Privacy for governed intelligence.

Scope, entity, and definitions

About this policy. This Privacy Policy explains how VectorAmp, Inc. (“VectorAmp,” “we,” “us”) handles personal information in connection with our website, products, APIs, SDKs, documentation, and related sales and support activities (collectively, the “Services”). VectorAmp, Inc. is a Delaware corporation headquartered at 313 Ridgewood Road, Fort Worth, Texas 76107.

Controller and processor roles. For website visitors, prospective customers, account administrators, and individual users, VectorAmp acts as a “controller” (or “business”), and this Privacy Policy applies. When VectorAmp processes data that a Customer connects, uploads, or generates through the Services on the Customer’s behalf (“Customer Data”), VectorAmp acts as a “processor” (or “service provider”). Our handling of Customer Data is governed by the agreement between VectorAmp and the Customer (including the Master Services Agreement and Data Processing Addendum), not by this Privacy Policy. If you are an individual whose data appears in Customer Data, please direct privacy requests to the Customer that controls that data.

Definitions. “Personal information” (or “personal data”) means information that identifies, relates to, or could reasonably be linked to a particular individual or household. It does not include de-identified, aggregated, or publicly available information.

Information we collect

Account and profile information: name, business email, username, job title, organization, and credentials you provide during registration or when provisioned by an administrator.

Workspace and organization settings: configuration and administrative settings for your workspace.

Billing information: billing contact, plan, and transaction metadata. Payment card details are processed by our payment processor and are not stored by VectorAmp.

Usage and diagnostics data: log data, device and browser information, IP address, feature usage, and performance and reliability telemetry.

Support communications: information you provide when you contact us for support or sales inquiries.

Website and marketing data: information collected through our website, including via cookies and similar technologies (see “Cookies and tracking technologies”). We collect this information directly from you, automatically as you use the Services, and from third parties, including our analytics, security, and billing providers. Customer Data that you choose to connect, upload, or generate through the Services is addressed separately under “Customer Data” and is processed under your Customer Agreement rather than this Privacy Policy.

Customer data

“Customer Data” is the data a Customer connects, uploads, or generates through the Services, including files, source records, chunks, embeddings, metadata, prompts, queries, generated outputs, citations, and the configuration required to operate VectorAmp for the workspace. VectorAmp processes Customer Data solely as a processor on the Customer’s behalf and in accordance with the Customer’s Agreement and documented instructions. The Customer is responsible for the personal information contained in the Customer Data and for ensuring that an appropriate legal basis exists for providing it to VectorAmp. Requests from individuals to access, correct, or delete personal information contained in Customer Data should be directed to the relevant Customer; VectorAmp will support Customers in responding to such requests as set out in the applicable Data Processing Addendum.

How we use information

We use the personal information we collect as a controller to: provide, operate, and maintain the Services; authenticate users and administer accounts; process ingestion and retrieval requests; secure and monitor the platform and prevent fraud and abuse; provide customer support and troubleshoot issues; communicate with you about the Services, including service, security, and transactional messages; send marketing communications where permitted (you may opt out at any time); improve the reliability, performance, and quality of the Services; and comply with legal obligations and enforce our agreements.

Where the EU/UK General Data Protection Regulation applies, we rely on the following legal bases: performance of a contract (to provide the Services); our legitimate interests (to secure, support, and improve the Services and for business-to-business marketing), balanced against your rights; your consent (for certain cookies and marketing, where required); and compliance with legal obligations. You may withdraw consent at any time if processing is based on consent.

Customer data and AI

Customer Data remains the Customer’s. We do not sell Customer Data, and we do not use Customer Data or Customer content to train any foundation models, whether third-party or our own, except as expressly instructed by the Customer or as described in the Customer’s agreement. We process Customer Data only to provide and support the Services. We may create and use de-identified or aggregated data that cannot reasonably be used to identify any individual or Customer to operate, secure, and improve the Services; we maintain such data in de-identified form and do not attempt to re-identify it.

Sharing and subprocessors

We share personal information only as described below and limit access to what is necessary for each purpose:

Service providers and subprocessors: vendors that help us operate the Services, including cloud hosting and infrastructure, billing and payments, analytics, communications, and security providers. These parties are contractually obligated to use the information only to provide services to us. A current list of subprocessors is available upon request.

