Legal

Privacy Policy

Vettory · Last updated: 7 July 2026

This policy explains how Vettory Ltd ("Vettory", "we", "us") collects, uses, and protects personal data when you use vettory.co and the Vettory platform (together, the "Service"). Vettory is a UK-based company. We comply with the UK GDPR and the Data Protection Act 2018, and with the EU GDPR where it applies.

Contact: privacy@vettory.co · Vettory Ltd (trading name; registered as KSRED LTD, company number 12527377), Kemp House, 152–160 City Road, London, England, EC1V 2NX, United Kingdom.

1. The two roles we play

Vettory processes personal data in two distinct capacities, and your rights differ depending on which applies:

As a controller, for data about our customers and website visitors: account registration details, billing information, support correspondence, and website analytics. This policy governs that processing.

As a processor, for data our customers put into the platform: skill definitions, organisational structures, team hierarchies, user directories synced via SSO/SCIM, and audit logs recording the actions of a customer's users. For this data, our customer is the controller and our processing is governed by the Data Processing Agreement forming part of our customer contracts. If you are an employee of a Vettory customer and want to exercise rights over this data, contact your employer, and we will support their response.

2. Data we collect as a controller

  • Account data: name, work email address, job title, organisation, and authentication credentials (passwords are hashed; we never store them in plain text).
  • Billing data: company billing details and transaction history. Payment card details are handled by our payment processor and never touch our servers.
  • Usage data: log data including IP address, browser type, pages visited, and actions taken in the Service, used for security, debugging, and product improvement.
  • Communications: support tickets, emails, and feedback you send us.
  • Website analytics: we use privacy-respecting analytics to understand aggregate site usage. We do not use advertising trackers.

3. How we use it

We use personal data to provide and secure the Service (performance of contract); to detect abuse, investigate incidents, and maintain audit integrity (legitimate interests); to bill and account (legal obligation and contract); to send service announcements (contract) and, with your consent or under legitimate interest with an opt-out, occasional product updates; and to improve the product using aggregated, de-identified usage data.

We do not sell personal data. We do not use customer content — including skill definitions — to train machine-learning models.

4. Sharing

We share data only with: subprocessors who host and support the Service (cloud infrastructure, payment processing, email delivery, error monitoring), each bound by data processing terms — a current list is available on request at privacy@vettory.co; professional advisers where necessary; and authorities where legally required. If Vettory is involved in a merger or acquisition, data may transfer to the successor entity under the same protections, and we will notify affected users.

5. International transfers

The Service is hosted in the United Kingdom. Where a subprocessor processes data outside the UK/EEA, we rely on adequacy regulations or the UK International Data Transfer Agreement / EU Standard Contractual Clauses.

6. Security

We apply industry-standard measures including encryption in transit and at rest, role-based access control, audit logging, and least-privilege access for staff. Enterprise customers may request our security documentation under NDA.

7. Retention

Account data is retained for the life of your account plus 90 days. Audit logs processed on behalf of customers are retained according to the customer's configuration and contract. Billing records are kept for 7 years as required by UK tax law. Backups are retained on a rolling cycle in line with our current backup policy.

8. Your rights

Under UK/EU data protection law you may request access to, correction of, deletion of, or a portable copy of your personal data; object to or restrict certain processing; and withdraw consent where processing is based on consent. Contact privacy@vettory.co and we will respond within one month. You may also complain to the Information Commissioner's Office (ico.org.uk) or your local supervisory authority.

9. Cookies

We use strictly necessary cookies for authentication and session management, and minimal analytics cookies. We do not use third-party advertising cookies.

10. Changes

We will post updates to this policy here and, for material changes, notify account holders by email at least 14 days before they take effect.

© 2026 Vettory. Built for teams that take AI seriously.