Privacy policy

This Privacy Policy explains how Vael Intelligence LLC collects, uses, and protects personal information when you visit vaelintelligence.com or engage with our cybersecurity services. We believe privacy is a right, not a feature, and we have designed our practices to collect the minimum data necessary to operate.

This policy applies to all personal data we process in connection with our website and services. Where applicable, we comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Brazil’s Lei Geral de Proteção de Dados (LGPD), and the United Arab Emirates Personal Data Protection Law. Where these frameworks differ, the more protective standard applies.

Vael Intelligence does not use third-party analytics, tracking pixels, marketing cookies, or advertising technologies. We do not sell or share personal data for marketing purposes. We collect only what we need to respond to inquiries, deliver our services, and maintain the security of our systems.

This Privacy Policy applies to data processing by Vael Intelligence LLC, the data controller:

New Mexico
United States

Street & city — TBA

Email: office@vaelintelligence.com

For company registration details and legal disclosures, see our Imprint.

We collect personal data only when it is necessary to operate this website, respond to your inquiries, or deliver our services. The following sections describe what data we collect, why we collect it, and the legal basis under the GDPR for processing it.

a) When visiting our website

When you access vaelintelligence.com, your browser automatically transmits technical information to our server, which is logged for operational and security purposes. The following data is collected and temporarily stored in server log files:

• Anonymized IP address of the requesting device
• Date and time of the request
• Requested URL and HTTP status code
• Referring URL (the source from which you reached the page)
• Browser type and operating system
• Amount of data transmitted

Purpose of processing: ensuring the technical functionality and stability of the website, diagnosing errors, preventing abuse, and maintaining the security of our systems.

Legal basis: Art. 6(1)(f) GDPR, our legitimate interest in operating a secure, functional website. We do not use this data to identify you personally or to build user profiles, and we do not combine it with other data sources for that purpose.

Retention: server logs are automatically deleted within 90 days unless required for ongoing security investigation.

b) When using our contact form

If you submit the contact form on vaelintelligence.com to reach us, we process the data you voluntarily provide. The following data may be collected:

• Your name
• Your email address
• The nature of your inquiry (selected from a predefined list)
• Optional: company name, phone number
• The content of your message
• The submission timestamp

Purpose of processing: to respond to your inquiry, evaluate whether our services may be relevant to your situation, and, where applicable, take steps at your request prior to entering into a service engagement.

Legal basis: Art. 6(1)(b) GDPR for pre-contractual steps taken at your request, and Art. 6(1)(f) GDPR where appropriate for handling general inquiries.

Retention: contact form submissions are retained for the duration necessary to handle your inquiry. Once the matter is resolved, related data is deleted within 12 months, unless longer retention is required by law or for the establishment, exercise, or defense of legal claims.

c) When corresponding with us by email

When you contact us directly by email, we receive and store your email address, your message content, and any attachments you choose to send. We use this information solely to process and respond to your communication.

Legal basis: Art. 6(1)(a), (b), or (f) GDPR, depending on the context of your communication.

Retention: email correspondence is retained for the duration necessary to handle your matter. Beyond that point, we may retain communications where required by law or for legitimate business purposes such as auditability and legal defense.

We do not sell your personal data, and we do not share it with third parties for marketing or advertising purposes. We disclose personal data only in the following limited circumstances.

a) To essential sub-processors

We rely on a small number of third-party service providers to operate this website and respond to inquiries. These providers process data on our behalf, under contractual data protection commitments, and only for the specific purposes for which we engage them.

• Hosting: our website is hosted by a hosting provider located in the European Union. Data processing primarily occurs within the EU.
• Email: inbound and outbound email correspondence, including contact-form notifications, is handled by an email service provider with appropriate data protection commitments.

We do not engage web analytics providers, advertising networks, social-media trackers, tag managers, or content delivery intermediaries that would process personal data of our visitors.

b) With your explicit consent

We will disclose personal data to additional parties only with your express and informed consent. You may withdraw this consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.

c) When required by law

We may disclose personal data when required to do so by a binding legal obligation, court order, or lawful request from a public authority. Disclosure is limited to the extent strictly required, and where legally permitted, we will notify the affected individuals before any such disclosure.

d) To establish or defend legal claims

We may disclose personal data where strictly necessary to establish, exercise, or defend legal claims, including responding to allegations or pursuing recovery of legitimate business interests.

Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract performance with our sub-processors), Art. 6(1)(c) GDPR (legal obligation), and Art. 6(1)(f) GDPR (legitimate interest), depending on the disclosure context.

