Vastal Agency

Introduction

Welcome to Vastal Agency, an AI-powered digital services agency.

Vastal Agency ("us", "we", or "our") operates https://vastal.agency and our associated digital services platform (hereinafter referred to as "Service").

Our Privacy Policy governs your visit to https://vastal.agency and explains how we collect, safeguard, and disclose information that results from your use of our Service.

We use your data to provide and improve our Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

Definitions

SERVICE: means the https://vastal.agency website and digital services platform operated by Vastal Agency.
PERSONAL DATA: means data about a living individual who can be identified from those data.
USAGE DATA: is data collected automatically either generated by the use of Service or from Service infrastructure itself.
COOKIES: are small files stored on your device (computer or mobile device).

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you. This includes personal information, business data, and usage analytics to deliver our AI-powered digital services platform.

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. This may include:

Email address
First name and last name
Phone number
Company name and details
Cookies and Usage Data

Client Project Data

For delivering our digital services, we may collect and process:

Website and application content
Brand assets and design materials
Business requirements and specifications
Integration credentials (securely stored)
Analytics and performance data

AI Agent Data

When you use our AI agent services, we may process:

Conversation logs and interactions
Customer inquiries handled by AI
Email and chat content
Voice call recordings (if enabled)
AI model configurations

Usage Data

We may collect information about how the Service is accessed and used, including your computer's IP address, browser type, browser version, the pages of our Service that you visit, and other diagnostic data.

Use of Data

Vastal Agency uses the collected data for various purposes:

To provide and maintain our Service
To notify you about changes to our Service
To provide customer support
To gather analysis to improve our Service
To monitor the usage of our Service
To detect, prevent, and address technical issues
To deliver the digital services you have contracted
To provide AI-powered automation and agents on your behalf

AI Model Training & Data Usage

Important: We are committed to protecting your privacy and maintaining transparency about how your data is used.

Our AI Training Policy

We only use aggregated and anonymized data to improve our AI models. This means:

No personally identifiable information (PII) is used for AI model training
All training data is fully anonymized and aggregated before use
Individual user data or identifiable information is never used

Third-Party AI Services

We do not use any data obtained through third-party AI services (such as OpenAI or Anthropic) to develop, improve, or train generalized AI models. All data processed through these services is used solely to provide the specific services for which it was collected.

Retention of Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements.

Specific retention periods:

Financial access tokens: Encrypted at rest; deleted immediately upon disconnection of linked financial account. Provider access revoked via API.
Financial transaction data: Retained while the financial account connection is active. Upon disconnection, retained up to 90 days for reconciliation, then permanently deleted.
Project files: Retained for duration of engagement plus 1 year
AI conversation logs: Customer-configurable, typically 30-90 days
Usage analytics: Anonymized and aggregated after 90 days
Account data: Deleted within 30 days of account closure request
Audit logs: Retained for 12 months for security and compliance purposes, then deleted.

To request data deletion, contact us at tim@vastal.agency. Requests are fulfilled within 30 days.

Transfer of Data

Your information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Disclosure of Data

We may disclose personal information that we collect, or you provide:

Disclosure for Law Enforcement

Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.

Business Transaction

If we are involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred.

Security of Data

The security of your data is important to us. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Our security measures include:

Encryption in transit (TLS/SSL) and at rest
Access controls and authentication requirements
Secure credential storage with encryption
Regular security updates and patch management

Your Data Protection Rights under CCPA

If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it.

We do not sell your personal information for monetary consideration.

To exercise your California data protection rights, please send your request(s) to hello@vastal.agency.

Third-Party Service Providers

We may employ third party companies and individuals to facilitate our Service. These third parties have access to your Personal Data only to perform tasks on our behalf.

AI/ML Providers

OpenAI: Large language models and AI services
Anthropic: Claude AI models

Infrastructure

Supabase: Database and backend services
Vercel: Hosting and deployment

Financial Services

Plaid: Bank account connectivity and transaction data. When you connect a bank account, Plaid accesses your financial data pursuant to their own privacy policy. We store transaction data to provide financial dashboard features. You can disconnect your bank account at any time.
Stripe: Payment processing

Children's Privacy

Our Services are not intended for use by children under the age of 13.

We do not knowingly collect personally identifiable information from children under 13. If you become aware that a child has provided us with Personal Data, please contact us.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email: hello@vastal.agency

We will respond to your inquiry within 30 days.

Privacy Policy