authentication Providers: Profile information from Auth0, Google, GitHub
• Payment Processors: Transaction confirmations and payment status

We use collected data for the following purposes:

4.1 Service Delivery

• Provide, operate, and maintain the VXL platform
• Process and route phone calls through AI agents
• Integrate with your CRM and business systems
• Generate transcripts and conversation summaries
• Schedule appointments and manage calendars

4.2 Improvement & Development

• Train and improve AI models for better accuracy
• Analyze usage patterns to enhance features
• Develop new products and services
• Conduct research and analytics

4.3 Communication

• Send service announcements and updates
• Respond to support inquiries
• Provide technical assistance
• Send billing notifications and invoices
• Deliver marketing communications (with consent)

4.4 Legal & Security

• Comply with legal obligations and regulatory requirements
• Prevent fraud, abuse, and security incidents
• Enforce our Terms of Service
• Protect rights, property, and safety of VXL, users, and the public
• Respond to legal requests and court orders

For users in the European Economic Area (EEA), UK, and Switzerland, we process personal data based on the following legal grounds:

We share data with trusted third-party service providers who assist in operating our Service. All third parties are contractually obligated to protect your data and use it only for specified purposes.

6.1 Service Providers

6.2 Legal Disclosures

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal processes or obligations
• Enforce our Terms of Service
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Protect public safety

6.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your data may be transferred to the successor entity. We will notify you via email and/or prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.

7.1 Where We Store Data

Your data is stored on secure servers provided by Amazon Web Services (AWS) and Vercel, primarily located in the United States. We implement industry-standard security measures to protect your information.

7.2 Security Measures

We protect your data using multiple layers of security:

• Encryption: Data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256.
• Access Controls: Role-based access control (RBAC) limits data access to authorized personnel only.
• Authentication: Multi-factor authentication (MFA) for administrative access.
• Monitoring: Continuous monitoring for security threats and anomalous behavior.
• Auditing: Regular security audits and penetration testing.
• Compliance: Adherence to SOC 2 Type II standards and best practices.

7.3 No Absolute Security

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to protect your data using industry best practices.

7.4 Breach Notification

In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of the breach, as required by GDPR and other applicable laws. Notifications will include the nature of the breach, affected data, and steps we're taking to address it.

We retain your data for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active and for 90 days after account closure (unless deletion is requested earlier).
• Call Recordings & Transcripts: Retained for 12 months by default, configurable by customer settings (minimum 30 days, maximum 7 years).
• Usage Logs: Retained for 13 months for analytics and troubleshooting purposes.
• Billing Records: Retained for 7 years to comply with tax and accounting regulations.
• Support Communications: Retained for 3 years to maintain service quality and resolve disputes.

You may request earlier deletion of your data at any time by contacting privacy@vessel.nyc. Note that we may retain certain data to comply with legal obligations or legitimate business purposes.

Depending on your location, you have the following rights regarding your personal data:

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@vessel.nyc with your request. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights.

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver personalized content.

Types of Cookies We Use

Managing Cookies

Most browsers allow you to control cookies through settings. Note that disabling cookies may limit functionality. You can opt out of analytics tracking by using browser extensions like uBlock Origin or Privacy Badger.

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

CCPA Rights

• Right to Know: Request disclosure of the categories and specific pieces of personal information we've collected about you.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: Opt out of the "sale" of personal information (note: we do not sell personal information).
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Categories of Personal Information Collected

In the past 12 months, we have collected the following categories under CCPA:

• Identifiers (name, email, phone, IP address)
• Commercial information (purchase history, subscriptions)
• Internet activity (browsing history, usage data)
• Audio/visual information (call recordings)
• Professional information (company name, job title)

We Do Not Sell Personal Information

VXL does not sell personal information as defined by the CCPA. We do not exchange personal information for monetary consideration with third parties.

Exercising CCPA Rights

To exercise your CCPA rights, contact us at privacy@vessel.nyc or call 929-599-6360. We will verify your identity and respond within 45 days.

If you access the Service from outside the United States, your data may be transferred to, stored in, and processed in the United States and other countries where our service providers operate.

For users in the EEA, UK, and Switzerland, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for specific jurisdictions
• Data Processing Agreements with all third-party processors
• Technical and organizational security measures

By using the Service, you consent to the transfer of your data as described in this policy.

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

If you believe we have collected information from a child, please contact us immediately at privacy@vessel.nyc.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Send you an email notification (if you have an account)
• Display a prominent notice on our website or within the Service
• In some cases, request your explicit consent to the changes

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to working with you to resolve any privacy concerns. We typically respond to privacy inquiries within 5 business days.