Legal
Privacy Policy
Clear terms, plain structure, and the details you need to understand how Vuo works, how we handle data, and what governs the service.
Legal Pages
Before You Read
These documents are written to be reference-friendly. If you need clarification on anything here, contact us through support and we will point you to the relevant section.
Last updated March 2026
This Privacy Policy explains how Boot Ventures VOF (“we”, “us”, or “Boot Ventures”) collects, uses, shares, and protects personal data when you use Vuo (the “Service” or “Vuo”). Our registered address is Av. J.R. Collon 45, 1200 Brussels, Belgium.
If you have questions about this Policy or want to exercise your rights, please contact us at [email protected] or [email protected].
1. Summary — key points
- We act as the data controller for personal data collected through Vuo and process data to provide, maintain, bill for, and improve the Service.
- We rely on lawful bases such as performance of a contract, legitimate interests, and consent (where required). See Section 6. (GDPR basics and data subject rights are described below).
- We share data with third-party service providers (e.g., payment, authentication, AI and security providers) to operate the Service. See Section 7. (examples: Stripe, Google, OpenAI, Cloudflare).
- You have rights (access, rectification, erasure, portability, restriction, objection). You can lodge a complaint with the Belgian supervisory authority: Gegevensbeschermingsautoriteit (contact details in Section 12).
2. What personal data we collect
We collect the minimum personal data needed to provide the Service. This may include:
Account & identity data
- Name, email address, password (hashed), profile data, organization/team details.
Contact & billing data
- Billing address, invoice details, payment instrument metadata (Stripe processes payment card details). We do not store raw card numbers on our servers — payment is handled by our payment processor.
Service usage & technical data
- IP address, device and browser information, login timestamps, usage logs, analytics and performance metrics, crash reports.
Monitoring inputs & results
- URLs, prompts, monitoring configurations, the tracked changes we store, AI summaries generated for you, and any notes or tags you attach to alerts. (This is “User Content”.)
Communications
- Support requests, emails, and other messages you send to us.
Cookies & similar technologies
- See our Cookie Policy for details.
3. How we use your personal data (purposes)
We process personal data for purposes necessary to run Vuo:
- To provide the Service, including account creation, authentication, monitoring, alerting, delivering AI summaries, integrations (e.g., Slack), and customer support. (Performance of contract.)
- Billing & fraud prevention, including charging via our payment processor, handling refunds, and fraud detection. (Performance of contract and legitimate interests.)
- Security and abuse prevention, to detect and prevent attacks, abuse, and unauthorized access. (Legitimate interests.)
- Service improvement and research, including training, testing, and improving our AI models using aggregated/anonymized data (or as otherwise stated). Where required, we will ensure appropriate safeguards; we may also use processors that have their own data policies (see Section 7). (Legitimate interests / performance of contract / consent as appropriate.)
- Legal compliance, to meet legal obligations (e.g., respond to lawful requests, tax recordkeeping).
- Marketing and communications, with your consent where required (e.g., email newsletters).
4. Legal bases for processing (EU / GDPR users)
For users in the European Economic Area (EEA) and the UK, the GDPR requires a legal basis for processing personal data. We rely on the following bases where applicable:
- Performance of a contract (Art. 6(1)(b) GDPR): to provide the Service, billing, and the features you request (e.g., alerts).
- Legitimate interests (Art. 6(1)(f) GDPR): for security, fraud prevention, service improvement, and internal analytics — balanced against user rights and freedoms.
- Consent (Art. 6(1)(a) GDPR): for non-essential processing such as marketing communications or certain cookie-based tracking where required by law.
- Legal compliance: where processing is necessary to comply with legal obligations.
5. Automated decisions & profiling (AI)
Vuo uses automated processing (AI) to generate summaries, detect relevant changes, and prioritize alerts. AI results are intended to assist you — they may be incomplete or incorrect. You should not rely solely on automated outputs for important decisions. Where automated processing produces legal or similarly significant effects, you have rights under applicable law (including the right to obtain human review and to object). If automated processing produces legal or similarly significant effects concerning you, you have the right to request human review of the decision, to express your point of view, and to obtain additional information about the logic involved in the processing. You may exercise these rights by contacting [email protected].
6. Sharing and third-party processors
To operate the Service we share personal data with trusted third parties who process data on our behalf:
- Stripe — payment processing and transaction records. Stripe’s privacy and transfer practices apply to payment data.
