Privacy Policy

This Privacy Policy explains how VantedgeAI, Inc. ("Kela", "we", "us") collects, uses, and protects information about you when you use our fund management and virtual data room platform at www.kela.com (the "Service"). By using the Service you agree to the practices described in this policy.

1. Information We Collect

Account information. When you create an account we collect your name, email address, job title, and organization name.

Content you provide. Documents, files, notes, Q&A responses, and other content you upload or create inside Kela data rooms, deal pipelines, or LP CRM records.

Connected services. If you connect a Google, Microsoft, or IMAP inbox to Kela's LP CRM inbox-scan feature, we access email metadata (sender, recipient, subject, date, and message body) solely to identify and create LP contact records in your CRM. See Section 5 for full details on Google data.

Usage and technical data. Page views, feature interactions, session activity, IP address, browser type, and device information, collected via server logs and in-product analytics.

2. How We Use Your Information

• To provide, operate, and improve the Kela platform.
• To authenticate users and enforce per-room access controls and audit logs.
• To run AI features you explicitly invoke (document analysis, LP matching, deal screening) using data you have uploaded or connected.
• To send transactional and service-related emails (invitations, notifications, security alerts).
• To comply with applicable legal obligations and respond to lawful requests from authorities.

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

3. Data Storage and Security

All files stored in Kela are encrypted at rest (AES-256) and in transit (TLS 1.3). Access is controlled by role-based permissions and logged in an immutable audit trail. Our infrastructure runs on Vercel (serverless compute) and Neon (managed PostgreSQL). File storage uses DigitalOcean Spaces with server-side encryption.

Kela's infrastructure is SOC 2 Type I certified. Our security controls — covering availability, confidentiality, and processing integrity — have been independently audited and certified.

Our full security posture, subprocessor list, and trust documentation is available at kela.com/trust.

4. Subprocessors

Kela uses a limited set of sub-processors to deliver the Service:

• Vercel — serverless compute and edge hosting
• Neon / Neon Tech — managed PostgreSQL database
• DigitalOcean Spaces — encrypted file storage
• Google Gemini API — AI inference for document analysis, deal screening, and LP matching (data sent to Google's API is governed by Google's API terms and not used to train Google's models)
• SendGrid / SMTP — transactional email delivery

We do not use OpenAI or other third-party AI providers. A complete and current subprocessor list is maintained at kela.com/trust.

5. Google API Data — Gmail and Calendar

Kela's LP CRM and Calendar features optionally connect to your Google Account using OAuth 2.0. The following explains exactly what we access and how we use it.

Scopes requested:

• gmail.readonly — read-only access to your Gmail inbox
• calendar.readonly — read-only access to your Google Calendar events
• openid, email, profile — to verify your identity when signing in

Gmail data. When you connect a Gmail inbox to Kela's LP CRM inbox scan, we read emails in your inbox to identify communications from limited partners (LPs) and counterparties. We extract sender name, sender email, subject, date, and message text. This data is used solely to:

• Create or update LP contact records in your organization's CRM within Kela.
• Associate emails with existing LP or deal records for relationship tracking.

Calendar data. When you connect Google Calendar, we read upcoming event titles, dates, attendee email addresses, and meeting links (e.g., Zoom, Google Meet) to display meetings on deal cards and LP records within Kela.

What we do NOT do with Google data:

• We do not store the full body of emails beyond what is needed to create a CRM record.
• We do not use Gmail or Calendar data to serve advertisements.
• We do not share Gmail or Calendar data with any third party, except as required to operate the Service (e.g., storing derived CRM records in our database).
• We do not allow humans to read your email or calendar content except when you explicitly request support and grant us permission.
• We do not use Gmail or Calendar data to train AI or machine learning models.

Kela's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

You can revoke Kela's access to your Google Account at any time by visiting myaccount.google.com/permissions and removing Kela. You can also disconnect the inbox or calendar from within Kela's settings.

6. Data Retention

We retain your account data for as long as your account is active. Upon account deletion, personal data is purged within 30 days. Derived CRM records (contact names, email addresses) from connected Gmail accounts are deleted along with your organization data upon account closure. Audit logs may be retained for up to 7 years for compliance and legal purposes.

7. Cookies and Tracking

Kela uses session cookies required to authenticate users and maintain secure sessions. We do not use third-party advertising cookies or cross-site tracking technologies. You can configure your browser to refuse cookies, though some features of the Service will not function without them.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your personal data (right to erasure).
• Port your data to another service.
• Object to certain processing activities.

To exercise any of these rights, email privacy@vantedgeai.com. We will respond within 30 days. For data connected via Google, you can also revoke access directly at myaccount.google.com/permissions.

9. GDPR — Users in the European Economic Area

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, VantedgeAI, Inc. is the data controller of your personal data. We process your data on the following lawful bases:

• Contract — processing necessary to provide the Service you have signed up for.
• Legitimate interests — security logging, abuse prevention, and service improvement, where those interests are not overridden by your rights.
• Legal obligation — compliance with applicable law and lawful requests from authorities.
• Consent — for optional features such as Google Gmail or Calendar integration, where you explicitly connect your account.

In addition to the rights listed in Section 8, EEA users have the right to restrict processing and to lodge a complaint with your local supervisory authority (for example, the Irish Data Protection Commission if you are in Ireland). We do not transfer personal data outside the EEA or UK except to sub-processors listed in Section 4 that have executed standard contractual clauses or operate under an equivalent adequacy mechanism.

10. Children's Privacy

Kela is a business-to-business platform intended for use by organizations and their authorized personnel. We do not knowingly collect personal data from anyone under the age of 18.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify account administrators by email.

12. Contact

For privacy-related requests or questions, contact us at ravi@vantedgeai.com or privacy@vantedgeai.com, or write to:
VantedgeAI, Inc.
Norwalk, CT, USA