Privacy Policy
Effective April 8, 2026. Last updated April 8, 2026.
Vercor AI, Inc. ("Vercor," "we," "us") operates the Vercor platform at vercor.ai. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
1. Data We Collect
Account Information
When you create an account, we collect your name, email address, and organization name through our authentication provider (Clerk). If you subscribe to a paid plan, Stripe processes your payment information. We do not store credit card numbers directly.
Customer Content
This includes documents you upload (RFPs, grants, questionnaires), content you create or edit within Vercor (proposals, answers, outlines), knowledge base documents, and resume files. You retain full ownership of all Customer Content.
Usage Data
We collect information about how you interact with the platform: pages visited, features used, pipeline activity, and performance metrics. We use Google Analytics (GA4) for anonymized site analytics.
2. How We Use Your Data
We use your data to:
- Provide and operate the Vercor platform
- Process your documents through our extraction, drafting, and assembly pipeline
- Generate AI-assisted content (drafts, answers, outlines) based on your uploaded documents and knowledge base
- Process payments and manage your subscription
- Send transactional communications (account updates, billing notices)
- Improve the platform using anonymized, aggregated usage data
3. AI and Your Data
We do not use your data to train AI models.
Neither Vercor nor any of our third-party AI service providers use your Customer Content to train, fine-tune, or improve AI or machine learning models. Your data is processed solely to generate outputs within your account (drafts, extracted requirements, questionnaire answers).
When processing your documents, portions of your content are sent to our AI providers (listed below) via their API services. These providers operate under enterprise agreements that prohibit them from using API inputs for model training.
AI-generated content is provided as a drafting aid. It should not be relied upon without human review. We do not guarantee the accuracy, completeness, or suitability of AI-generated outputs.
4. Third-Party Service Providers
We share data with the following providers only as necessary to operate the platform:
| Provider | Purpose | Data Shared |
|---|---|---|
| Cloudflare | Infrastructure and hosting | Platform data (hosting and storage) |
| AI processing services | Document content for extraction and processing | |
| OpenAI | AI processing services | Document content for AI-assisted generation |
| Clerk | Authentication and user management | Name, email, organization info |
| Stripe | Payment processing | Billing details (Stripe handles payment data directly) |
| Google Analytics | Anonymized site analytics | Page views, interactions (no Customer Content) |
We will update this list if we add new providers. We do not sell your personal information to third parties.
5. Data Security
All data is encrypted in transit (TLS 1.2+) and at rest. Customer Content is stored in tenant-isolated environments. Each organization's documents, knowledge base, resume bank, and drafts are separated from other customers' data.
Access to production systems is restricted to authorized personnel and protected by multi-factor authentication.
6. Data Retention
- Account data: Retained while your account is active.
- Customer Content: Retained while your account is active. Deleted within 90 days of account closure.
- Backups: May persist for an additional 90 days after deletion from production systems.
- Usage data: Retained in anonymized, aggregated form for analytics purposes.
- Payment records: Retained as required by applicable tax and financial regulations.
You may request deletion of your data at any time by contacting us.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Request deletion of your personal data
- Export your data in a portable format
- Opt out of marketing communications
- Object to processing based on legitimate interests
To exercise any of these rights, contact us at privacy@vercor.ai. We will respond within 30 days.
8. For European Users (GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing your data are: performance of our contract with you (providing the service), legitimate interests (improving the platform, preventing fraud), and consent (where applicable, such as marketing communications).
You are the data controller for Customer Content. Vercor acts as a data processor on your behalf. If you need a Data Processing Agreement, contact us at privacy@vercor.ai.
9. For California Residents (CCPA)
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. California residents may request access to, deletion of, or correction of their personal information by contacting privacy@vercor.ai.
10. Sensitive Data
Vercor is not designed to process or store protected health information (PHI), social security numbers, payment card numbers (PCI), or government classified data. Do not upload content containing these data types to the platform.
11. Cookies and Tracking
We use essential cookies for authentication and session management (via Clerk). We use Google Analytics for anonymized site usage data. We do not use advertising cookies or third-party ad trackers.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the platform before the changes take effect. Continued use of the platform after changes constitutes acceptance.