Skip to content

LEGAL

Privacy Policy

How we collect, use, protect, and share information across our AI research and enterprise products.

← Back home

Last updated: 1 July 2026

1. Introduction

Vesper Labs ("Vesper Labs", "we", "us", or "our") is an artificial intelligence research lab that builds secure, intelligent systems for enterprises, governments, and communities. This Privacy Policy explains how we handle information in connection with our websites, products, platforms, and related services (collectively, the "Services").

We design our Services with privacy and security as first-order requirements. Because many of our customers operate in regulated enterprise and public-sector environments, we hold ourselves to standards appropriate for sensitive workloads. This policy describes the categories of information we process, the purposes for which we process it, and the choices and rights available to you.

This policy applies to information we control as an operator of our Services. Where we process information on behalf of a customer under a separate agreement, that customer is the controller of the relevant data, and their instructions and terms govern our processing.

2. Information We Collect

Information you provide directly. When you contact us, request a demonstration, register for an account, or otherwise communicate with us, we may collect details such as your name, business email address, organisation, role, and the contents of your messages.

Information collected automatically. When you interact with our websites and platforms, we may collect technical information such as IP address, device and browser characteristics, pages viewed, referring URLs, and timestamps. We use privacy-respecting analytics to understand aggregate usage and improve our Services.

Customer and operational data. When an organisation uses our products, our systems may process configuration data, usage telemetry, security signals, and content submitted through the product. The specific data processed depends on the product and the customer configuration, and is governed by the applicable customer agreement.

3. How We Use Information

We use information to provide, operate, secure, and improve our Services; to respond to enquiries and provide support; to detect, investigate, and prevent security incidents, fraud, and abuse; and to comply with legal obligations.

We use aggregated and de-identified information to analyse performance, conduct research, and enhance the reliability and safety of our AI systems. We do not use customer content to train foundation models except where a customer has explicitly instructed us to do so under a written agreement.

Where we rely on consent for a specific use, you may withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

4. Data Security

We apply administrative, technical, and organisational safeguards designed to protect information against unauthorised access, disclosure, alteration, and destruction. These include encryption of data in transit and at rest, least-privilege access controls, network segmentation, logging and monitoring, and regular security reviews.

Our engineering practices follow zero-trust principles, and access to production systems and sensitive data is restricted, authenticated, and audited. Despite these measures, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

If we become aware of a security incident affecting personal information, we will respond in accordance with applicable law and any commitments made in our customer agreements, including timely notification where required.

5. Data Sharing & Third Parties

We do not sell personal information. We share information only as necessary to operate our Services and as described in this policy.

Service providers. We engage vetted vendors—such as cloud infrastructure, security, and analytics providers—to perform services on our behalf. These providers are bound by contractual obligations to protect information and to process it only for the purposes we specify.

Legal and safety. We may disclose information where we believe in good faith that disclosure is required by law, legal process, or a governmental request, or is necessary to protect the rights, safety, and security of our users, our Services, or the public. In corporate transactions such as a merger, acquisition, or asset sale, information may be transferred subject to the commitments in this policy.

6. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes described in this policy, including to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

Retention periods vary based on the type of information, the context in which it was collected, and applicable legal and contractual requirements. When information is no longer needed, we delete it or de-identify it using reasonable measures.

For customer data processed on behalf of an organisation, retention and deletion are governed by the applicable customer agreement and the customer’s configured settings.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, update, port, restrict, or delete personal information we hold about you, and to object to certain processing. You may also have the right to lodge a complaint with a supervisory authority.

To exercise these rights, please contact us using the details in the Contact section below. We will respond within the timeframes required by applicable law and may need to verify your identity before acting on a request.

If your personal information was provided to us by an organisation using our Services, we may direct your request to that organisation, which acts as the controller of the relevant data.

8. International Transfers

We operate globally, and information may be processed and stored in countries other than the one in which it was collected. These countries may have data protection laws that differ from those in your jurisdiction.

Where we transfer personal information across borders, we implement appropriate safeguards—such as standard contractual clauses or equivalent mechanisms—to ensure the information receives an adequate level of protection consistent with applicable law.

9. Children’s Privacy

Our Services are designed for organisations and business users and are not directed to children. We do not knowingly collect personal information from children.

If we learn that we have collected personal information from a child without appropriate consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice.

We encourage you to review this policy periodically. Your continued use of the Services after an update becomes effective indicates your acknowledgement of the revised policy.

11. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us by email at info@vesperlabs.in. We are committed to working with you to resolve any concerns about your privacy.

Questions about this policy? Email us at info@vesperlabs.in.