Legal and safety: when we believe disclosure is required by law, regulation, legal process, or a governmental request, or is necessary to protect the rights, property, or safety of VectorAmp, our Customers, or others.

Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Privacy Policy or a successor policy.

With your direction or consent: when you ask us to share information or otherwise consent.

We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising as those terms are defined under applicable U.S. state privacy laws.

Cookies and tracking technologies

Our website uses cookies and similar technologies to operate the site, remember preferences, measure performance, and understand usage. We use strictly necessary, analytics, and functional cookies. You can control cookies through your browser settings and, where available, our cookie preferences tool. Where required by law, we obtain consent before setting non-essential cookies. We honor recognized opt-out preference signals, including the Global Privacy Control (GPC), as requests to opt out of any “sale” or “sharing” of personal information from browsers and devices that send them.

International data transfers

VectorAmp is based in the United States and processes information there. If you access the Services from outside the United States, you understand that your information may be transferred to and processed in the United States. When we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland, we use an appropriate transfer mechanism, such as the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum. You may contact us for more information about these safeguards.

Security

We maintain technical and organizational safeguards to protect personal information, including access controls and least-privilege practices, encryption of data in transit and at rest, monitoring and logging, and controlled, repository-backed deployment workflows. VectorAmp is pursuing a SOC 2 examination and will update this section accordingly upon completion. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. However, we design for limited access and clear operational ownership. If you believe your account or information has been compromised, contact us at support@vectoramp.com.

Retention and deletion

Workspace administrators can manage users, sources, and datasets and submit deletion requests through the Services. We retain personal information for as long as needed to provide the Services and for the legitimate purposes described in this policy, after which we delete or de-identify it. The criteria we use to determine retention periods include the duration of the customer relationship, our legal, tax, accounting, and compliance obligations, and the need to resolve disputes and enforce agreements. Certain logs, billing records, backups, and legal records may be retained for a limited additional period for these reasons. Residual copies in backups are deleted on our standard backup cycle. Retention and deletion of Customer Data are governed by the Customer’s Agreement and Data Processing Addendum.

Your privacy rights

Depending on where you live, you may have rights regarding your personal information. These rights apply to information VectorAmp holds as a controller. For personal information contained in Customer Data, please contact the Customer that controls it.

U.S. state privacy rights (including California and Texas). Subject to applicable law, you may have the right to confirm whether we process your personal information and to access it; correct inaccurate information; request deletion; obtain a portable copy; and opt out of the sale of personal information, “sharing” for targeted advertising, and certain profiling. We do not discriminate against you for exercising these rights. To exercise them, contact us at support@vectoramp.com. We will verify your request using information associated with your account. If we deny your request, you may appeal by contacting walton@vectoramp.com. If you have concerns about our response, you may contact your state attorney general.

California. We do not sell or share personal information for cross-context behavioral advertising. If applicable, see our notice on sensitive personal information and your right to limit its use.

Texas. We do not sell sensitive or biometric personal data.

EEA, UK, and Switzerland. If the GDPR or UK GDPR applies, you may have the right to access, rectify, erase, restrict, or object to processing; to data portability; and to withdraw consent. You may also lodge a complaint with your supervisory authority.

We will respond to requests sent to support@vectoramp.com within the timeframes required by applicable law.

Your choices

You may update your account information, manage workspace users and connected sources, and request deletion where available through the Services. You can opt out of marketing emails using the unsubscribe link in those messages or by contacting us. We will still send service, security, and transactional messages. You can manage cookies as described in “Cookies and tracking technologies.” To exercise the privacy rights described above, see “Your privacy rights.”

Children’s privacy

The Services are intended for businesses and are not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at support@vectoramp.com, and we will take appropriate steps to delete it.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date above and, for material changes, provide additional notice as required by law (for example, by posting a notice on our website or notifying account administrators). Your continued use of the Services after an update takes effect constitutes acceptance of the revised policy.

Contact

For privacy questions or requests, contact us at support@vectoramp.com and include the workspace, organization, or account context needed to route your request. You may also write to us at VectorAmp, Inc., 313 Ridgewood Road, Fort Worth, Texas 76107, Attn: Privacy.

Third-party links

Our website and Services may link to third-party sites and services that we do not control. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review their privacy notices.