Legal
Privacy Policy
Last updated: May 2026
1. Overview
VritantAI ("we", "our", "us") is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, and your rights. It applies to visitors to vritantai.com and to customers who use the VritantAI platform.
2. Data We Collect
We collect: (a) Account data — name, email address, company name, store URL; (b) Billing data — processed by Paddle as Merchant of Record; we do not store payment card numbers; (c) Product catalog data — product titles, descriptions, prices, and availability you sync from your store; (d) Usage data — API calls, page views, feature interactions, error logs; (e) Communication data — support tickets, emails, and in-app messages; (f) Agent conversation data — messages exchanged in your storefront widget or WhatsApp channel.
3. How We Use Your Data
We use your data to: (a) Provide and improve the Service, including running GEO audits, citation benchmarks, hallucination sweeps, and powering the shopping agent; (b) Process billing and send invoices; (c) Send product updates, security notices, and support responses; (d) Detect and prevent fraud or abuse; (e) Comply with legal obligations. We do not use your catalog data or conversation data to train AI models. We do not sell your data.
4. Third-Party Services
We use the following third-party services to deliver the platform: LLM providers (Anthropic, OpenAI, Google) for inference — queries include relevant catalog context but no persistent identifiers; Supabase for PostgreSQL database hosting; Upstash/Redis for queue and cache; Sentry for error monitoring; PostHog for product analytics (anonymised events). Each provider is bound by data processing agreements appropriate to their role. We do not share your data with advertising networks.
5. Multi-Tenant Data Isolation
All customer data is isolated using PostgreSQL Row-Level Security (RLS) scoped to each tenant's unique ID. No query issued by VritantAI's application layer can return data across tenant boundaries. Tenant IDs are never exposed to other tenants. Staff access to production data requires MFA and is logged.
6. Data Retention
We retain account data for the duration of your subscription plus 90 days, after which it is deleted. Conversation logs are retained for 12 months by default; you can configure a shorter retention window in your account settings. Audit history is retained for 24 months. Hallucination event logs are retained for 12 months.
7. Your Rights
Depending on your jurisdiction, you may have the right to: access your personal data; correct inaccurate data; delete your account and associated data; export your data in a machine-readable format; restrict or object to certain processing; lodge a complaint with a supervisory authority. To exercise any of these rights, email privacy@vritantai.com. We will respond within 30 days.
9. Security
We employ commercially reasonable security measures including: encryption of data at rest and in transit; API key storage using one-way hashing (plaintext shown only once at creation); HMAC verification of all inbound webhooks; MFA for staff access to production systems; quarterly security reviews. No system is perfectly secure; please contact security@vritantai.com immediately if you discover a vulnerability.
10. International Data Transfers
VritantAI is headquartered in Bengaluru, India. Your data may be processed in data centres operated by our third-party providers in the United States, European Union, and other regions. Where required, we rely on Standard Contractual Clauses or equivalent mechanisms to ensure adequate protection for international data transfers.
11. Children's Privacy
The Service is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact privacy@vritantai.com and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy. Material changes will be communicated via email or in-app notification at least 14 days before they take effect. The "Last updated" date at the top of this page indicates the most recent revision.
13. Contact
For privacy enquiries: privacy@vritantai.com. For data deletion requests: privacy@vritantai.com with subject "Data Deletion Request". Postal address: VritantAI, Bengaluru, Karnataka, India.