Skip to main content

For the best experience, we recommend using a desktop browser for search and analysis features.

Legal

Privacy Policy

Effective date: March 19, 2026

Introduction

VigilAI ("we," "our," or "us") operates a B2B SaaS platform that provides AI-powered vendor risk analysis for financial services compliance teams. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at vigilai.com or use our platform services.

By accessing or using our services, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access our platform. Please also review our Terms of Service.

Data Collection

We collect information that you provide directly to us, information collected automatically when you use our services, and information from third-party sources.

Information You Provide

  • Account registration details (name, email address, organization name)
  • Billing and payment information processed securely through Stripe
  • Search queries, vendor names, and risk analysis parameters you enter
  • Analyst dispositions, notes, and report configurations
  • Contact form submissions and support requests

Information Collected Automatically

  • IP address, browser type, device information, and operating system
  • Usage data including pages visited, features used, and session duration
  • Authentication tokens and session identifiers managed by Auth0
  • Cookie and tracking technology data (see Cookie Policy below)

How We Use Your Data

We use the information we collect for the following purposes:

  • To provide and maintain our vendor risk analysis platform, including executing searches and generating AI-powered risk classifications
  • To process your data through our AI analysis pipeline, which uses Claude AI by Anthropic to classify articles by risk type and severity
  • To generate and deliver risk reports via email (using Resend) and downloadable PDF/CSV exports
  • To aggregate publicly available news data from Google News RSS and GDELT for adverse media screening
  • To process payments and manage your subscription through Stripe
  • To authenticate your identity and manage access through Auth0
  • To send transactional emails related to your account and service usage
  • To improve our services, fix bugs, and develop new features
  • To comply with legal obligations and enforce our terms of service

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Audit logs: Retained for 7 years to meet financial services regulatory requirements
  • Account data: Retained for the duration of your active subscription and up to 90 days after account closure
  • Search results and reports: Retained for the duration of your subscription unless you request earlier deletion
  • Payment records: Retained as required by tax and financial regulations

Third-Party Services

We use the following third-party services to operate our platform. Each service processes data in accordance with their own privacy policies:

  • Auth0 — Identity and authentication management. Processes your email, name, and login credentials to securely authenticate your account.
  • Stripe — Payment processing. Handles billing information, subscription management, and payment transactions. VigilAI does not store your full credit card details.
  • Resend — Email delivery service. Processes recipient email addresses to send transactional emails such as risk reports, account notifications, and team invitations.
  • Google News RSS & GDELT — News data APIs. We query these public data sources to aggregate news articles relevant to your vendor risk searches. No personal data is shared with these services.
  • Claude AI by Anthropic — AI risk classification engine. Article content is sent to Claude AI for risk type classification, severity assessment, and summary generation. No personally identifiable information is included in AI processing requests.

Your Rights

Depending on your location, you may have the following rights regarding your personal data under applicable data protection laws (including GDPR and CCPA):

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request that we correct any inaccurate or incomplete personal data.
  • Right to erasure: You may request that we delete your personal data. We will process erasure requests within 30 calendar days, subject to any legal retention obligations.
  • Right to data portability: You may request that we provide your data in a structured, commonly used, machine-readable format.
  • Right to restrict processing: You may request that we limit how we process your personal data.
  • Right to object: You may object to the processing of your personal data for certain purposes, including direct marketing.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time.

To exercise any of these rights, please contact us at privacy@vigilai.io. We will respond to your request within the timeframes required by applicable law.

Contact Information

If you have any questions about this Privacy Policy, your personal data, or would like to exercise your data protection rights, please contact us:

Last updated: March 19, 2026