Skip to main content

Privacy Policy

Last Updated: April 13, 2026

Vysdom AI ("we," "us," or "our") operates the website vysdom.ai (the "Site"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Site or use our services. By accessing or using the Site, you agree to the terms of this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide when using our contact form or engaging with our services:

  • Contact Information: Name and email address
  • Inquiry Details: Subject category and message content
  • Professional Information: Any additional context you choose to share about your organization or project

We do not collect payment information through the Site. Any consulting engagement payments are processed through separate, secure channels governed by individual engagement agreements.

1.2 Information Collected Automatically

We use Umami, a privacy-first, cookieless analytics platform. Umami does not use cookies, does not collect personally identifiable information, and fully complies with GDPR, CCPA, and PECR without requiring a cookie consent banner.

The following anonymized, aggregate data may be collected:

  • Page views and referral sources
  • Browser type and device category (mobile, desktop)
  • Country-level geographic data (no IP addresses stored)
  • Session duration (anonymized, not tied to individuals)

We do not use Google Analytics, Facebook Pixel, or any tracking technology that builds user profiles or shares data with advertisers.

2. How We Use Your Information

We use the information we collect solely for the following purposes:

  • Respond to Inquiries: To reply to your contact form submissions and provide requested information about our services
  • Deliver Services: To fulfill consulting engagements as agreed upon in separate Statements of Work
  • Improve the Site: To understand how visitors interact with our Site and improve user experience (via anonymized Umami analytics only)
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes

We do not sell, rent, lease, or otherwise commercially exploit your personal information. We do not use your information for marketing purposes unless you have provided explicit, opt-in consent.

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Legitimate Interest: Responding to business inquiries submitted through our contact form (Article 6(1)(f) GDPR)
  • Contract Performance: Processing data necessary to deliver consulting services under an engagement agreement (Article 6(1)(b) GDPR)
  • Legal Obligation: Where required by applicable law (Article 6(1)(c) GDPR)
  • Consent: Where we seek your explicit permission for specific processing activities, such as marketing communications (Article 6(1)(a) GDPR). You may withdraw consent at any time.

4. Cookies & Tracking Technologies

The Site uses no cookies for analytics or tracking purposes. Our analytics provider (Umami) is fully cookieless. No cookie consent banner is required because no tracking cookies are deployed.

Essential cookies may be used by our hosting provider (Vercel) for basic infrastructure purposes such as load balancing and security. These are strictly necessary and do not require consent under GDPR/PECR.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Contact form submissions: Retained for up to 24 months from the date of submission, then permanently deleted
  • Consulting engagement records: Retained for 7 years as required by applicable tax and business record-keeping regulations
  • Analytics data: Anonymized and aggregated — no personal data retained

You may request early deletion of your personal data at any time (see Section 6).

6. Your Rights

6.1 Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Request that we limit the processing of your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interest
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
  • Right to Lodge a Complaint: File a complaint with your local Data Protection Authority

6.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out of Sale: We do not sell personal information. No opt-out is necessary.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by the CPRA

6.3 Exercising Your Rights

To exercise any of the above rights, please contact us at:

We will respond to all verified requests within 30 days (or 45 days if the request is complex, with notice to you of the extension). We may require identity verification before fulfilling a request.

7. Third-Party Service Providers

We share your information only with the following third-party service providers, each of whom is contractually bound to protect your data:

Provider Purpose Data Shared Privacy Policy
Resend Transactional email delivery Name, email, message content Link
Vercel Website hosting and serverless functions IP address (for routing), request metadata Link
Umami Privacy-first website analytics Anonymized page view data (no PII) Link
Google Appointment scheduling (Google Calendar) Name, email (when booking) Link

We do not share your data with any other third parties, data brokers, or advertising networks.

8. International Data Transfers

Your information may be processed in the United States, where our hosting infrastructure (Vercel) and email delivery provider (Resend) operate. If you are located outside the United States, please be aware that data protection laws in the US may differ from those in your jurisdiction.

Where applicable, we ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) as maintained by our service providers.

9. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

  • HTTPS/TLS encryption for all data in transit
  • Server-side input validation and sanitization
  • Rate limiting and honeypot spam protection on contact forms
  • Minimal data collection principles (we only collect what is necessary)
  • Regular security review of third-party integrations

While we take reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

The Site is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe we have collected information from a child under 13, please contact us immediately.

11. Do Not Track Signals

Our Site does not track users across third-party websites and therefore does not respond to Do Not Track (DNT) signals. However, our use of cookieless, privacy-first analytics means we inherently respect user privacy beyond the scope of DNT compliance.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Site after any changes constitutes your acceptance of the revised Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Vysdom AI
New York, United States