GDPR Compliance

Last updated: March 2026

Our commitment

Vectrant is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This page describes how we process personal data, the legal basis for processing, and the rights available to data subjects.

Data controller and data processor

When you interact with the Vectrant website (submitting contact forms, scheduling demos), Vectrant acts as the data controller for the personal data you provide.

When organizations deploy Vectrant to serve their customers, the deploying organization is the data controller for end-user conversation data. Vectrant acts as a data processor only when providing managed hosting services. For self-hosted deployments, Vectrant has no access to end-user data and does not act as a data processor.

Legal basis for processing

We process personal data under the following legal bases as defined in Article 6 of the GDPR:

  • Consent — When you voluntarily submit information through our contact or demo request forms, you consent to our processing of that data for the stated purpose.
  • Contractual necessity — When processing is necessary to perform a contract with you or to take steps at your request before entering into a contract, such as providing the Service under a subscription agreement.
  • Legitimate interest — When processing is necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, provided these interests do not override your fundamental rights and freedoms.
  • Legal obligation — When processing is necessary to comply with a legal obligation to which we are subject.

Data we process

Through the Vectrant website, we process:

  • Name, email address, phone number, and company name from form submissions.
  • IP address and browser information from website visits.
  • Communication content from contact and demo request forms.

For detailed information about the data we collect, please see our Privacy Policy.

Data subject rights

Under the GDPR, individuals in the European Economic Area (EEA) and the United Kingdom have the following rights:

  • Right of access (Article 15) — You have the right to request a copy of the personal data we hold about you.
  • Right to rectification (Article 16) — You have the right to request correction of inaccurate or incomplete personal data.
  • Right to erasure (Article 17) — You have the right to request deletion of your personal data, subject to certain legal exceptions.
  • Right to restriction of processing (Article 18) — You have the right to request that we restrict processing of your personal data in certain circumstances.
  • Right to data portability (Article 20) — You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Article 21) — You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent — Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us. We will respond to your request within 30 days.

Data transfers

For self-hosted deployments, all data processing occurs on the deploying organization's infrastructure in their chosen jurisdiction. No data is transferred to Vectrant.

When you interact with the Vectrant website, your data may be processed in the United States. Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR requirements, including standard contractual clauses or other approved transfer mechanisms.

Data retention

We retain personal data collected through the website only for as long as necessary to fulfill the purposes for which it was collected. Contact form submissions and demo requests are retained for the duration of our business relationship and deleted within a reasonable period after the relationship ends, unless longer retention is required by law.

Data protection measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit using TLS 1.2/1.3.
  • Role-based access controls limiting data access to authorized personnel.
  • PII detection and redaction capabilities within the platform.
  • Regular security assessments and monitoring.

For more information about our security practices, see our Security page.

Data Protection Officer

For questions or concerns about our data protection practices, or to exercise your rights under the GDPR, please contact us.

Supervisory authority

If you are located in the EEA or the United Kingdom, you have the right to lodge a complaint with your local data protection supervisory authority if you believe that our processing of your personal data violates the GDPR.