Back to Home

Privacy Policy

Last updated: May 16, 2026

1. Introduction

Vouchstone LLC ("Vouchstone," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our enterprise AI agent platform and related services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Services.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, job title, and password when you create an account.
  • Payment Information: Billing address and payment method details processed through our payment processor (Stripe).
  • Agent Configuration: Settings, prompts, and configurations you create for your AI agents.
  • Communications: Information you provide when contacting our support team or participating in surveys.

2.2 Information Collected Automatically

  • Usage Data: API calls, feature usage, agent execution logs, and performance metrics.
  • Device Information: Browser type, operating system, IP address, and device identifiers.
  • Cookies: See §2.2.1 below.

2.2.1 Cookies and Similar Technologies

We use cookies and similar technologies in three categories:

  • Strictly Necessary: Session authentication, CSRF protection, load balancing. These cannot be disabled without breaking the Services.
  • Analytics: Aggregated, IP-truncated usage data to improve the Services. You can opt out via the Cookie Settings link on our Cookie Policy page.
  • Preferences: Theme, language, and dashboard layout. Always optional.

We do not use advertising cookies or sell cookie data. For a complete list, see the Cookie Policy.

2.3 Customer Data

Your AI agents may process data from your organization ("Customer Data"). This data is stored in your designated data plane environment and remains under your control. We do not access Customer Data except as necessary to provide the Services or as directed by you.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Services
  • Process transactions and send related information
  • Send technical notices, updates, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Personalize and improve your experience
  • Comply with legal obligations

4. Data Sharing and Disclosure

We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf (e.g., payment processing, cloud hosting, analytics).
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.
  • Legal Requirements: When required by law or to protect our rights, privacy, safety, or property.
  • With Your Consent: When you have given us explicit consent to share your information.

We do not sell your personal information to third parties.

5. Data Security and Compliance Posture

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Regular security assessments and penetration testing
  • Access controls, MFA, and least-privilege authentication
  • Data isolation between tenants
  • Hash-chained audit ledger for every consequential agent action

Vouchstone’s compliance posture as a platform operator:

  • SOC 2 Type 1 — Audit in progress; report available Q3 2026 under NDA.
  • GDPR — Controls aligned with Articles 5, 25, 30, and 32. DPA and Standard Contractual Clauses available on request.
  • CCPA / CPRA — California Consumer Privacy Act rights honored uniformly for all consumers. See §7a.
  • HIPAA — BAA available for Tier 2 / Tier 3 deployments processing PHI. Technical safeguards aligned with 45 CFR §164.312.

Compliance frameworks our engineers help customers achieve (SOX, HITRUST, PCI-DSS, ISO 27001, ISO 42001, and more) are described under our Compliance documentation; those describe service offerings, not Vouchstone’s own certifications.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide Services. We will retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your account and associated data at any time.

7. Your Rights (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation grants you the following rights:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information (right to be forgotten, GDPR Article 17)
  • Portability: Request a copy of your data in a portable, machine-readable format (Article 20)
  • Objection: Object to processing of your personal information (Article 21)
  • Restriction: Request restriction of processing (Article 18)
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Lodge a Complaint: Lodge a complaint with your local supervisory authority

To exercise these rights, please contact us at privacy@vouchstone.ai. We respond to verifiable requests within 30 days (extendable to 60 days where the request is complex).

7a. California Consumer Rights (CCPA / CPRA)

Vouchstone is a California-based company and honors California Consumer Privacy Act (as amended by the CPRA) rights for all California residents, and applies the same rights uniformly to all consumers regardless of jurisdiction.

  • Right to Know: What categories of personal information we collect, the sources, the purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete: Request deletion of personal information we have collected, subject to legal-retention exceptions (e.g., tax records, fraud prevention).
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: Vouchstone does not sell personal information and does not share it for cross-context behavioral advertising. There is no opt-out to exercise.
  • Right to Limit Use of Sensitive Personal Information (SPI): Limit our use of SPI to what is reasonably necessary to provide the Services.
  • Right to Non-Discrimination: We will not deny Services, charge different prices, or reduce service quality because you exercised a privacy right.
  • Authorized Agent Requests: You may designate an authorized agent in writing; we will verify both the agent’s authorization and your identity before fulfilling the request.

Categories of personal information collected (in the prior 12 months): identifiers (name, email, account ID), commercial information (subscription and billing records), internet activity (usage logs, IP address), professional information (job title, employer), and inferences drawn from the above to provide and improve the Services. Sources: directly from you and automatically from your use of the Services. Purpose: providing, securing, and improving the Services and complying with legal obligations.

To exercise these rights, email privacy@vouchstone.ai with the subject “CCPA Request”. We respond to verifiable requests within 45 days (extendable to 90 days).

7b. HIPAA — Protected Health Information

Vouchstone is not a covered entity. When a customer uses the Services to process Protected Health Information (PHI), we act as a Business Associate. Customers handling PHI must execute a Business Associate Agreement (BAA) with Vouchstone prior to PHI processing. Technical and administrative safeguards are aligned with 45 CFR §§164.308, 164.312, and 164.314.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.

9. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • Email: privacy@vouchstone.ai