Who we are
Vektor AI Ltd is an AI consulting company that builds bespoke AI tools for professional services firms. We are registered in England and Wales and are a registered data controller with the Information Commissioner's Office (ICO).
- ICO Registration ZC143453
- Contact [email protected]
- Website vektorai.dev
What data we collect
Depending on how you interact with us, we may collect the following:
When you contact us or book a demo: Your name, email address, company name and any information you choose to share with us.
When you use our products: Documents and files you upload for processing (invoices, bank statements, ledger data), account information for authentication, and usage data such as the number of documents processed.
Website usage: We do not use tracking scripts, advertising pixels or third-party analytics. No cookies are set beyond what is technically necessary.
How we use your data
To provide our services: Document content is processed by Claude AI (Anthropic) to extract structured data. This is the core function of our products.
To communicate with you: We use your email address to respond to enquiries, send service updates and deliver authentication links. We do not send marketing emails without your explicit consent.
To improve our services: We may review anonymised usage patterns to improve accuracy and performance. We never review the content of your documents without your permission.
We do not use your data for advertising, profiling or training our own AI models.
Our legal basis
We process your data on the following legal bases under UK GDPR:
Contract: Processing necessary to provide the services you have engaged us to deliver.
Legitimate interests: Responding to enquiries, improving our services, and maintaining the security of our systems.
Consent: Where you have explicitly agreed, for example when subscribing to updates.
Sub-processors
We use the following third-party services to deliver our products. Each has been assessed for UK GDPR compliance:
| Provider | Purpose | Location |
|---|---|---|
| Anthropic | AI document processing | USA |
| Supabase | Database and authentication | EU (Ireland) |
| Railway | Application hosting | USA |
| Resend | Transactional email delivery | USA |
How long we keep your data
Document processing data: Automatically deleted after 90 days. You can request deletion at any time.
Account data: Retained for as long as your account is active. Deleted within 30 days of account closure.
Enquiry data: Retained for up to 2 years for legitimate business purposes, then deleted.
All data is stored with encryption at rest. Transit is protected by TLS 1.2 or higher.
Your rights
Under UK GDPR you have the following rights. To exercise any of them, contact us at [email protected]. We will respond within 30 days.
You also have the right to lodge a complaint with the ICO at ico.org.uk or by calling 0303 123 1113.
Security
We take the security of your data seriously. Our systems include:
- Row Level Security at the database level ensuring no cross-client data access.
- Rate limiting and prompt injection protection on all AI processing routes.
- Secure, HttpOnly session cookies with SameSite protection.
- Regular automated security audits.
- All staff with data access are bound by confidentiality obligations.
In the event of a data breach that poses a risk to your rights, we will notify you and the ICO within 72 hours of becoming aware.
Changes to this notice
We may update this privacy notice from time to time. Material changes will be communicated by email where we hold your contact details. The date at the top of this page shows when it was last updated.
Contact us
For any privacy-related questions, data requests or to exercise your rights:
We aim to respond to all privacy requests within 5 working days and will always respond within the statutory 30-day period.