Privacy Policy

Last updated: January 2025

This Privacy Policy describes how VASCO AI collects, uses, and protects the personal information of users of our website and services, in compliance with the EU General Data Protection Regulation (GDPR).

1. Information We Collect

We collect personal information that you voluntarily provide when using our website:

• Account information: name, email address
• Chatbot configuration: name, description, system prompt, appearance settings
• Conversation data: messages exchanged with your chatbots
• API keys: encrypted references to your AI provider API keys (actual keys stored securely by providers)

2. How We Handle Conversations

Your conversations with AI chatbots are processed as follows:

• Processing: Messages are sent to AI providers (OpenAI, Anthropic, Google, Groq) to generate responses
• Free/Pro Plans: We store only conversation summaries, not full message transcripts, to minimize personal data retention
• VIP Plan: Full conversation history is stored, allowing you to review and continue past conversations
• No training: Your conversations are NOT used to train AI models

2.1 VIP Features

VIP subscribers have access to additional features:

• Full-Page Chat: A dedicated chat interface similar to ChatGPT/Perplexity
• Conversation History: Complete thread storage and retrieval
• Sidebar Navigation: Easy access to all past conversations
• Individual Deletion: Delete specific conversations while keeping others

3. Legal Basis for Processing

We process your personal data based on the following legal bases under GDPR (Art. 6):

• Consent: You voluntarily provide your data when creating an account and using our services
• Legitimate interest: We analyze conversation summaries to improve service quality, detect abuse, and ensure system security
• Contractual necessity: Processing required to deliver the AI chatbot services you request

4. Data Retention Period

We retain your personal data for the following periods:

• Account data: Retained while your account is active
• Conversation summaries (Free/Pro): Retained for 12 months from the date of creation, then automatically deleted
• Full conversations (VIP): Retained for 12 months from the date of creation, then automatically deleted
• Usage statistics: Aggregated and anonymized after 6 months
• Deleted accounts: All personal data permanently deleted within 30 days of account deletion

You may delete individual conversations (VIP) or clear conversation summaries at any time through your dashboard or chat interface.

5. How We Use Your Information

We use your personal information to:

• Provide and maintain the AI chatbot service
• Process your requests and generate AI responses through third-party providers
• Improve service quality through analysis of conversation summaries
• Communicate with you about your account and service updates
• Detect and prevent fraud or abuse of the service
• Comply with legal obligations

6. Information Sharing

We do not sell your personal information. We share data only in the following circumstances:

• AI Providers: Your messages are sent to AI providers (OpenAI, Anthropic, Google, Groq) for processing. These providers have their own privacy policies.
• Legal requirements: We may disclose data if required by law or to protect our rights

Please review the privacy policies of AI providers you use:

• OpenAI Privacy Policy
• Anthropic Privacy Policy
• Google Privacy Policy
• Groq Privacy Policy

7. Data Security

We implement industry-standard security measures:

• HTTPS encryption for all data transmission
• Encrypted storage of API key references
• Access controls and authentication mechanisms
• Regular security reviews and updates

8. Your GDPR Rights

Under GDPR, you have the following rights:

• Right to access (Art. 15): Request a copy of your personal data
• Right to rectification (Art. 16): Correct inaccurate or incomplete data
• Right to erasure (Art. 17): Request deletion of your personal data ('right to be forgotten')
• Right to restrict processing (Art. 18): Limit how we use your data
• Right to data portability (Art. 20): Receive your data in a structured format
• Right to object (Art. 21): Object to processing based on legitimate interest

You can exercise these rights through your dashboard settings or by contacting us directly.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the EU. When using AI providers based outside the EEA (such as OpenAI, Anthropic, Google, Groq), your data is protected under standard contractual clauses as required by GDPR.

10. Data Deletion

You can request deletion of your personal data at any time:

• Via dashboard: Go to Settings → Delete Account to permanently delete your account and all associated data
• Via email: Contact us at support@vascoai.com

Upon deletion, we will remove all your personal data within 30 days, except for anonymized data that cannot be linked to your identity.

11. Cookies

We use essential cookies for authentication and session management. We may also use analytics cookies to understand how you use our service. You can manage cookie preferences through your browser settings.

12. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or by posting a notice on our website before the changes become effective.

14. Contact Us

For any questions about this Privacy Policy, GDPR requests, or your personal data, please contact us at:

If you are not satisfied with our response to your GDPR complaint, you have the right to lodge a complaint with a supervisory authority in your EU member state.