Legal

Privacy Policy

Last updated: 2026-05-28.

1. Who we are

This Privacy Policy describes the practices of Vertical Edge AI LLC (“Vertical Edge AI,” “we,” “our”), a Texas limited liability company headquartered in Austin, TX, with respect to the verticaledgeai.ai public marketing website (the “Site”).

This policy covers the Site only. Customer engagements operate under separate contracts (MSA, SOW, BAA, DPA) which govern customer data handling, including any PHI, MNPI, claimant data, privileged content, or student records processed via VeilEngine deployments.

2. What this policy covers

This policy applies to personal information collected through the Site — specifically through the contact form, server logs, and the privacy-aligned analytics described below. It does not apply to: (a) personal information collected through other Vertical Edge AI channels (direct correspondence, in-person meetings, signed engagements); (b) data we process on behalf of customers under signed engagements; or (c) third-party services we link to but do not operate.

3. Notice at Collection (CCPA / CPRA summary)

At the point of collection on this Site, we collect:

  • Identifiers — name, email address.
  • Commercial information — company, role, industry, framework focus, and any workflow description you enter.
  • Internet activity — standard server-log metadata (IP address, user agent, referrer, timestamp, URL accessed).

Purposes: to respond to your inquiry, scope a potential engagement, operate the Site, and meet legal obligations (Section 5). Retention: up to 36 months for inquiry-related personal information (Section 9). We do not sell or share personal information; we do not engage in cross-context behavioral advertising; we do not use sensitive personal information for purposes other than as disclosed.

4. Information we collect

  • Form submissions — name, email, organization, role, industry, framework focus, intent, and the workflow description you write into the contact form. Submitted directly to Formspree, our form-processing service (see Sub-processors below).
  • Server / hosting logs — standard request metadata (IP address, user agent, timestamp, page accessed) retained by our static-site host for security and operational diagnostics.
  • Privacy-aligned analytics — we use Cloudflare Web Analytics for aggregated, sampled traffic measurement (page URL, referrer, country, browser, screen size). It is cookieless, does not fingerprint, and does not identify individual visitors. Cloudflare also serves as our CDN and security layer, so the analytics beacon does not introduce a new third-party data flow. See the Cookies page Section 3 for the full disclosure.
  • Fonts — webfonts are served from fonts.bunny.net, a privacy-aligned mirror of Google Fonts that does not log requests or set cookies.
  • No advertising trackers — we do not use Facebook Pixel, Google Ads tags, LinkedIn Insight, TikTok Pixel, or similar advertising / retargeting cookies.

5. How we use information

  • To respond to your inquiry, scope an engagement, or provide requested documentation.
  • To operate, secure, and improve the Site.
  • To meet legal obligations (records retention, tax, regulatory).
  • To defend our rights or property in the event of misuse or dispute.

We do not sell your information. We do not enroll Site visitors in marketing automation drip sequences. We do not share form submissions with advertising networks. We do not engage in “cross-context behavioral advertising” as defined by California law.

6. Sub-processors for Site operations

Public-Site sub-processors (separate from customer-engagement sub-processors, which are listed on the Trust page):

  • CDN, security, and Web Analytics (Cloudflare, Inc., San Francisco, CA) — fronts the Site, serves cached assets, and processes cookieless aggregate traffic analytics. Engaged under Cloudflare’s standard Data Processing Addendum.
  • Static-site host (Render Services, Inc., San Francisco, CA) — serves the HTML/CSS/JS and brand assets. Receives server logs. Engaged under Render’s standard Data Processing Addendum.
  • Form processor (Formspree) — receives and routes contact-form submissions to our internal inbox.
  • Webfont provider (fonts.bunny.net) — serves typography assets. Documented privacy posture: no logging, no cookies, EU residency available.
  • Email provider — carries our reply to your inquiry. Typically Postmark or equivalent transactional-email service.

7. AI services and providers

We use third-party large-language-model providers in our internal operations (drafting, research, code generation) and in our customer engagements. Because content you submit through the Site contact form may be reviewed with AI assistance to help us summarize and prioritize inquiries, we disclose those providers here. The training-data and retention posture below applies only to the specific commercial / API / business tiers and Data Processing Addendum configurations we contract under — not to consumer-tier products.

