Privacy Policy

About This Policy

Vector Flow Private Limited ("Vector Flow," "we," "us") is committed to protecting the privacy of individuals who visit our website, use our products, or engage our services. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have.

This policy applies to vectorflowsoft.com and all Vector Flow products and services. It applies globally to all users — visitors, clients, employees, and job applicants.

Data We Collect

Information You Provide

• Account & Registration: Full name, email address, password (hashed), company name, phone number, billing address, and role/title
• Purchase & Billing: Payment method details (processed by PCI-DSS-compliant third parties — we never store card numbers), billing address, GST/VAT number, and transaction history
• Service Delivery: Data you provide for AI model training, analytics projects, and API usage, including any personal data contained in client datasets
• Communications: Messages sent via our contact form, support tickets, email, and sales enquiries
• Employment: Résumés, cover letters, references, and interview data for job applicants

Information Collected Automatically

• Usage Data: Pages visited, features used, session duration, and navigation patterns
• Device & Technical Data: IP address, browser type, operating system, device identifiers, screen resolution, and timezone
• Cookies & Tracking Technologies: Session cookies, analytics cookies, and preference cookies — see our Cookie Policy for full details

How We Use Your Data

• Account Management: Creating and managing your account, authenticating you, and administering your subscription
• Service Delivery: Performing AI development, analytics, consulting, and managed services engagements
• Billing & Payments: Processing transactions, issuing invoices, and managing subscriptions
• Communications: Responding to enquiries, providing support, and sending service updates and security alerts
• Marketing: Sending promotional materials and newsletters where you have opted in or we have legitimate interest — always with an unsubscribe option
• Platform Improvement: Analysing usage patterns to improve our products, features, and user experience
• Legal Compliance: Meeting obligations under Indian law, GDPR, and other applicable regulations including fraud prevention
• AI Model Improvement: We may use anonymised, aggregated usage statistics (never client-specific data) to improve our AI services

Legal Basis for Processing

For EU/UK data subjects (GDPR), we process personal data on the following legal bases:

• Contract: Processing necessary to perform a contract with you — account management, service delivery, and billing
• Legitimate Interests: Service improvement, fraud prevention, and direct marketing to existing clients
• Legal Obligation: Complying with applicable laws, tax obligations, and regulatory requirements
• Consent: Marketing communications and non-essential cookies where we have obtained explicit consent

For Indian data principals under DPDPA 2023, we process personal data on the basis of consent and legitimate uses as defined by the Act.

Data Sharing & Third Parties

We do not sell your personal data. We may share it with:

• Service Providers: Vetted sub-processors (cloud hosting, payment processors, email providers, analytics tools) under strict contractual data processing obligations
• Professional Advisers: Lawyers, accountants, and auditors under confidentiality obligations
• Business Transfers: In connection with a merger, acquisition, or sale of assets — you will be notified and given the option to opt out where required by law
• Law Enforcement: Where required by valid court order, regulatory authority, or to protect the safety of any person

International Data Transfers

Vector Flow is headquartered in India. If you are outside India, your personal data may be transferred to and processed in India and other countries where our service providers are located.

For transfers from the EU/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and adequacy decisions where applicable. We ensure your data receives a level of protection consistent with GDPR requirements regardless of where it is processed.

Data Retention

• Account Data: Duration of account plus 3 years after closure
• Transaction & Billing Records: 7 years (Indian tax law requirement)
• Service Delivery Data: Duration of engagement plus 2 years, unless longer retention is agreed in the SOW
• Marketing & Communication Data: Until you unsubscribe or withdraw consent, plus 1 year
• Website Analytics: 26 months (anonymised)
• Job Applicant Data: 6 months after the position is filled, unless you consent to longer retention

Cookies & Tracking

Our website uses cookies and similar technologies. See our dedicated Cookie Policy for full details. In summary:

• Strictly Necessary: Essential for site function — always active, no consent required
• Analytics Cookies: Help us understand how visitors use our site (e.g. Google Analytics)
• Marketing Cookies: Track visits across sites to display relevant advertising — requires your consent

You can manage cookie preferences at any time via our cookie banner or your browser settings.

Security Measures

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted with TLS 1.3
• Encryption at Rest: All stored personal data is encrypted using AES-256
• Access Controls: Role-based access, multi-factor authentication, and audit logging for all access to personal data
• Penetration Testing: Annual third-party security assessments
• Incident Response: Documented breach response procedures with regulatory notification within 72 hours (GDPR) / as required under DPDPA
• ISO 27001 Aligned: Our information security practices align with ISO 27001 standards

Your Privacy Rights

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Receive your data in a machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests or for direct marketing
• Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Grievance (India): Lodge a complaint with our Grievance Officer (see Section 13)
• Supervisory Authority (EU/UK): Lodge a complaint with your local data protection authority

To exercise any right, email privacy@vectorflowsoft.com. We respond within 30 days.

Children's Privacy

Our services are not directed at individuals under 18. We do not knowingly collect personal data from minors. If we become aware that we hold a minor's data, we will delete it promptly. Contact privacy@vectorflowsoft.com if you believe we hold such data.

Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated by email to registered users and via a prominent notice on our website at least 14 days before they take effect. The "Effective" date at the top indicates the most recent version.

Contact & Grievances

Data Protection / Privacy Enquiries:
Email: privacy@vectorflowsoft.com

Grievance Officer (DPDPA 2023):
Name: Arjun Mehta, CEO
Email: grievance@vectorflowsoft.com
Response time: Within 30 days of receipt

Registered Address: Vector Flow Private Limited, Bengaluru, Karnataka, India