Privacy Policy

Last updated: April 17, 2026

1. Information We Collect

Account Data. When you create an account, we collect your name, email address, company name, and role (contractor or funder). We do not store passwords directly; authentication is managed by our infrastructure provider, Supabase.

Usage Data. We collect information about how you interact with the platform, including pages visited, features used, timestamps of activity, and device/browser information. This data is used to improve the service and diagnose issues.

Payment Data. Payment processing is handled entirely by Stripe. Vektrum does not store credit card numbers, bank account details, or other sensitive payment credentials. Stripe may collect information in accordance with their own privacy policy.

2. How We Use Information

  • Service Delivery. To operate the platform, process milestone governance, and facilitate communication between contractors and funders.
  • Fraud Prevention. To detect, investigate, and prevent fraudulent transactions and unauthorized access.
  • Legal Compliance. To comply with applicable laws, regulations, and legal processes.
  • Platform Improvement. To analyze usage patterns and improve the functionality, reliability, and security of Vektrum.

3. Data Sharing

We share data only with the following categories of third parties, and only as necessary to operate the service:

  • Stripe for payment processing and Stripe Connect account management.
  • Supabase for authentication and database infrastructure.
  • AI Service Providers for automated draw review analysis, using only project and milestone metadata (never personal financial data).

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

4. Data Retention

Account data is retained for as long as your account is active. Audit log entries and transaction records are retained indefinitely for compliance and dispute resolution purposes.

Upon account closure, personal data (name, email, company) is deleted within 30 days. Anonymized transaction and audit records may be retained for legal and compliance obligations.

5. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct any inaccurate or incomplete personal data.
  • Delete your personal data, subject to legal retention requirements.
  • Export your data in a portable format.

To exercise any of these rights, contact us at support@vektrum.io.

6. Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest.
  • SOC 2 aligned infrastructure through our cloud and database providers.
  • Role-based access control with a principle of least privilege.
  • Immutable audit logging for all sensitive operations.

7. Contact

If you have questions about this Privacy Policy or our data practices, contact us at support@vektrum.io.