Data Usage Policy

1. Introduction

At vrdAI, a product of Aureai Labs LLC, we prioritize transparency and user trust when it comes to how your data is collected, used, stored, and shared. This Data Usage Policy explains the types of data we collect through our platform, why we collect it, and how we handle that data in a responsible, secure, and legally compliant manner.

Our platform is designed for users in the United States but is accessible globally. We apply industry-standard data handling practices and aim to comply in good faith with applicable data protection laws such as the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), and—where relevant—international frameworks like the General Data Protection Regulation (GDPR).

This policy applies to all users of vrdAI, including but not limited to customers, visitors, subscribers, and partners who interact with our services via the website, application, APIs, or affiliated systems.

By using our platform, you agree to the terms of this Data Usage Policy and any other policies referenced within it.

2. Scope of This Policy

This Data Usage Policy applies to all data collected or processed by vrdAI through the following channels:

• Our website and web-based applications
• API endpoints and integrated third-party tools
• User accounts, dashboards, and client portals
• Interactions with AI services, including prompts, responses, and system logs
• Communication channels, including emails, chats, contact forms, or support tickets
• Any data exchanged during business transactions, partnerships, or service agreements

This policy governs both personally identifiable information (PII) and non-personal usage data, whether collected directly from you or generated through your interaction with our systems.

It does not apply to:

• Third-party websites or services linked through our platform
• Data handled solely by third-party integrations governed by their own privacy or usage terms
• Aggregate or anonymized data used solely for internal analytics, unless such data can reasonably be re-associated with an individual user

Additional policies, such as our Privacy Policy, Terms of Service, and Cookie Policy, may supplement or clarify specific data-related practices. In the event of a conflict, this Data Usage Policy governs how we handle your information specifically in the context of platform usage and operational processing.

3. Types of Data We Collect

vrdAI collects various types of data to operate effectively, deliver high-quality services, and maintain compliance with applicable laws. The data we collect may fall under the following categories:

a. Personal Information (PII)

Data that directly identifies or can reasonably be used to identify an individual user, such as:

• Full name
• Email address
• Phone number
• Billing or mailing address
• Account credentials (e.g., username, password)
• IP address and device identifiers (where classified as personal under certain laws)

b. Usage Data

Information about how you interact with our platform, including:

• Session times and durations
• Clickstream data and navigation patterns
• Features or tools accessed
• Pages visited, forms submitted, buttons clicked
• Language, location, browser type, and device configuration

c. AI Interaction Data

This includes:

• Prompts, queries, uploaded files, and other inputs submitted to our AI models
• AI-generated responses and system logs
• Feedback provided on outputs or system behavior

d. Transactional and Financial Data

If you purchase a subscription or make a payment, we may collect:

• Billing details
• Payment method metadata (note: we do not store full credit/debit card numbers)
• Subscription history
• Invoicing and receipts

e. Technical and Diagnostic Data

To maintain performance and troubleshoot issues, we may collect:

• Error reports
• Performance metrics
• Crash logs
• Compatibility and browser data

f. Optional or Voluntary Submissions

This may include:

• Survey responses
• User-submitted testimonials or reviews
• Referrals or invite information
• Uploaded documents (subject to purpose-specific use)

We do not knowingly collect sensitive personal data (e.g., biometric data, health records, or government IDs) unless explicitly required for compliance or onboarding purposes—and only with your prior consent.

4. How We Use Your Data

vrdAI uses collected data to deliver, maintain, and improve our services in ways that are both functional and respectful of your privacy. Below is an outline of how various data types are utilized:

a. To Provide Core Platform Services

We use your data to authenticate access, maintain session continuity, personalize your experience, and deliver the core functionality of the vrdAI platform, including AI-powered features.

b. To Process Transactions and Manage Accounts

Your information is used to handle account creation, manage billing and payments, send invoices or receipts, verify user identity (where applicable), and administer subscriptions.

c. To Improve and Optimize Performance

We analyze usage patterns and system behavior to identify bottlenecks, fix bugs, and improve the responsiveness and reliability of our tools and services.

d. To Enhance AI Models and Services

We may review anonymized or aggregated AI interaction data to:

• Improve the relevance and safety of AI outputs
• Refine our prompts and response training pipelines
• Detect prompt misuse or abuse
• Conduct internal audits and research

We do not use identifiable customer input data for model training without express written consent.

e. To Communicate with You

We may send service-related emails (e.g., updates, security alerts), respond to support tickets, or notify you of changes to your account, usage, or this policy. We may also send optional marketing or feature updates (with opt-out options).

f. To Enforce Legal and Security Obligations

We may use your data to:

• Detect, prevent, and investigate fraudulent activity or abuse
• Comply with legal obligations or valid law enforcement requests
• Enforce our Terms of Service and other policies

Data is always processed with a principle of purpose limitation — meaning it is used only for the reasons stated at the time of collection or consent.

5. Data Sharing and Disclosure

vrdAI does not sell your personal data. However, we may share your data with trusted entities under specific circumstances where it is necessary to deliver our services, meet legal obligations, or protect our platform. Below are the primary categories of data sharing:

a. Affiliated Entities and Internal Teams

We may share data within Aureai Labs LLC and its controlled affiliates or service teams to facilitate internal operations, research, analytics, billing, and support services.

b. Service Providers and Contractors

We engage vetted third-party vendors to assist with various operational functions. These may include:

• Cloud hosting providers (e.g., AWS, GCP, Azure)
• AI infrastructure and API partners (e.g., OpenAI, Anthropic, Grok, Mistral)
• Payment processors (e.g., Stripe, PayPal)
• Customer support systems
• Email delivery services
• Data analytics and observability tools

Each provider is contractually bound to use the data only as instructed by vrdAI and in compliance with applicable privacy standards.

c. Legal and Regulatory Requirements

We may disclose data if required to:

• Respond to lawful subpoenas, court orders, or regulatory inquiries
• Comply with applicable laws or enforcement agency requests
• Defend legal claims or protect our legal rights

We will notify affected users of such disclosures unless legally prohibited from doing so.

d. Business Transfers

In the event of a merger, acquisition, restructuring, or asset sale, your data may be transferred to the successor entity. We will ensure that such transfers remain subject to this Data Usage Policy or an equivalent standard.

e. Aggregated or Anonymized Data

We may share aggregated, non-identifiable usage statistics or trends for research, marketing, or performance reporting. This data cannot reasonably be used to identify individual users.

6. Data Retention and Deletion

vrdAI retains user data only for as long as it is necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, enforce our agreements, and maintain platform integrity.

a. Retention Periods

Data is retained based on the following general guidelines:

• Account Information: Retained for the life of your account and up to 90 days after closure, unless a longer period is required by law or for compliance.
• Billing and Transaction Records: Retained as long as necessary to meet accounting, tax, and regulatory requirements (typically 7 years in the U.S.).
• AI Interaction Logs: Retained for internal analytics, audit trails, and system integrity purposes, typically no longer than 12 months unless consented otherwise.
• Support Communications: Retained for quality assurance and operational continuity, generally up to 18 months.

We periodically review stored data and remove information that is no longer relevant or lawfully necessary.

b. User-Initiated Deletion Requests

You have the right to request the deletion of your personal data by:

• Accessing your account settings (if applicable)
• Submitting a deletion request to legal@vrdai.com
• Using the tools provided under our Privacy Policy

Upon receiving a verified request, we will delete your personal data unless:

• We are legally required to retain it
• It is necessary to resolve disputes or enforce agreements
• It has been de-identified or anonymized

Deletion requests may take up to 30 days to process and confirm.

7. Your Rights and Choices

vrdAI is committed to providing you with meaningful control over your data. Depending on your location and applicable laws, you may have the following rights:

a. Right to Access

You may request a copy of the personal data we hold about you, including details of how it is used, shared, and stored.

b. Right to Correction

You may request that we correct inaccurate, outdated, or incomplete personal information in your user profile or other records.

c. Right to Deletion ("Right to Be Forgotten")

You may request that we delete your personal data, subject to certain legal or operational exceptions as outlined in Section 6.

d. Right to Data Portability

You may request your data in a portable, machine-readable format to transfer it to another service provider, where technically feasible.

e. Right to Restrict or Object to Processing

You may object to our use of your data for certain purposes, including direct marketing or profiling, or request temporary restrictions on processing under specific conditions.

f. Right to Withdraw Consent

If we rely on your consent to process data, you may withdraw it at any time. This will not affect any prior lawful processing.

g. Right to Opt-Out of Certain Uses

You may opt out of:

• Marketing communications (via unsubscribe links or account settings)
• Targeted advertising (via browser or platform preferences)
• Analytics or cookies (via our cookie consent tool or browser settings)

vrdAI will never discriminate against users for exercising their rights.

⚠️ Note: We may request verification of your identity before processing rights-based requests. Some rights may not apply to all users and are subject to local law.

8. Data Security Measures

vrdAI takes the protection of your data seriously and implements industry-standard technical and organizational measures to prevent unauthorized access, loss, misuse, or disclosure.

a. Technical Safeguards

We utilize a multi-layered security approach that includes:

• TLS/SSL encryption for data in transit
• Encrypted storage for sensitive data at rest
• Role-based access controls (RBAC)
• Secure API authentication via tokens or OAuth
• Activity logging and monitoring to detect anomalous behavior
• Data loss prevention (DLP) measures

b. Operational Safeguards

• Regular internal security audits and code reviews
• Least-privilege access controls for employees and contractors
• Incident response protocols for breach handling and user notification
• Vulnerability assessments using automated scanners and penetration tests
• Data classification and retention enforcement policies

c. AI-Specific Safety Controls

• Prompt logging and filtering for abuse detection
• Session isolation for AI usage
• No persistent training of proprietary AI models using identifiable user input without consent

d. Vendor and Integration Security

All third-party service providers are required to maintain strong data security practices and sign Data Processing Agreements (DPAs) where appropriate.

While no system is completely immune to risk, we strive to continually improve our defenses and adapt to emerging security threats. Users are also encouraged to protect their accounts by using strong passwords and enabling multi-factor authentication (MFA) where available.

9. AI-Generated Data and User Interactions

vrdAI is a platform that integrates advanced artificial intelligence technologies to deliver real-time, automated, and conversational services. This section explains how we handle data in the context of AI-related interactions.

a. User Input to AI Systems

When you interact with AI models on vrdAI (e.g., by submitting prompts, uploading documents, or using chat features), your input is temporarily stored for the purpose of:

• Generating a response
• Ensuring technical functionality
• Preventing abuse or misuse
• Conducting anonymized usage analysis for platform improvement

User inputs are treated as non-confidential unless otherwise agreed in writing.

b. AI Outputs (Responses)

Responses generated by AI models are automatically derived and may be based on probabilistic patterns, training data, or user context. While we strive for relevance and safety, outputs are:

• Not guaranteed to be accurate, complete, or lawful
• Not to be treated as professional advice (see our Investment Disclaimer and Terms of Service)
• Not retained or reused for training without explicit opt-in

c. No Model Training Without Consent

vrdAI does not use identifiable user interaction data to train AI models unless you have expressly opted in via a written agreement. Where training is involved, data is aggregated, anonymized, and stripped of personally identifiable content.

d. Session and Prompt Logs

We may retain temporary logs of AI prompts and outputs for:

• Debugging and monitoring misuse
• Flagging policy violations (e.g., generation of harmful content)
• System performance tuning

Logs are purged or anonymized on a rolling basis according to our internal retention policy.

e. Responsible AI Commitment

We actively work to implement filters, auditing, and transparency mechanisms to prevent harmful, biased, or abusive AI behavior. However, AI responses may reflect limitations or unintended outputs beyond our control.

