Europe Privacy Policy

Updated: November 4, 2024

We at VestAI LTD (together with our affiliates, “VestAI”, “we”, “our” or “us”) respect your privacy and are committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to Personal Data when you use our websites, applications, and services (collectively, the “Services”).

This policy applies if you reside in the European Economic Area (EEA), Switzerland, or the United Kingdom. If you reside outside those regions, please see our global Privacy Policy.

1. Data Controller

  1. EEA & Switzerland: VestAI LTD, a company incorporated under the laws of the Republic of Cyprus, with its registered office at [insert full legal address]. VestAI LTD is the controller for processing under the EU GDPR and Swiss FADP.
  2. United Kingdom: VestAI LTD is the controller for processing under the UK GDPR. If we appoint a UK representative, we will provide their details here.

Lead supervisory authority (EU): Office of the Commissioner for Personal Data Protection (Cyprus). You may also lodge a complaint with your local EEA authority, the UK Information Commissioner’s Office (ICO), or the Swiss Federal Data Protection and Information Commissioner (FDPIC).

2. Personal Data We Collect

  • Account Information: Name, contact details, credentials, date of birth (where needed), payment details and transaction history.
  • User Content: Anything you submit to the Services (e.g., prompts, files, images, audio).
  • Communication Info: Messages you send us (name, contact info, message content, support interactions).
  • Technical Information: IP address, browser/device type, timestamps, usage patterns, device identifiers, general location inferred from IP, cookies and similar technologies.
  • Third-Party & Public Sources: Data from partners (e.g., fraud/security services, payment processors) and publicly available information used to operate, develop, and secure our Services.

3. How We Use Personal Data

  • Provide, maintain, and improve our Services.
  • Develop new features and conduct research.
  • Communicate updates, support, and—where permitted—marketing.
  • Prevent fraud and abuse, and protect security and integrity.
  • Comply with legal obligations and establish, exercise, or defend legal claims.
  • Aggregate/de-identify data for analytics and research.

4. Disclosure of Personal Data

  • Vendors & Service Providers: Hosting, analytics, customer support, payment processors, etc., under contracts requiring processing only on our instructions with appropriate safeguards.
  • Business Transfers: In connection with mergers, acquisitions, restructurings, or asset sales.
  • Legal & Safety: To comply with laws, enforce terms, protect rights/property, detect abuse or fraud, and cooperate with regulators or law enforcement.
  • Affiliates: Within our group to enable consistent service delivery.
  • Business Administrators: If you use a VestAI business/enterprise account, admins may access account data and Content subject to your organization’s policies.
  • Third-Party Integrations: When you choose to connect or share with external apps or users (governed by their policies).

5. Retention

We retain Personal Data only as long as necessary to provide the Services, fulfill legitimate business purposes (e.g., dispute resolution, security), and comply with legal requirements. Retention periods depend on data type, purpose, sensitivity, and legal obligations. Some data (e.g., temporary chats) may be deleted or anonymized sooner per your settings.

6. Your Rights

  • Access, rectify, or delete your Personal Data.
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time (where processing is based on consent).
  • Lodge a complaint with your local data protection authority, the Cyprus Commissioner, the UK ICO, or the Swiss FDPIC.

You may exercise many rights via your VestAI account or by contacting us at privacy@vestai.com. We will respond in accordance with applicable law.

7. Children

In the EEA, UK, and Switzerland, our Services are not directed to children under 16, and we do not knowingly collect Personal Data from them without verifiable consent from a parent or legal guardian (where permitted by law). In other regions, the age may be 13 or as required by local law. If you believe we have collected Personal Data from a child in violation of this section, please contact privacy@vestai.com and we will investigate and delete as appropriate.

8. Security

We implement industry-standard technical, administrative, and organizational measures to protect Personal Data. However, no system is completely secure; please take care when deciding what to share.

9. Legal Bases for Processing

Under the GDPR, UK GDPR, and Swiss FADP (where applicable), we rely on:

  • Performance of a contract: To operate the Services and process your requests.
  • Legitimate interests: Improve Services, ensure security, prevent fraud, and conduct research (balanced against your rights).
  • Legal obligations: Compliance with laws and regulations.
  • Consent: For certain marketing communications, cookies, or other processing where required.

10. International Data Transfers

We may process data on servers outside your country, including the United States and other jurisdictions. Where Personal Data is transferred outside the EEA/UK/Switzerland, we ensure adequate protection through:

  • EU Commission adequacy decisions (where applicable).
  • EU Standard Contractual Clauses (SCCs).
  • UK Addendum / International Data Transfer Addendum (IDTA).
  • Swiss-compliant transfer mechanisms where required.

Contact privacy@vestai.com to request information about these safeguards.

11. Cookies & Similar Technologies

We use cookies, SDKs, and similar technologies to operate the Services, measure performance, and (where permitted) personalize content. See our Cookie Policy for details and choices. Where required, we obtain your consent via a consent banner or settings.

12. Changes to This Policy

We may update this policy from time to time. Revised versions and effective dates will be posted here, unless another form of notice is required by law.

13. How to Contact Us

For questions or requests, email privacy@vestai.com or write to:

VestAI LTD
[insert full legal address]
Republic of Cyprus

Data Protection Officer (if applicable): dpo@vestai.com ([insert DPO name if appointed]; if not appointed, leave blank)