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, to comply with applicable legal obligations, or to establish, exercise, or defend legal claims.

Specific retention periods for each category of data are described above in Section 3:

• Server log data: up to 90 days
• Contact form submissions: up to 12 months after inquiry resolution
• Email correspondence: as long as necessary to handle the matter, plus any retention period required by applicable law

When personal data is no longer required, we delete or, where deletion is technically impractical (for example, in archived backup systems), securely restrict access to it until automatic erasure occurs.

Our website uses only strictly necessary cookies to provide core functionality. These cookies are essential for the website to operate as intended and do not require your consent under applicable cookie regulations.

The cookies we set include a session cookie that maintains your session state between page requests during a single visit, and a CSRF token cookie that protects forms against cross-site request forgery attacks.

We do not use cookies for analytics, advertising, personalization, or tracking. We do not set persistent cookies for user identification, and we do not allow third-party cookies to be placed on your device through this website.

These cookies expire when you close your browser or after a short period of inactivity. You can clear them anytime via your browser settings.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, alteration, or disclosure. These measures include TLS encryption for all data transmitted between your browser and our servers, encryption at rest for stored data where supported by our hosting infrastructure, restricted administrative access limited to authorized personnel, regular security updates and patching of underlying systems, and operating in a hosting environment with appropriate physical and network security controls.

No system is entirely immune to risk, but we take security seriously and continuously evaluate and improve our practices. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the appropriate supervisory authority and, where required, affected individuals, in accordance with applicable law.

Depending on your location, you may have rights under one or more data protection frameworks. We honor these rights regardless of the framework under which they apply, and where frameworks differ, we apply the standard most protective to you.

Rights under the GDPR

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the following rights regarding your personal data:

• Right of access (Art. 15): to obtain confirmation of whether we process personal data about you and, if so, to receive a copy
• Right to rectification (Art. 16): to have inaccurate or incomplete data corrected
• Right to erasure (Art. 17): to have your data deleted in certain circumstances
• Right to restriction of processing (Art. 18): to limit how we process your data in certain circumstances
• Right to data portability (Art. 20): to receive your data in a structured, commonly used, machine-readable format
• Right to object (Art. 21): to object to processing based on our legitimate interests
• Right to withdraw consent (Art. 7): where processing is based on your consent, at any time
• Right to lodge a complaint (Art. 77): with a data protection supervisory authority

Jurisdiction-specific rights

• California residents (CCPA / CPRA): the right to know, delete, correct, and limit the use of personal information; the right to opt out of any sale or sharing of personal information (we do not sell or share); the right to non-discrimination
• Canadian residents (PIPEDA): the right to access your personal information, correct inaccuracies, and challenge our compliance
• Brazilian residents (LGPD): rights to confirmation, access, correction, anonymization, portability, deletion, information about sharing, and revocation of consent
• UAE residents (PDPL): the rights to access, rectification, erasure, restriction, portability, objection, and the right to be informed of automated decision-making

How to exercise your rights

To exercise any of these rights, please contact us by email at office@vaelintelligence.com. We will respond within the timeframe required by the applicable framework (typically within 30 days under the GDPR, with a possible extension where the request is complex).

We may require verification of your identity before fulfilling certain requests, to protect against unauthorized access to your personal data.

Our hosting provider is located within the European Union, and the primary processing of personal data takes place in the EU.

Vael Intelligence LLC is a United States entity, and limited transfers of personal data from the EU to the United States may occur, for example when our personnel access inquiries received through our website. Such transfers are conducted under appropriate safeguards as required by the GDPR, including the use of Standard Contractual Clauses (SCCs) issued by the European Commission and supplementary measures where applicable.

Where data is transferred to countries that do not provide an equivalent level of data protection, we ensure that such transfers are protected by appropriate safeguards and are limited to what is necessary.

Vael Intelligence’s website and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children, and we do not market to or solicit information from children.

If we become aware that we have collected personal data from a child without verified parental consent, we will delete that data without undue delay. If you believe a child has provided us with personal data, please contact us at office@vaelintelligence.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, our services, applicable law, or the data protection landscape generally.

When we make material changes, we will update the “Last Updated” date at the top of this policy and, where appropriate, provide notice through the website or by email to individuals with whom we have an ongoing relationship.

We encourage you to review this policy periodically to stay informed about our data practices.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Vael Intelligence LLC

New Mexico
United States

Street & city — TBA

Email: office@vaelintelligence.com

For company registration details and legal disclosures, see our Imprint.