  • Anthropic (Claude) — used under Anthropic’s commercial products only (Claude for Work, Claude Enterprise, Claude for Government, or the Anthropic API under commercial terms), under which inputs and outputs are not used to train Anthropic models by default. Consumer-tier Claude (Free / Pro / Max), which carries a separate opt-in toggle for training, is not used for any business activity related to the Site. Anthropic API logs are retained within 30 days by default for commercial-tier processing; shorter or Zero Data Retention (ZDR) periods apply only when separately contracted.
  • OpenAI (GPT) — used under OpenAI’s API and business tiers only (OpenAI API, ChatGPT Team, or ChatGPT Enterprise), under which inputs and outputs are not used to train OpenAI models by default. Consumer ChatGPT (Free / Plus), which trains on user content by default unless the user toggles it off in Data Controls, is not used for any business activity related to the Site. Standard OpenAI API log retention applies (typically up to 30 days for abuse monitoring) unless Zero Data Retention (ZDR) is contracted.
  • Google Cloud (Gemini, via Vertex AI / Gemini Enterprise Agent Platform) — used under Google Cloud’s commercial terms only. Customer data is not used to train Google foundation models per the Google Cloud Service Specific Terms. By default, Gemini models cache data in memory (RAM only, project-isolated, 24-hour TTL) for latency and cost optimization; for abuse monitoring, Google logs prompts and responses on paid services for a limited period. Zero Data Retention (ZDR) is available on request for an approved project and disables caching plus opts out of abuse-monitoring prompt logging.

We do not use information submitted through the Site contact form, or any other personal information collected via the Site, to train, fine-tune, or evaluate AI models. We do not transfer Site personal data to AI providers under consumer-tier configurations or arrangements that allow training use. For Site-related processing, we engage Anthropic, OpenAI, and Google Cloud under their standard commercial-tier Data Processing Addendums; Zero Data Retention (ZDR) is not currently in effect, and we will update this disclosure if ZDR is contracted for Site-related processing.

8. Cookies and tracking

The Site sets no cookies by default; our only analytics — Cloudflare Web Analytics, disclosed above and on the Cookies page — is cookieless and sets no cookies. Our font provider (fonts.bunny.net) does not set cookies. If a future feature requires a cookie (for example, a session token for a gated download), we will update this policy and add a notice consistent with applicable law (ePrivacy Directive, CCPA / CPRA, EU AI Act transparency obligations).

9. Data retention

Form submissions are retained as long as necessary to respond to the inquiry, conduct due diligence on potential engagements, and meet business-records obligations — typically up to 36 months absent an active engagement, after which records are deleted or anonymized. Server logs are retained per host policy (typically 30–90 days). Cloudflare Web Analytics is aggregated and sampled, with no visitor-level profile retained. You may request deletion of identifying personal information at any time per Section 11.

10. International data transfers

Data is processed primarily in the United States. EU / UK visitors should understand that transferring personal data to the United States carries the considerations described in EU GDPR Article 44 and the Schrems II decision. Where applicable, we rely on the EU-U.S. Data Privacy Framework certification of our sub-processors and on Standard Contractual Clauses.

11. Your rights

Depending on jurisdiction, you may have the right to:

  • Access a copy of the personal information we hold about you;
  • Correct inaccurate personal information;
  • Delete your personal information;
  • Object to certain processing;
  • Restrict processing in certain circumstances;
  • Withdraw consent where processing is consent-based;
  • Opt out of any “sale,” “sharing,” or “targeted advertising” under California, Texas, Colorado, Virginia, Utah, or Connecticut law (we do not engage in any of these; this notice is informational);
  • Data portability — receive a copy of your personal information in a structured, commonly used format.

To exercise these rights, email cordero_ryan@verticaledgeai.ai with the subject “Privacy request.” We respond within 30 days (or sooner where required). We do not discriminate against you for exercising your rights.

12. AI and automated decision-making

We may use AI-assisted tools to summarize, categorize, or prioritize incoming inquiries. This processing is not a “solely automated decision” producing legal or similarly significant effects on you under GDPR Article 22, and it does not currently meet the threshold of an “automated decision-making technology” subject to pre-use notice under the California CCPA Regulations (effective January 1, 2026), with ADMT-specific compliance starting January 1, 2027 and pre-use notice, opt-out, and risk-assessment requirements effective April 1, 2027. Final engagement decisions are made by a human.

