Legal

Privacy Policy

Vectra AI, Inc. (together with its wholly owned subsidiaries, including entities established in the European Union) (“we” or “Vectra”) respect your privacy and are committed to protecting any personal data we collect about you or that you provide to us (“your information”). We process your personal data in compliance with applicable data protection laws, including the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) the UK GDPR, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), where applicable.

This Privacy Policy (together with our Terms of Use and any other documents referred to in it) sets out the basis on which we will process your information. By visiting https://www.vectra.ai or other websites belonging to Vectra, you are accepting the practices described in this Privacy Policy.

Personal data means any information relating to an identified or identifiable natural person, such as a first and last name, a home or other physical address, an email address or other contact information. More detail about the categories of personal data we collect is provided below.

1. Collection of Your Information

We collect information from you directly, indirectly, and automatically:

Direct collection: When you complete forms, correspond with us by phone, e-mail or otherwise, or apply for a vacancy. This may include your name, email, phone number, work history, education, professional qualifications, or other details relevant to your inquiry or application.
Indirect collection: From publicly available sources (such as LinkedIn, Twitter, Google), from affiliates, or from trusted third-party partners (such as subcontractors, analytics providers, advertising networks, credit reference agencies). We ensure that such third parties are legally entitled to share the data with us.
Automatic collection: Technical and navigational information from your device, including IP address, browser type, referral source, geographic location, time spent on site, and pages viewed. We may also collect demographic data, such as age, gender, or ZIP code.
Recruitment: When applying for vacancies or joining our speculative applicant database, we may process CVs, qualifications, and related information for recruitment and talent management.

You may browse our websites without actively providing personal data, but some features may require it

2. Children

Our websites and services are not directed to children under 16 (or the relevant minimum age of consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected such data, contact us at privacy@vectra.ai and we will delete it.

3. Legal Basis and Use of Your Information

We process your information only where we have a lawful basis under GDPR. These include:

Contractual necessity – to carry out obligations under contracts with you, including providing products, services, or information you request.
Legitimate interests – to operate and improve our websites, provide customer support, detect fraud, monitor recruitment suitability, conduct analytics, or send relevant communications. We balance these interests against your rights.
Consent – where required, for example for direct electronic marketing or placing certain non-essential cookies. You can withdraw consent at any time.
Legal obligation – where we must comply with applicable laws, regulatory requirements, or respond to lawful requests.

We use your information for purposes including:

To operate, secure, and improve our websites and services.
To send you personalized content, offers, or marketing (where legally permitted).
To measure and understand the effectiveness of our communications and advertising.
To evaluate your suitability for current or future roles with Vectra.
To comply with applicable law, defend legal claims, and prevent fraud or misuse.

4. Sharing of Your Information

We do not sell your personal data. We only disclose it as follows:

With subsidiaries, affiliates, and trusted service providers who support our operations under strict confidentiality and data protection obligations.
With carefully selected partners where you have requested or consented to receiving communications.
In connection with a merger, acquisition, or sale of assets
To protect the rights, property, or safety of Vectra, our affiliates, customers, or the public.
Where required by law, legal process, or competent authorities.

Where required by law, legal process, or competent authorities.

5. Joint Controllers

For the purposes of Article 26 GDPR, Vectra AI, Inc. and, where applicable, any of the following subsidiaries, may act as joint controllers when processing personal data in connection with marketing communications within their respective territories:

Vectra AI Australia Pty Limited
Vectra AI Canada Limited
Vectra AI France SARL
Vectra AI Germany GmbH
Vectra AI India Private Limited
Vectra AI Ireland Limited
Vectra AI Japan KK
Vectra AI Singapore Pte Limited
Vectra AI Switzerland GmbH
Vectra AI UK Limited
Vectra AI Arabia Limited

The joint controllers have entered into an arrangement pursuant to Article 26 GDPR, which determines their respective responsibilities for compliance with obligations under the GDPR. In particular:

Vectra AI, Inc. is primarily responsible for overall compliance with transparency obligations under Articles 13 and 14 GDPR.
Each subsidiary is responsible for compliance with local legal obligations and for handling data subject rights requests that relate to personal data processed in its jurisdiction.
Regardless of this arrangement, you may exercise your rights under the GDPR in respect of and against any of the joint controllers. Requests should be directed to privacy@vectra.ai, and will be coordinated in accordance with the Article 26 arrangement.

