Skip to main content

Privacy Policy

Effective on: 05/22/2026

1. Introduction

Vega Minds ("Firm", "us") values your privacy as our user ("User", "you") and is committed to protecting your personal information. This Privacy Policy outlines how we collect, use, disclose, and protect the information you provide to us when using our AI products and services ("Service"). We understand the importance of safeguarding your data and have implemented comprehensive measures to ensure its security and confidentiality. By accessing or using our services, you consent to the practices described in this Privacy Policy. We encourage you to read this document carefully to understand how business, client, and personal information ("Data") is handled by the Firm and to make informed decisions about your privacy. If you have any questions or concerns regarding our privacy practices, please contact us using the information provided at the end of this policy.

2. Types of data collected

We collect two types of information: information provided during the onboarding process and information collected during product usage.

2.1. Personal data

During the onboarding process, we collect specific information. It includes details such as company name, contact information, preferences, cookies, and any other relevant information necessary to customize the AI experience for the User. The Data collected during onboarding forms the foundation of our product, enabling us to tailor the AI capabilities specifically for each user's needs.

2.2. Usage data

As you use our services, certain information is automatically collected to enhance the user experience and improve our platform. This includes usage patterns, interaction data, preferences, and settings. We may also collect technical information such as IP addresses, device information, browser type, and operating system to ensure optimal functionality and provide technical support.

2.3. Cookies and tracking technologies

We use cookies and similar tracking technologies on vegaminds.com to understand how visitors use the site and to make it work properly. Cookies are small data files stored on your device; related technologies include pixels, beacons, tags, and scripts loaded by third-party services. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent; some parts of the site may not work as expected if you do so.

Specifically, the following technologies may be active on this site:

  • Google Tag Manager and Google Analytics — measure aggregate traffic, page views, and campaign performance. Set by googletagmanager.com and google-analytics.com.
  • YouTube (privacy-enhanced mode) — embedded video on our demo page is loaded from youtube-nocookie.com, which defers cookie-setting until you press play.
  • Calendly — when you click a "Book a demo" link, you are taken to calendly.com, which sets its own cookies on that page. We do not embed Calendly directly on vegaminds.com.

We do not use cross-site advertising pixels, retargeting tags, or social media tracking pixels on vegaminds.com. If this changes in the future, we will update this policy and the relevant categories of cookies will be disclosed here.

California residents and other users can opt out of analytics cookies at any time by clicking "Your Privacy Choices" in the page footer. See Section 10.1 below for details.

3. Use of data collected

Our role: Vega Minds acts in two roles. When you provide information directly to Vega Minds (for example, by visiting our website, requesting a demo, or contacting us), Vega Minds is the controller. When advisor firms use the Vega Minds platform and end-client information is ingested from the firm's CRM, calendar, email, or meetings, Vega Minds is a processor acting on the firm's documented instructions; the firm is the controller. Data subject rights with respect to that data are exercised through the advisor firm.

Data is collected to serve various purposes:

  • To provide and maintain our Service: we use your personal data to offer a personalized and efficient service;
  • For communications: to notify you about changes to our Service, provide customer support, and send account-related notices;
  • Enhancement of Service: your data helps us analyze usage patterns, identify areas for improvement, and refine our algorithms, ensuring a continually improving user experience;
  • Legal basis: the processing of your data is necessary for the performance of a contract to which you are a party and to pursue our legitimate interests as a controller;
  • To monitor service usage: to understand how our Service is used and identify trends;
  • To detect, prevent and address technical issues: ensuring a secure and uninterrupted user experience;
  • To fulfill any other purpose for which you provide it: tailoring our Service to meet your needs.

4. Data retention

We retain your Data only for as long as necessary for the purposes set out in this Privacy Policy, and as required to comply with our legal obligations, resolve disputes and enforce our agreements. Retention windows vary by category:

  • Account billing records: For the duration of the contract plus 5-7 years to meeting tax and audit requirements
  • Support and operational logs: as set out in our Data Retention Policy
  • Marketing data: until you opt out or after three years of inactivity, whichever comes first
  • HR data: For the duration of employment plus any statutory retention period
  • Processor-tier customer data: For the duration of that firm's contract with us, in accordance with Section 9 of our Data Processing Agreement

Full retention details are documented in our Data Retention Policy, available on request.

5. Transfer of data

Your Data may be transferred to and processed in computers located outside of your state, province, or country, where data protection laws may differ from those in your jurisdiction. Specifically, we transfer and process data, including personal data, within the United States. Our commitment is to ensure the secure and lawful handling of your data, consistent with this Privacy Policy. This includes implementing adequate safeguards, particularly when transferring data internationally. We adhere to contractual obligations and standard data protection clauses, such as those outlined in Article 46.2(c) of the GDPR, to maintain the integrity and security of your personal information across borders. Vega Minds processes personal data of EU/EEA data subjects, including end clients of advisor firms based in the EU/EEA. All processing occurs in AWS United States regions; cross-border transfers rely on the EU Standard Contractual Clauses adopted by Commission Implementing Decision (EU) 2021/914 of 4 June 2021, supplemented by a Transfer Impact Assessment, and on the EU-US Data Privacy Framework where the receiving entity is certified.

6. Disclosure of data

Under certain circumstances, we may disclose your Data:

  • If required to do so by law or in response to valid requests by public authorities;
  • If we or our subsidiaries are involved in a merger, acquisition or asset sale;
  • To our subsidiaries, affiliates or employees when relevant;
  • To contractors, service providers, and other third parties we use to support our business;
  • With your consent in any other cases.

