Legal

Privacy Policy

How Vaaya handles personal information for website visitors, SaaS users, business customers, authorized users, prospects, and research participants.

Last updated: May 11, 2026Applies to: Website, app, research workflows, and support

1. Overview

This Privacy Policy explains how Vaaya.ai collects, uses, discloses, and protects personal information when you visit our website, use our SaaS application, interact with our sales or support teams, participate in research activities, or otherwise use our services.

Vaaya provides B2B research, discovery, intelligence, and go-to-market workflows. In many cases, our business customers decide what personal information is collected and how it is used. When we process personal information on behalf of a customer, we generally act as a processor or service provider. When we operate our website, manage accounts, sell our services, or run our own business operations, we generally act as a controller or business.

2. Personal Information We Collect

Information You Provide

We may collect personal information that you provide directly, including:

  • Name, work email, phone number, company name, job title, and business contact details
  • Account credentials, profile settings, workspace details, and user preferences
  • Billing details, subscription information, tax information, and payment records
  • Messages sent through forms, email, chat, support, surveys, or sales conversations
  • Research prompts, study goals, participant criteria, customer context, and uploaded materials
  • Interview responses, transcripts, recordings, notes, feedback, and related research content

Information Collected Automatically

When you use our website or services, we may automatically collect:

  • Device and browser information, operating system, IP address, and approximate location
  • Log data, page views, referral URLs, session duration, clicks, and feature usage
  • Cookie identifiers, analytics identifiers, and similar tracking technology information
  • Performance, diagnostic, crash, security, and fraud-prevention information

Information From Third Parties

We may receive information from customers, research participants, integrations, identity providers, payment processors, analytics providers, data enrichment providers, communication platforms, and publicly available sources. For example, a customer may provide participant lists or connect a CRM, calendar, email, Slack workspace, or other business tool to Vaaya.

3. Customer Data and Participant Data

Customer Data includes content and data submitted to Vaaya by or for our customers, including research data, interview content, recordings, transcripts, prospect information, participant information, user lists, and integration data. Participant Data includes information about people who participate in, are invited to, or are identified for research.

Where we process Customer Data or Participant Data on behalf of a customer, the customer is responsible for providing required notices, obtaining required consents, and establishing a lawful basis for processing. Vaaya processes this data according to customer instructions, our agreements, and applicable law.

4. How We Use Personal Information

We use personal information to:

  • Provide, operate, secure, monitor, and improve the services
  • Create and manage accounts, authenticate users, and administer workspaces
  • Run research workflows, recruit or contact participants, conduct interviews, analyze content, and generate reports
  • Process payments, manage subscriptions, issue invoices, provide refunds, and prevent fraud
  • Provide customer support, onboarding, training, implementation, and technical assistance
  • Send service notices, security alerts, product updates, and administrative messages
  • Respond to inquiries, demos, feedback, and sales requests
  • Personalize and measure website, product, and marketing performance
  • Debug, audit, enforce terms, prevent abuse, and protect users, participants, customers, and Vaaya
  • Comply with legal obligations and exercise legal rights
  • Create aggregated or de-identified information that does not identify a person

5. Cookies and Analytics

We use cookies, pixels, local storage, and similar technologies to keep users signed in, remember preferences, understand product usage, measure marketing performance, improve the website, and protect the services. We may use analytics and session measurement tools such as Google Analytics, PostHog, Microsoft Clarity, or similar providers.

You can control cookies through your browser settings. Blocking some cookies may affect website or product functionality. Where required by law, we will request consent before using certain non-essential cookies or similar technologies.

6. AI and Automated Processing

Vaaya may use AI models and automated systems to summarize interviews, identify themes, generate research questions, draft outreach, classify signals, and produce reports. We use these systems to support human decision-making and improve research workflows. Customers should review outputs before using them for important business decisions.

Where third-party AI providers are used to deliver the services, we share only the information needed for the relevant feature, subject to our agreements with those providers and applicable customer instructions.

7. How We Share Personal Information

We may share personal information with:

  • Customers: Research data, reports, recordings, transcripts, participant responses, and workflow information may be shared with the customer that requested or configured the research.
  • Service Providers and Subprocessors: Vendors that support hosting, storage, AI processing, analytics, security, payments, email, CRM, support, communications, data enrichment, and product operations.
  • Integrations: Third-party tools that a customer or user connects to Vaaya, such as Slack, email, calendars, CRMs, project management tools, or data sources.
  • Professional Advisors: Lawyers, auditors, accountants, insurers, bankers, and other advisors.
  • Legal and Safety Recipients: Courts, regulators, law enforcement, or other parties when we believe disclosure is required by law or necessary to protect rights, safety, security, or the integrity of the services.
  • Business Transfers: Parties involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets.
  • Aggregated or De-identified Data: Information that does not identify a person and is used for analytics, benchmarking, research, or product improvement.

8. Legal Bases for Processing

Where applicable law requires a legal basis, we process personal information based on one or more of the following: performance of a contract, legitimate interests, consent, compliance with legal obligations, protection of vital interests, or another lawful basis available under applicable law. When we process personal information on behalf of a customer, the customer determines the applicable legal basis.

9. International Transfers

Vaaya is based in the United States, and personal information may be processed in the United States and other countries where Vaaya, customers, service providers, or subprocessors operate. These countries may have privacy laws that differ from those in your location. Where required, we use appropriate safeguards such as standard contractual clauses or other lawful transfer mechanisms.

10. Retention

We retain personal information for as long as needed to provide the services, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, protect security, and support legitimate business purposes. Customer Data retention may be controlled by the customer's subscription, workspace settings, written agreement, or deletion instructions.

When personal information is no longer needed, we delete, de-identify, or aggregate it according to our retention practices, unless we are required to keep it longer by law or legitimate business needs.

11. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. These safeguards may include access controls, authentication, encryption in transit, vendor review, logging, monitoring, backups, and internal policies. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Customers are responsible for managing authorized users, configuring integrations, limiting access to Customer Data, and using the services in a secure manner.

12. Your Rights and Choices

Depending on your location and relationship with Vaaya, you may have rights to access, correct, delete, export, restrict, or object to processing of your personal information. You may also have the right to withdraw consent or opt out of certain marketing communications.

If your request relates to personal information that we process on behalf of a customer, we may direct the request to that customer or ask you to contact the customer directly. To submit a request, contact privacy@vaaya.ai.

13. Marketing Communications

You may opt out of marketing emails by using the unsubscribe link in the email or contacting us. Even if you opt out of marketing, we may still send transactional, security, billing, account, or service-related communications.

14. California Privacy Notice

If California privacy law applies, California residents may have rights to know, access, correct, delete, and receive information about categories of personal information collected, disclosed, or shared. They may also have rights to opt out of certain sharing or sale of personal information and to limit use of sensitive personal information.

Vaaya does not knowingly sell personal information for money. We may use analytics or advertising technologies that could be considered sharing under certain laws. Where required, we will provide a method to exercise applicable opt-out rights.

15. European, UK, and Swiss Privacy Rights

If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have additional rights under applicable data protection laws. These may include rights of access, correction, deletion, portability, restriction, objection, and complaint to a supervisory authority. Where Vaaya is a processor, we assist the relevant customer in responding to requests as required by our agreement and applicable law.

16. Children

The services are intended for business use and are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to Vaaya, contact us and we will take appropriate steps.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify users, such as posting the updated policy on our website with a new Last Updated date or notifying account administrators.

18. Contact Us

If you have questions about this Privacy Policy, privacy requests, or data protection practices, contact us:

General Inquiries: info@vaaya.ai

Privacy Requests: privacy@vaaya.ai