6. International Transfers

Your information may be transferred outside your country, including to the United States. Where we transfer personal data from the European Economic Area (EEA), Switzerland, or the UK to countries not deemed adequate by the European Commission or UK authorities, we rely on approved safeguards, such as Standard Contractual Clauses (SCCs) and supplementary measures as required. A copy of these safeguards can be requested at privacy@vectra.ai.

Data Privacy Framework Notice

Vectra AI, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Vectra AI, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Vectra AI, Inc. has also certified that it adheres to the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Vectra AI, Inc. commits to resolve complaints about our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our DPF-related processing should first contact Vectra AI, Inc. at privacy@vectra.ai. Vectra AI, Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner's Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

Vectra AI, Inc. has further committed to refer unresolved complaints to an independent dispute resolution mechanism located in the United States. Under certain conditions, individuals may invoke binding arbitration for complaints not resolved by other means, as described in Annex I of the DPF Principles.

Vectra AI, Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). Vectra AI, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Vectra AI, Inc. remains liable under the DPF Principles if third-party agents process personal data on its behalf in a manner inconsistent with the Principles, unless Vectra AI, Inc. proves it is not responsible for the event giving rise to the damage.

7. Retention of Your Information

We retain your personal data only as long as necessary for the purposes described in this Privacy Policy, including to meet legal, accounting, or reporting obligations. Recruitment data is kept in line with applicable retention schedules. Where processing is based on consent, we will delete your data promptly after withdrawal. You may request deletion at any time (see Section 11 below).

8. Security

We implement technical and organizational measures appropriate to the risk to protect personal data against unauthorized access, loss, alteration, or destruction. Access to your information is restricted to personnel and partners with a legitimate business need. Please note that no method of transmission over the internet is completely secure.

9. Cookies and Tracking

We use cookies and similar technologies for functionality, analytics, and personalization. Where required, we request your consent before placing non-essential cookies. You may adjust your browser settings to block cookies, but some services may not function properly. See our separate Cookie Policy for more details.

10. External Websites and Social Media Features

Our websites may link to third-party sites or embed social media widgets (e.g., Facebook “Like” buttons). These may collect information such as your IP address. Your interactions with such features are governed by the privacy policies of those providers, not by us.

11. Your Rights

Under GDPR and applicable data protection laws, you have the following rights:

Access: Obtain a copy of your personal data and details of how we process it.
Rectification: Request corrections to inaccurate or incomplete data.
Erasure (“right to be forgotten”): Request deletion of your personal data in certain circumstances.
Restriction: Ask us to restrict processing in certain situations.
Portability: Receive your personal data in a structured, machine-readable format and transmit it to another controller where technically feasible.
Objection: Object to processing based on legitimate interests, including profiling, or to direct marketing.
Withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting prior lawful processing.
Complaint: Lodge a complaint with your local data protection authority if you believe your rights have been violated.

You can exercise your rights by contacting us at privacy@vectra.ai or by mail at: Vectra AI, 550 South Winchester Blvd, Suite 200, San Jose, CA 95128. Attention: Privacy.

12. Marketing Communications

Where permitted by law, we may send you marketing communications. You can unsubscribe at any time by clicking the “unsubscribe” link in our emails or contacting us at privacy@vectra.ai.

13. Changes to this Policy

We may update this Privacy Policy from time to time. The revised version will be posted on our website with an updated “last revised” date. If we make material changes, we will notify you through appropriate channels.

14. Contact Details

If you have questions about this Privacy Policy or how we process your data, contact us at: privacy@vectra.ai Vectra AI, 550 South Winchester Blvd, Suite 200, San Jose, CA 95128. Attention: Privacy.