Privacy Policy
Vermulst Group is committed to protecting your privacy and ensuring transparency in how we process personal data, in accordance with the GDPR, Brazil's LGPD, and applicable data protection laws.
Last Updated: February 2026
Introduction & Data Controller
Vermulst Group ("we," "us," or "our") is committed to protecting your privacy and ensuring transparency in how we process personal data. This Privacy Policy explains our practices in accordance with the General Data Protection Regulation (GDPR), Brazil's Lei Geral de Proteção de Dados (LGPD), and applicable international data protection laws.Data Controller: Vermulst Group, Brazil. Email: contact@vermulstgroup.com. For privacy-specific inquiries: privacy@vermulstgroup.com
Data We Collect
We collect the following categories of personal data:
Business Contact Information: Name, professional title, business email, phone number, company name, and communication preferences. Account & Authentication Data: Login credentials (hashed), account settings, authentication tokens, and session data. Service Usage Data: Platform interaction logs, feature usage analytics, workflow execution metadata, and performance logs. AI Processing Data: Inputs provided to AI systems, AI-generated outputs, training data (when authorized), and feedback. Technical Data: IP address, device information, browser type, operating system, and navigation paths. Communications Data: Email correspondence, support tickets, chat logs, and meeting notes.
Legal Basis & How We Use Your Data
We process personal data under GDPR Article 6: Contract performance for service delivery, payment processing, and customer support. Legitimate interests for service improvement, analytics, and marketing to existing clients. Consent for marketing to prospects. Legal obligation for compliance and dispute resolution. You have the right to object to processing based on legitimate interests at any time.
We use your data to: provide access to the Digital Employees platform; execute AI-powered workflows (via Anthropic Claude, Google Vertex AI); generate outputs, insights, and recommendations; analyze usage patterns; and communicate about your account. Our AI systems provide decision-support recommendations, not fully automated decisions. Human oversight is maintained for critical business decisions. We do not use client data for AI training without explicit authorization.
Data Sharing & International Transfers
We share personal data only as necessary with: Google Cloud Platform (hosting, Vertex AI), Anthropic (Claude AI reasoning), n8n self-hosted (workflow automation on our infrastructure), Ollama local (sensitive data that never leaves our environment), payment processors, and email service providers (anonymized analytics only). We never sell personal data to third parties.
Some providers are located outside the EU. Anthropic (US): Protected by Standard Contractual Clauses (SCCs). Google Cloud: Data primarily stored in EU regions (eu-west1, eu-central1), SCCs for any US transfers, EU-US Data Privacy Framework participant. All international transfers are protected by EU Commission-approved SCCs, encryption in transit and at rest, and regular security assessments.
Data Retention & Your Rights
Retention periods: Account data — duration of contract + 1 year. Usage logs — 13 months (rolling). AI processing inputs/outputs — 90 days (unless saved by client). Support communications — 3 years after resolution. Financial records — 7 years (legal requirement). Marketing data (opted-out) — suppression list maintained indefinitely.Your rights under GDPR and LGPD: Right of Access (GDPR Art. 15 / LGPD Art. 18) — request a copy of your data. Right to Rectification (GDPR Art. 16 / LGPD Art. 18) — correct inaccurate data. Right to Erasure (GDPR Art. 17 / LGPD Art. 18) — request deletion ("right to be forgotten"). Right to Restriction (GDPR Art. 18) — restrict processing during disputes. Right to Data Portability (GDPR Art. 20 / LGPD Art. 18) — receive data in JSON or CSV format. Right to Object (GDPR Art. 21 / LGPD Art. 18) — object to processing for direct marketing or legitimate interests. Our platform does not perform fully automated decision-making with legal effects (GDPR Art. 22 / LGPD Art. 20). To exercise your rights, email privacy@vermulstgroup.com. We respond within 30 days. You may lodge a complaint with the Brazilian National Data Protection Authority (ANPD) or the relevant EU supervisory authority.
AI Disclosures & Data Security
Our platform uses AI for natural language understanding and generation, data analysis and pattern recognition, workflow optimization, and content summarization. AI outputs are recommendations — clients maintain ultimate decision-making authority. We do not use client data for AI training without explicit authorization. Anthropic Claude does not train on customer data. Google Vertex AI is configured with "no training" settings. All AI-generated content will be clearly labeled per EU AI Act Article 52 (effective August 2, 2026).
Technical security measures: Encryption in transit (TLS 1.3+) and at rest (AES-256), multi-factor authentication, regular security patching, intrusion detection and monitoring, secure API key management. Organizational measures: Role-based access control, employee confidentiality agreements, security awareness training, incident response procedures, and regular security audits. We are pursuing SOC 2 Type II and ISO 27001 certification.
We use cookies and similar technologies. See our Cookie Policy for details on types used, purposes, and how to manage preferences. Our services are not directed at individuals under 16.
Prospect Smarter. Book Faster.
Get Started
