Privacy Policy

Last updated: March 1, 2026

1. What We Collect

Vector Decisions collects the minimum data necessary to provide our AI agent governance service:

  • Account Data: Email address, name, organization name, and hashed password.
  • Agent Data: Information about AI agents you register (name, type, purpose, vendor, risk level).
  • Event Data: Agent actions, decisions, and health metrics submitted via our API.
  • Usage Data: Page views, feature usage, and session data via Google Analytics (anonymized).

2. What We Do NOT Collect

  • We do NOT access your AI agents directly. All data is submitted by you via our API.
  • We do NOT store the actual content your AI agents generate (unless you include it in event payloads).
  • We do NOT sell your data to third parties.
  • We do NOT use your data to train AI models.

3. Data Storage & Security

  • All data is encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Audit trail data uses cryptographic hash chains (SHA-256) for tamper evidence.
  • Passwords are hashed with bcrypt (12 rounds).
  • Database access is restricted and monitored.

4. Data Retention

Audit trail data is retained according to your plan:

  • Starter: 7 days
  • Growth: 90 days
  • Business: 1 year
  • Enterprise: Unlimited

Account data is retained until you delete your account. Upon deletion, all associated data is removed within 30 days.

5. Cookies

We use the following cookies:

  • Essential: Session authentication (required for login).
  • Analytics: Google Analytics (can be declined via cookie consent).

No advertising cookies are used.

6. Your Rights (GDPR)

  • Right to access your data
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to data portability (export your data anytime)
  • Right to object to processing

Contact us at privacy@vectordecisions.com to exercise any of these rights.

7. Third-Party Services

  • Google Analytics 4 (anonymized analytics)
  • Cloudflare (CDN and DDoS protection)
  • LemonSqueezy (payment processing — they handle all payment data)

8. Contact

For privacy questions: privacy@vectordecisions.com

Data Protection Officer: dpo@vectordecisions.com