Privacy Policy
1. Introduction
Vantage PSA, LLC (“Vantage,” “we,” “us,” or “our”) operates govantage.co and the Vantage PSA platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information.
By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.
2. Information We Collect
2.1 Information You Provide
Account Information: Name, email, company name, billing address, phone (optional), password (hashed), profile photo (optional).
Payment Information: Credit card details processed by Stripe (we never store full card numbers), billing address, tax IDs.
Business Data: All data you enter, including clients, contacts, projects, time entries, invoices, tickets, agreements, emails, and any other content.
2.2 Automatically Collected Information
Usage Data: Pages visited, features used, clicks, device/browser type, IP address, timestamps, referring URLs.
Cookies: Session cookies (required), preference cookies (optional), analytics cookies (optional).
2.3 Third-Party Information
Email Integration: Emails from addresses you configure for sync. We do not access unrelated emails.
OAuth: Name, email, profile photo from authentication providers. Never your password.
3. How We Use Your Information
- Provide the Service: Account management, transactions, feature delivery, support
- Improve the Service: Usage analysis, bug fixes, feature development
- Communicate: Service announcements, support responses, marketing (with consent)
- Protect: Fraud detection, security, legal compliance
- Aggregate: Anonymized statistics (no individual identification)
3.1 AI and Your Data
DEFAULT: We do NOT use your Business Data to train AI or machine learning models.
Your Business Data is processed only to provide Service features to you. It is not used to train models, improve AI systems, or benefit other customers.
Opt-In AI Improvement Program
You may choose to participate in our AI Improvement Program. If you opt in:
- We may use anonymized, aggregated patterns from your usage to improve AI-powered features
- Identifiable Business Data (client names, financial figures, personal information) is never used
- Your data is never shared with third parties for AI training
- Your data is never used to benefit competitors or build competing products
- You may opt out at any time with immediate effect
What “anonymized, aggregated patterns” means:
Statistical patterns (e.g., “agencies typically structure projects with X phases”), usage patterns (e.g., “users who do X often also do Y”), and workflow patterns (e.g., “common sequences of actions”).
What we exclude from AI training, regardless of your opt-in status:
Client/contact names or details, financial data, invoice amounts, rates, project names or descriptions, email content, and any data that could identify you, your clients, or your business.
To manage your AI Improvement Program participation: Settings → Privacy → AI Improvement Program, or email privacy@govantage.co.
Participation is entirely voluntary. Non-participation has no effect on your access to features or Service quality.
4. How We Share Your Information
We do not sell, rent, or trade your personal information. Ever.
4.1 Service Providers (Subprocessors)
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payments | USA |
| Vercel | Hosting | USA |
| Neon | Database | USA |
| AWS | Infrastructure | USA |
| Resend | USA | |
| PostHog | Analytics | USA/EU |
Full list: govantage.co/legal/subprocessors. We notify you of material subprocessor changes.
4.2 With Your Direction
When you explicitly enable integrations or sharing.
4.3 Business Transfers
In mergers, acquisitions, or asset sales. You will be notified before data becomes subject to a different policy.
4.4 Legal Requirements
When required by law or to protect rights, safety, or property.
4.5 Aggregated Data
Anonymized data that cannot identify you.
5. Data Retention
| Data | Retention |
|---|---|
| Account info | Deletion + 30 days |
| Business Data | Deletion + 30 days |
| Payment records | 7 years (legal) |
| Logs | 90 days |
| Analytics | 26 months (aggregated) |
| Backups | Deletion + 90 days |
6. Data Security
Technical: TLS 1.3, AES-256 encryption, bcrypt hashing, SOC 2 Type II infrastructure, regular penetration testing, vulnerability scanning.
Organizational: Least-privilege access, security training, background checks, incident response procedures, access audits.
Breach Notification: We notify affected users within 72 hours and regulators as required by law.
Your Responsibilities: Strong passwords, 2FA, credential confidentiality, prompt reporting of suspicious activity.
7. Your Rights
All Users
- Access/Export: Settings → Export Data
- Correction: Settings → Account
- Deletion: Settings → Delete Account
- Communications: Unsubscribe links or Settings
- AI Program: Settings → Privacy → AI Improvement Program
California (CCPA/CPRA)
Know, delete, correct, opt-out of sale (we don't sell), non-discrimination, limit sensitive data use. Contact: privacy@govantage.co. Response: 45 days.
Europe (GDPR)
Legal bases: contract, legitimate interests, consent, legal obligation. Additional rights: restriction, objection, portability, withdraw consent, lodge complaints. Transfers via SCCs. Contact: privacy@govantage.co.
8. Cookies
| Type | Purpose | Required |
|---|---|---|
| Essential | Auth, security | Yes |
| Functional | Preferences | No |
| Analytics | Usage patterns | No |
Manage via cookie consent banner or browser settings.
9. Children
Service is not for users under 16. We do not knowingly collect data from children. Contact: privacy@govantage.co.
10. International Transfers
Data is processed in the USA. We use Standard Contractual Clauses for international transfers.
11. Changes
Material changes: 30 days email notice. Continued use after the effective date constitutes acceptance.
12. Contact
Privacy
privacy@govantage.coLegal
legal@govantage.co1981 Memorial Dr #235
Chicopee, MA 01020