Privacy Policy

1. Information We Collect

Information you provide directly: Name, email address, phone number, business information (for providers), payment information (processed by Stripe — we do not store card numbers), uploaded documents (licenses, insurance certificates), review content, and profile photos.

Location information: City, state, and ZIP code provided during registration or search. We use location data to match you with nearby service providers and display relevant results. We do not collect precise GPS coordinates unless you explicitly grant permission.

Messages: Content of messages sent between customers and providers through the VettaLux in-platform messaging system, including timestamps and read receipts.

Information collected automatically: IP address, browser type, device information, pages viewed, search queries, click patterns, referring URLs, and interaction data with provider profiles. We use cookies and similar technologies as described in our Cookie Policy.

Information from third parties: Google OAuth data (if you sign in with Google), Stripe payment confirmations, and publicly available business license data for provider verification.

2. How We Use Information

• Provide and improve the Service: Match customers with providers, calculate trust scores, rank search results, and detect fraud.
• Communications: Send lead notifications, review alerts, billing updates, security alerts, and service announcements. We will never send marketing emails without your consent.
• Safety and security: Detect and prevent fraudulent reviews, fake accounts, and abuse of the platform.
• Analytics: Understand usage patterns via PostHog to improve features and user experience.
• Legal compliance: Comply with applicable laws, respond to legal requests, and enforce our Terms.

3. AI & Automated Processing

VettaLux uses artificial intelligence features powered by the Anthropic Claude API to enhance the platform experience. This includes:

• Review analysis: AI processes review text to detect sentiment, identify potential fraud, and generate review summaries.
• Profile insights: AI may generate summary descriptions of provider profiles based on their verified data and reviews.
• Search relevance: AI helps improve search result quality and category matching.

Data sent to the Claude API is processed in accordance with Anthropic's data usage policy. We do not use your personal data to train AI models. AI-generated content is clearly labeled where applicable. You may opt out of AI-powered features by contacting privacy@vettalux.com.

4. Information Sharing

We do not sell your personal information. Period. We will never sell, rent, or share your data with competitors or data brokers.

We share information only in these circumstances:

• With providers you contact: When you submit a lead, your name, email, phone, and job description are shared with the selected provider(s).
• Service providers: Stripe (payments), Resend (email), Cloudflare (CDN/security), Algolia (search), PostHog (analytics), Sentry (error tracking).
• Legal requirements: When required by law, court order, or governmental authority.
• Business transfer: In connection with a merger, acquisition, or sale of assets, with notice to users.

5. Data Security

We implement industry-standard security measures including:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption at rest for sensitive data
• Bcrypt password hashing with cost factor 12
• JWT token rotation with 15-minute access tokens
• Rate limiting and DDoS protection via Cloudflare
• Regular security audits and penetration testing
• Provider documents stored in private encrypted storage with time-limited signed URLs

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. After account deletion, we retain anonymized data for analytics and may retain certain data as required by law (e.g., billing records for tax purposes). Provider review data may be retained after provider account closure to maintain marketplace integrity.

7. Your Rights

California Residents (CCPA): You have the right to know what personal information we collect, request deletion of your data, opt-out of data sales (we do not sell data), and not be discriminated against for exercising these rights.

European Residents (GDPR): You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. Our legal basis for processing is contract performance, legitimate interest, and consent where applicable.

All users: You can access, update, or delete your account data at any time through your dashboard settings. To exercise any privacy rights, email privacy@vettalux.com. We will respond within 30 days.

8. Children's Privacy

VettaLux is not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

9. Contact

For privacy inquiries, data requests, or concerns: