Legal
Privacy Policy
- Effective Date
- June 9, 2026
- Last Updated
- June 9, 2026
This Privacy Policy explains how Vantix Operational Systems collects, uses, discloses, transfers, retains, and protects personal information in connection with VantixOS and related websites and services.
VantixOS is a business-focused SaaS platform. In many circumstances, VantixOS processes personal information on behalf of business customers as a processor or service provider. In other circumstances, VantixOS acts as a controller for account administration, billing, security, website, support, and business operations.
1. Introduction
Vantix Operational Systems respects privacy and designs VantixOS for business customers that require professional CRM, sales, lead management, AI assistance, analytics, and workflow capabilities. This Privacy Policy describes our practices for personal information processed through VantixOS, https://www.vantixos.com, and related communications.
2. Scope
This Privacy Policy applies to personal information processed by VantixOS as a controller for its own business purposes and to information processed in connection with websites, accounts, billing, support, security, and marketing. Where VantixOS processes Customer Data on behalf of a customer, the customer's privacy policy and instructions generally govern, and the Data Processing Addendum applies where required.
3. Information Collected
We collect information that customers, users, prospects, and website visitors provide directly, information generated through use of the Services, and information received from integrations or third-party services authorised by the customer.
Personal Information
- Names, business email addresses, phone numbers, job titles, company details, account credentials, administrative contact information, billing contact information, and payment-related records.
- Information submitted in support requests, demos, trial requests, sales communications, onboarding materials, and account settings.
Operational Information
- CRM records, lead records, pipeline entries, communication records, support interactions, customer notes, conversation history, campaign context, sales workflow data, assignments, tasks, tags, templates, analytics inputs, and business records processed through VantixOS.
Technical Information
- IP addresses, device identifiers, browser type, operating system, session information, authentication events, log data, approximate location derived from IP address, usage analytics, feature interactions, security telemetry, and diagnostic information.
4. Sources of Information
We collect information from customers and users, website forms, account registration, trial requests, support communications, billing processes, product usage, authorised integrations, connected email or messaging systems, uploaded files, APIs, service providers, and public or commercially available business sources where permitted by law.
5. Legal Bases for Processing
Where GDPR or UK GDPR applies, we rely on legal bases including contractual necessity, legitimate interests, consent, compliance with legal obligations, and, where applicable, establishment, exercise, or defence of legal claims. The applicable legal basis depends on the context and purpose of processing.
6. Contractual Necessity
We process account, user, billing, support, security, and operational information where necessary to provide the Services, administer subscriptions, authenticate users, deliver support, maintain accounts, process payments, and perform our contractual obligations.
7. Legitimate Interests
We process information where necessary for legitimate business interests, including securing the Services, preventing fraud, improving product functionality, analysing usage, supporting customers, enforcing terms, developing features, protecting rights, and conducting business communications, provided those interests are not overridden by applicable rights and freedoms.
8. Consent
We rely on consent where required, such as for certain marketing communications, optional cookies, or specific processing that requires consent under applicable law. Consent may be withdrawn where applicable, but withdrawal does not affect processing that occurred before withdrawal.
9. Legal Obligations
We process information where necessary to comply with legal obligations, tax requirements, accounting rules, sanctions screening, security obligations, regulatory requests, court orders, law enforcement requests, and dispute resolution obligations.
10. How Information Is Used
- Provide, operate, maintain, and secure VantixOS.
- Create and administer accounts, subscriptions, trials, billing, support, and onboarding.
- Process CRM, lead, communication, analytics, and workflow data on customer instructions.
- Deliver AI-powered assistance, recommendations, summaries, scoring, and automation features.
- Monitor performance, troubleshoot issues, prevent fraud, enforce terms, and protect systems.
- Communicate about product updates, security, billing, support, legal notices, and relevant business information.
- Improve products, develop features, conduct analytics, and understand customer needs.
11. AI Processing
Customer content may be processed to provide AI functionality, including lead scoring, suggested replies, conversation summaries, follow-up recommendations, analytics, workflow assistance, and other AI-enabled features. AI outputs may be generated from submitted content, available CRM records, prompts, system instructions, and model responses.
AI features are intended to assist business judgment and do not replace professional judgment, compliance review, supervisory review, or decision-making by qualified personnel. Customers are responsible for reviewing AI outputs before using them in communications, regulatory contexts, financial services, marketing, or customer decisions.
12. Analytics
We may use analytics to understand product usage, system performance, feature adoption, customer needs, and service reliability. Analytics may include aggregated, de-identified, or pseudonymised information where appropriate.
14. Tracking Technologies
We may use pixels, local storage, logs, device identifiers, and similar technologies for security, analytics, performance, preferences, fraud prevention, and service improvement. Where consent is required for non-essential tracking, we will seek consent as required by applicable law.