- Google — optional OAuth authentication and identity verification.
- Cloudflare — CDN, DNS, DDoS protection, and security services.
- OpenAI — AI model inference for summaries and analysis. Please note third-party AI providers have their own data policies (see OpenAI’s Privacy Policy).
We may use additional processors (hosting, analytics, email delivery, SMS providers, messaging integrations). We vet processors, require contractual commitments (e.g., standard contractual clauses or other safeguards) and limit access to personal data to what is necessary for them to perform their services.
AI Processing Providers
We use third-party AI providers (for example OpenAI) to perform model inference for summaries and analysis. When you submit prompts, URLs, or other inputs that require AI processing, those inputs may be transmitted to and processed by the AI provider.
We configure our AI integrations to limit retention and prevent use of customer inputs for model training where such options are contractually available. However, processing is still performed by the third-party provider in accordance with their data processing terms.
If you do not want your content transmitted to an external AI provider, you should not submit it through AI-powered features of the Service.
7. International transfers of personal data
Some of our service providers are located outside the European Economic Area (EEA), including in the United States.
Where personal data is transferred outside the EEA, we rely on appropriate legal safeguards such as:
- European Commission adequacy decisions; or
- Standard Contractual Clauses (SCCs) approved by the European Commission.
Where required, we also implement supplementary safeguards to protect personal data during international transfers.
You may request additional information about these safeguards by contacting [email protected].
8. Data retention
We retain personal data only as long as necessary for the purposes described:
- Account data: retained for the active lifetime of the account and for a reasonable period after account closure to comply with legal and contractual obligations (e.g., accounting records).
- Billing records & invoices: retained for tax and accounting purposes (typically up to 7 years where required by law).
- Monitoring data (tracked changes & AI outputs): retained to provide historical alerts and service functionality. When you delete an alert or close an account, we will delete associated user content subject to technical constraints and our retention schedule — aggregated or anonymized data used for improvement may be retained indefinitely.
- Logs and backups: retained for operational, security, and compliance reasons for limited periods.
If you want specific retention durations adjusted, contact us at [email protected]; we will consider requests in line with legal obligations.
9. Your rights & how to exercise them
Under applicable data protection laws (including the GDPR) you may have the right to:
- access the personal data we hold about you;
- correct inaccurate or incomplete data;
- request deletion (the “right to be forgotten”) subject to legal limitations;
- restrict or object to certain processing activities;
- request data portability (receive your data in a machine-readable format);
- withdraw consent (where processing is based on consent) without affecting processing done prior to withdrawal;
- lodge a complaint with a supervisory authority.
To exercise your rights, contact [email protected]. We may ask for information to verify your identity before responding. For more information on rights under the GDPR and timelines, see official GDPR guidance.
If you remain unsatisfied, you may lodge a complaint with the Belgian Data Protection Authority: Gegevensbeschermingsautoriteit (GBA/APD) — Drukpersstraat 35, 1000 Brussel; phone +32 (0)2 274 48 00; [email protected].
10. Security
We implement reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration. These measures include encryption in transit, access controls, periodic security reviews, and vulnerability scanning. However, no system is 100% secure — if a security incident affects your personal data, we will follow applicable breach notification rules and inform affected individuals and regulators where required by law.
Where required by applicable law, we will notify relevant supervisory authorities of personal data breaches within the legally required timeframes (for example within 72 hours under the GDPR).
11. Age Requirements
The Service is intended for users who meet the minimum legal age to create an account.
For users in the European Economic Area (EEA), the minimum age is 16 years old, or a lower age where permitted by local law.
For users outside the EEA, the minimum age to create an account is 18 years old.
We do not knowingly collect personal data from individuals below the applicable minimum age. If you believe that we have collected personal data from a child below that age, please contact us at [email protected] and we will take steps to delete such data.
12. Changes to this Policy
We may update this Privacy Policy from time to time. We will post the revised Policy on the Vuo site with the “Last updated” date. Material changes will be communicated via email to account holders or via a notice on the Service.
13. Contact & controller information
Controller: Boot Ventures
Address: Av. J.R. Collon 45, 1200 Brussels, Belgium
Emails: [email protected], [email protected]
If you have privacy questions, want to exercise your rights, or want to request deletion or data export, please contact [email protected].