10. Third-Party Services and Integrations

vrdAI integrates with various third-party services to provide enhanced functionality, scalability, analytics, and AI capabilities. These integrations may involve the exchange or processing of data under controlled conditions.

a. Categories of Third-Party Services

• AI and Language Models (e.g., OpenAI, Anthropic, Grok, Mistral): For processing prompts, generating responses, and enabling natural language services.
• Cloud Infrastructure Providers (e.g., AWS, Google Cloud, Microsoft Azure): For hosting, data storage, and secure deployment.
• Payment Processors (e.g., Stripe, PayPal): For billing and transaction handling.
• Analytics Platforms (e.g., Google Analytics, Mixpanel): For monitoring platform usage, engagement, and performance metrics.
• Communication Tools (e.g., Intercom, Mailgun): For delivering support, notifications, and operational communications.

b. Data Sharing Controls

We limit third-party access to only what is necessary to deliver their services. All integrations are governed by contracts that include:

• Confidentiality and data protection clauses
• Purpose-specific data usage restrictions
• Security requirements aligned with applicable laws

c. Third-Party Accountability

While we take reasonable steps to verify the trustworthiness and compliance of third-party providers, vrdAI is not responsible for the privacy or data usage practices of external platforms. Users are encouraged to review the privacy policies of third-party tools accessed through or integrated with our platform.

d. No Unrestricted Resale or Reuse

vrdAI does not grant third parties unrestricted rights to resell, monetize, or exploit your personal or usage data for their independent purposes.

11. Cross-Border Data Transfers

vrdAI is operated by Aureai Labs LLC, a U.S.-based company, and your data may be processed or stored in the United States or other jurisdictions where our servers, affiliates, or service providers operate.

a. International Access and Processing

If you access vrdAI from outside the United States, please be aware that your data may be transferred to, processed in, or stored in the U.S. or other countries with different (and potentially less protective) data protection laws than those in your jurisdiction.

By using our platform, you consent to the transfer of your data to the United States or any other country in which vrdAI or its service providers maintain facilities, subject to the safeguards described in this policy.

b. Data Safeguards for International Transfers

When required by law (such as under the GDPR), we implement appropriate safeguards for international data transfers, including:

• Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms
• Vendor due diligence to ensure data security and legal compliance
• Minimal data transfers limited to essential services and providers

vrdAI makes good-faith efforts to align with international standards while primarily adhering to U.S. data protection laws.

12. Children's Data

vrdAI is not intended for use by children under the age of 13, or any minimum age required by applicable laws in your jurisdiction (e.g., 16 in parts of the EU under GDPR).

a. No Knowing Collection

We do not knowingly collect or process personal information from children. If we discover that we have inadvertently collected data from a child without verified parental consent, we will:

• Immediately delete the data
• Disable associated user access
• Take appropriate steps to prevent future collection

b. Parental and Guardian Responsibility

If you are a parent or legal guardian and believe that your child has provided us with personal information, please contact us immediately at legal@vrdai.com so we can investigate and take appropriate action.

c. Educational or Institutional Use

If vrdAI is ever made available through schools or educational institutions, the institution must confirm it has obtained all required consents under applicable law and is solely responsible for compliance with such obligations.

vrdAI is committed to maintaining a safe and legally compliant environment for all users, and does not knowingly market to or engage minors in data-driven programs.

13. Changes to This Policy

vrdAI reserves the right to modify or update this Data Usage Policy at any time to reflect changes in:

• Applicable laws or regulations
• Our data processing practices
• Platform features, integrations, or business operations
• Industry standards or best practices

a. Notification of Changes

When we make material changes to this policy, we will:

• Post the updated version on this page with a revised "Last Updated" date
• Notify users through prominent platform notices or by email (where legally required)
• Provide a grace period before enforcement of material changes, if required under applicable laws

We encourage all users to review this policy periodically. Continued use of the platform after any change constitutes your acceptance of the updated terms.

14. Contact Us

If you have any questions, concerns, or requests related to this Data Usage Policy or our data handling practices, please reach out to us at:

We are committed to resolving all inquiries in a timely, transparent, and lawful manner. Where applicable, we will assist you in exercising your data rights under U.S. or international privacy laws.