Vuelum

Privacy Policy

Last updated: April 2026

1. Data Controller

Vuelum is the data controller for personal data processed through the Vuelum platform.

Contact: privacy@vuelum.com

2. Data We Collect

2.1 Account Data

When you create an account, we collect your name, email address, and password (stored as a secure hash). If you use social sign-in, we receive your name and email from the identity provider.

2.2 Company Data

Company profiles contain business information such as company name, address, description, capabilities, certifications, and products. This data may be provided by you or sourced from publicly available information.

2.3 Usage Data

We collect information about how you use the Service, including pages visited, searches performed, features used, and interaction patterns. This data is used to improve the Service and is anonymized for analytics.

2.4 Communication Data

Messages, meeting requests, and inquiries sent through the platform are stored to provide the messaging service.

3. Legal Basis for Processing

We process your data based on:

  • Contract performance — to provide the Service you signed up for
  • Legitimate interest — to improve the Service, prevent fraud, and ensure security
  • Consent — for optional features such as newsletter subscriptions and analytics
  • Legal obligation — to comply with applicable laws and regulations

4. How We Use Your Data

  • Providing and operating the platform
  • AI-powered capability matching and company recommendations
  • Sending transactional emails (account verification, password reset)
  • Newsletter and digest emails (with your consent)
  • Analytics to improve the Service
  • Fraud prevention and security monitoring

5. Data Sharing

We share your data with:

  • Other platform users — your company profile, messages, and meeting requests are visible to other users as part of the Service
  • Service providers — we use third-party services for email delivery (Brevo), payment processing (Stripe), error monitoring (Sentry), and analytics (PostHog EU)
  • Legal requirements — if required by law, regulation, or legal process

We do not sell your personal data. All data is stored within the UK/EU.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data is permanently removed. Anonymized analytics data (with no personal identifiers) may be retained.

7. Your Rights (UK GDPR)

You have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — delete your account and all associated data
  • Restriction — limit processing of your data
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interest

To exercise any of these rights, contact privacy@vuelum.com. You may also delete your account at any time from Account Settings.

8. Cookies & Tracking

We use essential cookies for authentication (session tokens). We use PostHog (EU-hosted) for product analytics. You can opt out of analytics tracking through your browser's Do Not Track setting.

9. Security

We implement industry-standard security measures including encrypted data transmission (TLS), hashed passwords, role-based access controls, and regular security audits. However, no system is 100% secure.

10. International Transfers

All data is stored on servers within the UK/EU. We do not transfer personal data outside the UK/EU except where necessary for AI processing services, which are covered by appropriate data processing agreements.

11. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or a notice on the platform.

12. Contact & Complaints

Contact: privacy@vuelum.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

This privacy policy is a working draft. Final legal review is pending before public launch.