Privacy Policy

Last updated: May 2026

1. Information We Collect

Contact Information: When you request a demo or contact us, we collect your name, email address, company name, and job title.

Account & Usage Data: We collect account details and anonymized analytics about how you interact with our website and product, including pages visited and time spent.

Customer Data: Documents and content you submit for processing are handled on your behalf to provide the service.

Terminal Data: During system operation, terminal screens are captured and processed for AI inference. Screenshots may be retained for a limited period to power live monitoring and the audit trail, and are deleted on a rolling schedule; we do not use terminal data for any purpose other than providing the service.

2. How We Use Your Information

  • To provide and maintain our services
  • To communicate with you about your account or our services
  • To improve our products and develop new features
  • To secure the service and prevent abuse
  • To comply with legal obligations

Our AI assists with processing documents and operating systems under the configuration and supervision of our customers. We do not make decisions that produce legal or similarly significant effects about individuals solely by automated means without human involvement, and we do not use your data to train our own AI models.

3. Legal Bases for Processing

Where data protection law (such as the GDPR) applies, we process personal data on one or more of the following bases:

  • Contract: to provide the service you or your organization requested
  • Legitimate interests: to secure, support, and improve the service
  • Consent: where you have given it, such as for certain communications
  • Legal obligation: to comply with applicable law

4. Data Retention

Contact information is retained for the duration of our business relationship plus 3 years. Terminal screenshots are retained only briefly to support live monitoring and the audit trail and are deleted on a rolling schedule. Operational audit logs are retained for one month. Records of access to documents containing protected health information are retained for the longer period required for compliance (for example, the HIPAA accounting-of-disclosures period). We delete or anonymize personal data when it is no longer needed for the purposes described here, unless a longer period is required by law.

5. Data Sharing & Subprocessors

We do not sell your personal information. We share data with vendors who process it on our behalf under data-processing agreements:

  • Cloud Infrastructure: Hetzner Online (Germany) for compute and database hosting
  • Document Storage: Cloudflare R2 for encrypted document storage
  • AI Providers: Anthropic (Claude) and Google (Gemini) for AI inference, under data processing agreements
  • Network & Connectivity: Cloudflare for content delivery and security; Tailscale for secure connectivity to your systems
  • Email: Resend for transactional email
  • Payments: Stripe for billing and payment processing
  • Legal Requirements: When required by law or to protect our rights

6. International Data Transfers

We and our subprocessors may process data in countries other than your own. Where required, we rely on appropriate safeguards for cross-border transfers, such as the European Commission's Standard Contractual Clauses, to protect your information.

7. Cookies & Analytics

Our website uses cookies and similar technologies for essential functionality and anonymized analytics. You can control cookies through your browser settings; disabling some cookies may affect site functionality.

8. Your Rights

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal information
  • Object to or restrict processing of your data
  • Data portability
  • Withdraw consent at any time
  • Opt out of the sale or sharing of personal information (we do not sell it)
  • Lodge a complaint with a data protection supervisory authority

To exercise these rights, contact us at [email protected]. We will respond within the timeframe required by applicable law. If you are in the EU/EEA, you also have the right to lodge a complaint with your local supervisory authority; our lead authority is the Data State Inspectorate of Latvia (Datu valsts inspekcija).

9. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption of credentials and sensitive data at rest, tenant isolation, role-based access controls, and audit logging. See our Security page for details.

10. Data Breach Notification

In the event of a personal data breach that affects you, we will notify affected customers and relevant authorities without undue delay and in accordance with applicable law.

11. Children's Privacy

Our services are intended for businesses and are not directed to children under 16. We do not knowingly collect personal information from children. If we learn we have done so, we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date below reflects the current version. For material changes we will provide reasonable notice through the service or by other means.

13. Contact Us

The data controller is SIA VisionBridge, a company registered in the Republic of Latvia (registration No. 40203641390), with its registered office at Avotu iela 54B, Rīga, LV-1009, Latvia, operating LegacyBridge. For privacy-related inquiries, contact us at: [email protected]