16. Service Providers
We use service providers to host infrastructure, deliver communications, process payments, provide analytics, monitor systems, support customers, manage security, operate AI or automation features, and perform business operations. Service providers are authorised to process information only as necessary to provide services to VantixOS and are subject to appropriate contractual obligations.
17. Subprocessors
Where VantixOS acts as a processor, subprocessors may process Customer Data to support hosting, storage, communications, AI, analytics, support, monitoring, and other operational functions. Subprocessor use is governed by the Data Processing Addendum where applicable.
18. International Transfers
The primary data hosting region is the United States. Information may be transferred to, stored in, or accessed from countries that may have different data protection laws. Where required, we use appropriate safeguards such as standard contractual clauses, UK transfer mechanisms, contractual commitments, technical controls, and organisational measures.
19. Security Measures
- Encryption in transit and, where appropriate, encryption at rest.
- Access controls, role-based permissions, authentication controls, and session controls.
- Audit logging, monitoring systems, security event review, vulnerability management, and incident response processes.
- Administrative controls, personnel access restrictions, vendor review, backup practices, and secure development processes.
20. Data Retention
Customer Data remains available throughout the active subscription period, subject to plan limits, customer configuration, and service availability. Following termination, customers may export their data during the applicable retention window. VantixOS may retain information as required for legal, security, audit, compliance, fraud-prevention, backup, accounting, tax, or dispute-resolution purposes. After the applicable retention period, data may be permanently deleted, anonymised, or aggregated.
21. Customer Rights
Depending on location and applicable law, individuals may have rights to access, correct, delete, restrict, object to, or port personal information. Where VantixOS processes Customer Data on behalf of a customer, requests should generally be directed to that customer, and VantixOS will assist the customer as required by applicable agreements.
22. GDPR Rights
Individuals in the European Economic Area may have rights under GDPR, including rights of access, rectification, erasure, restriction, portability, objection, and rights relating to certain automated decision-making. Individuals may also have the right to lodge a complaint with a supervisory authority.
23. UK GDPR Rights
Individuals in the United Kingdom may have rights under UK GDPR and the Data Protection Act 2018, including access, rectification, erasure, restriction, portability, objection, and complaint rights with the UK Information Commissioner's Office.
24. CCPA Rights
California residents may have rights under the California Consumer Privacy Act, including rights to know, access, correct, delete, limit use of sensitive personal information, opt out of certain sharing or sale, and not be discriminated against for exercising privacy rights, subject to applicable limitations.
25. CPRA Rights
The California Privacy Rights Act amended the CCPA and added additional privacy protections and obligations. Where CPRA applies, VantixOS will process covered personal information in accordance with applicable requirements, including service provider or contractor obligations where relevant.
26. Access Requests
Eligible individuals may request access to personal information processed by VantixOS as a controller. We may need to verify identity and authority before responding. If the request concerns Customer Data controlled by a customer, we may refer the request to that customer.
27. Deletion Requests
Eligible individuals may request deletion of personal information, subject to legal, contractual, security, fraud-prevention, compliance, backup, dispute-resolution, and operational exceptions. Customer Data deletion requests should generally be submitted to the relevant customer controller.
28. Correction Requests
Eligible individuals may request correction of inaccurate personal information. Customers are responsible for correcting Customer Data within their VantixOS workspace unless VantixOS is the controller for the relevant information.
29. Data Portability
Where required by law, eligible individuals may request a portable copy of certain personal information. Customers may export Customer Data using available product tools or by contacting support where supported by the applicable plan.
30. Objection Rights
Where processing is based on legitimate interests, eligible individuals may object to processing under applicable law. We will assess objection requests in accordance with legal requirements, including whether compelling legitimate grounds apply.
31. Children's Privacy
VantixOS is not intended for children and does not knowingly collect personal information from children. Customers must not use VantixOS to knowingly collect or process children's personal information unless they have all legally required authority and safeguards.
32. Marketing Communications
We may send business marketing communications where permitted by law. Recipients may opt out of marketing emails by using unsubscribe mechanisms or contacting support@vantixos.com. Transactional, service, legal, security, and account communications may still be sent.
33. Security Incidents
We maintain incident response procedures designed to identify, investigate, contain, and remediate security incidents. We may notify affected customers or individuals where required by law or contract.
34. Breach Notifications
Where VantixOS determines that a personal data breach requires notification under applicable law, VantixOS will provide notice to affected customers, regulators, or individuals as required, taking into account the nature of the incident, the information involved, legal requirements, and contractual obligations.
35. Changes to Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be posted on the website or communicated through appropriate channels. Continued use of the Services after the effective date of an updated Privacy Policy indicates acknowledgement of the updated policy.
36. Contact Information
Privacy and legal enquiries may be sent to Vantix Operational Systems at legal@vantixos.com. Business and support enquiries may be sent to support@vantixos.com. The VantixOS website is https://www.vantixos.com.