If we deploy any automated decision-making system that does meet those thresholds, we will update this policy with a separate pre-use notice describing the system, the data used, your right to opt out, and your right to request human review.

13. State-specific privacy rights

Residents of the following U.S. states have rights under their state’s comprehensive privacy law in addition to those listed in Section 11.

California (CCPA / CPRA). Categories of personal information collected: identifiers (name, email), commercial information (company, role, framework focus), Internet activity (server logs), and the content of your message. Purposes: as described in Section 5. We do not sell or share personal information. We do not use sensitive personal information for purposes other than as disclosed. Notice at Collection summary: Section 3 above; a separate short Notice at Collection also appears at the contact form per 11 CCR § 7012. Authorized-agent procedures follow 11 CCR § 7063 (effective January 1, 2026 amendments).

Texas (TDPSA, effective July 1, 2024). Texas residents have rights of access, correction, deletion, portability, and to opt out of targeted advertising, sale of personal data, and certain profiling. We do not engage in any of these. To exercise rights, email cordero_ryan@verticaledgeai.ai with subject “Texas TDPSA request.”

Colorado, Virginia, Utah, Connecticut. Residents of these states have rights similar to those above (varying by state, including access, deletion, correction, portability, and opt-out of certain processing). Email the address above with subject “[State] privacy request.”

Connecticut LLM disclosure (effective July 1, 2026). Connecticut residents are informed: we do not use your personal data to train large language models.

We continue to monitor state privacy law developments and update this policy as new laws (Oregon OCPA, Delaware DPDPA, Iowa ICDPA, Tennessee TIPA, Indiana ICDPA, Montana MCDPA, Florida FDBR, New Hampshire NHPA, Minnesota MCDPA, Maryland MODPA, and others) become effective and applicable to our processing scale.

14. EU / UK GDPR additional information

For visitors located in the European Economic Area, the United Kingdom, or Switzerland, the lawful bases for our processing under GDPR Article 6 are: (a) legitimate interest in responding to business inquiries and operating the Site (Article 6(1)(f)); (b) consent for optional information you provide (Article 6(1)(a)); and (c) contractual necessity if we enter into a service agreement (Article 6(1)(b)).

You have additional rights under GDPR Articles 13–22, including the right to lodge a complaint with your local supervisory authority. To exercise GDPR rights, email cordero_ryan@verticaledgeai.ai.

EU representative (Article 27). We do not currently designate a Union representative under GDPR Article 27 because our processing of EU/UK data falls within the Article 27(2) occasional-processing exemption: we offer services on a US-domiciled basis, do not actively market to EU/UK prospects, do not process special-category data on a large scale, and our processing is unlikely to result in risk to the rights and freedoms of natural persons. If our engagement profile changes (active EU outreach, EU-language localization, or material EU client engagement), we will designate an Article 27 representative.

15. Children

The Site is intended for business audiences and is not directed at children. We do not knowingly collect information from children under 13. Education-vertical features (FERPA / COPPA / IDEA workflows) are operated only under contracted customer engagements, never on this public Site.

16. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect the personal information we collect through the Site, including encryption in transit (TLS), access controls, and minimization of personal data collected. No system is perfectly secure. If we become aware of a breach affecting your personal data, we will notify you and applicable regulators as required by law.

17. Changes to this policy

We will update this policy as needed and update the “Last updated” date above. Material changes affecting Site visitors will be summarized at the top of this page for at least 30 days. Continued use of the Site after the effective date of material changes constitutes acknowledgment.

18. Contact

Privacy inquiries: cordero_ryan@verticaledgeai.ai
Vertical Edge AI LLC, Austin, TX

We do not currently designate a Data Protection Officer because we do not meet the criteria of GDPR Article 37(1): we are not a public authority, our core activities do not require systematic monitoring of data subjects on a large scale, and we do not process special-category data on a large scale. The privacy contact email above is the inbound channel for rights requests and privacy inquiries.

This Privacy Policy reflects Vertical Edge AI LLC’s current practices as of 2026-05-28. We update this document as the business evolves and as the regulatory landscape changes. This document is informational and does not constitute legal advice.