Please note that we do not sell or otherwise share your Data beyond what is described in this Privacy Policy.

6.1 Foundation model and cloud computing providers

Foundation model (FM) providers are integral to our technology. We prioritize privacy and security in our dealings with these providers and continuously monitor their data protection practices. Only essential information is shared with FM providers, and sensitive data is encrypted before transmission to protect client privacy. Our service utilizes enterprise-grade large language models (LLMs) from leading cloud providers, ensuring user data is not used to train third-party FMs or improve other products. The user's data remains within the Vega environment and is not employed to enhance the FMs, which are designed to be stateless. However, for added safety, we recommend using specific functions and fields for sensitive information within our products.

6.2 Integrated platforms

Our service seamlessly integrates with various third-party platforms, including CRMs, calendars, and emails, to enhance user experience. Upon your request, we establish secure connections to these platforms to retrieve and occasionally update information, enriching our service capabilities. All integrations are conducted in strict compliance with each platform's guidelines for login procedures and credential storage, ensuring a high level of security and data integrity.

6.3 Analytics

We may use third-party service providers such as Google Analytics to monitor, analyze and refine our Service.

6.4 Sharing anonymized and aggregated data

Anonymizing the data ensures that individual client information remains protected and unidentifiable. By aggregating the data, we can derive meaningful and generalized insights that help us make informed decisions about platform improvements, performance optimizations, and feature enhancements. The result of such anonymized data manipulation may be presented to third parties or the public.

7. Links to outside sites

Our Service contains links to external sites not operated by us. Clicking on a third-party link will take you to that site, where we recommend reviewing their Privacy Policy. We do not control, and are not responsible for, the content, privacy policies, or practices of any third-party sites or services.

8. Information security

We prioritize the security of your information and have implemented robust measures to protect it from unauthorized access, disclosure, alteration, or destruction. We use industry-standard encryption technologies and regularly update our security practices to ensure the highest level of protection.

Our team undergoes regular training and follows strict security protocols to handle and safeguard your data. We monitor our systems for potential risks and vulnerabilities and have procedures in place to respond promptly to any incidents.

While we take extensive measures to protect your information, no method of transmission or storage can guarantee absolute security. We encourage you to use strong passwords, keep your login credentials confidential, and maintain up-to-date security software on your devices.

9. Payments

We offer paid products/services within our Service, and for payment processing, we use third-party services. Your payment card details are not stored by us but are handled directly by these third-party processors, governed by their Privacy Policies. They comply with PCI-DSS standards set by the PCI Security Standards Council, involving entities like Visa and Mastercard, to ensure secure payment information handling. Our payment processor is Stripe Inc. and their Privacy Policy is available here.

10. User rights and choices

10.1 California privacy rights (CCPA / CPRA)

California residents have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"). Those rights include:

  • Right to know: request the categories and specific pieces of personal information we have collected about you;
  • Right to delete: request that we delete personal information we have collected from you, subject to legal exceptions;
  • Right to correct: request that we correct inaccurate personal information we maintain about you;
  • Right to opt out of sale or sharing: opt out of any sale or sharing of your personal information, including disclosures made for cross-context behavioral advertising;
  • Right to non-discrimination: you will not receive discriminatory treatment for exercising any of these rights.

How to opt out of analytics on vegaminds.com: click "Your Privacy Choices" in the footer of any page, or click "Opt out" on our cookie notice. This sets a preference in your browser that prevents Google Tag Manager and Google Analytics from loading on subsequent visits.

Global Privacy Control (GPC): we honor the Global Privacy Control browser signal as a valid opt-out of sale or sharing. If your browser sends a GPC signal (supported natively in Brave and Firefox, and via extensions in other browsers), we will automatically treat it as an opt-out and will not load Google Tag Manager or Google Analytics. You do not need to take any additional action.

To exercise other CCPA rights (access, deletion, correction), contact us at the email listed at the end of this policy. We will respond within 45 days as required by law.

10.2 General Data Protection Regulation (GDPR)

If you reside in the European Union (EU) or European Economic Area (EEA), GDPR grants you specific data protection rights. Our goal is to enable you to exercise these rights effectively. These rights include:

  • Right to access: you can request a copy of the personal data held about you;
  • Right to rectification: you have the right to have errors corrected;
  • Right to erasure: you can ask for deletion of your personal data, subject to certain legal exceptions;
  • Right to restrict processing: you can request that we limit the processing of your data;
  • Right to withdraw consent: you can withdraw your consent to the processing of your personal data;
  • Right to lodge a complaint: if you believe the processing of your personal data infringes on GDPR, you have the right to lodge a complaint;
  • Right to data portability: where processing is based on consent or contract and carried out by automated means, you may receive the personal data you provided to us in a structured, commonly used, machine-readable format, and have it transmitted to another controller where technically feasible;
  • Right to object: you may object at any time, on grounds relating to your particular situation, to processing based on legitimate interests; you may object at any time and without justification to processing for direct marketing purposes.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us using the information provided at the end of this policy.

11. Children's privacy

Our services do not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from anyone under the age of 18 without verification of parental consent, we take steps to remove that information from our servers.

12. Policy update

Our latest Privacy Policy is always available at https://vegaminds.com/privacy-policy and the "effective date" at the top of the page is updated. You are advised to review this Privacy Policy periodically. Once posted, the new Privacy Policy shall be effective immediately.

13. Additional questions

For any questions regarding this Privacy Policy — including matters of our Data Protection Officer (Hugo Castalan) or, for data subjects in the EU/EEA, our GDPR Article 27 Representative (Alex Mathe-Cathala) — please contact us at security@vegaminds.com.