Privacy policy

1. Who we are and what this policy covers

This Privacy Policy explains how GetVectorLogic ("we", "us", "our") collects, uses, shares, and protects personal information in connection with our website at getvectorlogic.com and our lead-response, booking, reputation, and customer-retention software (collectively, the "Service").

We operate the Service primarily for businesses located in the United States. If you are a client or visitor in the United Kingdom or the European Economic Area (EEA), the relevant rights and protections described below also apply to you. This policy is written to meet the requirements of, among others, the FTC Act, applicable US state privacy laws (including the California Consumer Privacy Act as amended by the CPRA), the EU General Data Protection Regulation (GDPR), and the UK GDPR / Data Protection Act 2018.

2. Two different roles: controller and processor

How we handle data — and your rights — depends on whose data it is. This is important, so read it carefully.

A. When we act as a controller. For the personal information of our website visitors, prospects, and account holders (the business owners and staff who sign up for the Service), we decide why and how that data is processed. We are the controller of that information, and this policy governs it directly.

B. When we act as a processor / service provider. The Service lets our clients respond to, qualify, book, and follow up with their own customers, and request reviews from them. When a client uploads or generates contact details and communication records for their customers and routes them through the Service, the client is the controller of that data and we act only as their processor (a "service provider" / "contractor" under US law). We process that data solely on the client's documented instructions, under our agreement with them and, where applicable, a separate Data Processing Addendum (DPA).

If you are an end customer of one of our clients and you have questions about how your data is used, please contact that business directly — they control it. We will assist them in responding to you.

3. Information we collect

Information you give us (controller data):

Account and identity data: name, business name, email, phone number, username, password.

Billing data: billing contact and payment details (card numbers are handled by our payment processor — we do not store full card numbers).

Communications: messages you send us through support, email, chat, or forms.

Marketing data: your preferences for receiving communications from us.

Information we collect automatically (controller data):

Usage and device data: IP address, browser type, device identifiers, pages viewed, referring URLs, timestamps, and interactions with the Service.

Cookies and similar technologies (see Section 8).

Information we process on behalf of clients (processor data):

Contact details of our clients' customers (e.g. name, phone number, email) that the client uploads or collects in order to respond to leads, book appointments, request reviews, and send reminders and follow-ups.

Communication records and responses, including lead and booking activity, message content and delivery status, ratings, feedback, review status, and opt-out status.

We do not seek to collect special-category / sensitive personal data and ask that clients do not route such data through the Service except as strictly necessary and lawful.

4. How we use information, and our legal bases

When we act as a controller, we use personal information for the purposes below. For clients and visitors in the UK/EEA, the GDPR lawful basis for each purpose is shown in brackets.

To provide, operate, and maintain the Service and your account. [Contract]

To process payments, manage subscriptions, and prevent non-payment. [Contract / Legal obligation]

To respond to your enquiries and provide support. [Contract / Legitimate interests]

To improve, secure, and develop the Service, including analytics and fraud prevention. [Legitimate interests]

To send service and transactional messages (e.g. billing, security, important changes). [Contract / Legal obligation]

To send marketing communications, where permitted, and which you can opt out of at any time. [Consent / Legitimate interests]

To comply with law and enforce our terms, and to establish, exercise, or defend legal claims. [Legal obligation / Legitimate interests]

Where we rely on consent, you may withdraw it at any time. Where we rely on legitimate interests, you may object (see Section 11).

When we act as a processor, we use client-controlled data only to deliver the Service to that client and on their instructions.

5. Text messages and email (US TCPA / CTIA, CAN-SPAM, and equivalents)

The Service sends automated text messages (SMS), web-chat messages, and emails — both on behalf of clients (to their customers) and, separately, to our own account holders. The Service does not place AI voice calls.

For our own account holders: by providing your mobile number and opting in, you consent to receive service-related and, where you have agreed, marketing texts from us. Message frequency varies. Message and data rates may apply. Reply STOP to opt out and HELP for help. Consent to marketing texts is not a condition of purchase. We do not sell or share mobile opt-in data or consent with third parties for their own marketing.

For messages we send on a client's behalf: the client is responsible for obtaining and maintaining the legally required consent from each recipient before any message is sent, and for honouring opt-out requests. We provide the tools to capture consent and process opt-outs, but the client is the controller of those communications. See the Acceptable Use section of our Terms and Conditions.

6. Reviews and feedback data

The Service helps clients request reviews from their customers and automatically reply to reviews. We process the resulting data (ratings, feedback, review status) as a processor for the client. The Service requests reviews from customers on a generalized basis and is designed so that every customer who receives a request retains an equally accessible path to post a public review regardless of any private rating or feedback — we do not build, and do not permit clients to use, features that suppress or filter out negative reviews ("review gating"). See the Terms and Conditions for the rules clients must follow.

7. How we share information

We share personal information only as described here. We do not sell personal information, and we do not "share" it for cross-context behavioural advertising as those terms are defined under California and other US state laws.

Service providers who help us operate the Service under contract. These fall into categories such as: cloud hosting and infrastructure; our underlying software platform; messaging and telephony delivery; email delivery; payment processing; and analytics. We require these providers to protect personal information and to use it only to provide services to us.

Our clients, where the data is theirs and we are processing it for them.

Professional advisers (lawyers, accountants, auditors) under confidentiality.

Authorities and others where required by law, to comply with legal process, or to protect rights, safety, and the integrity of the Service.

In a corporate transaction (merger, acquisition, financing, or sale of assets), subject to this policy continuing to apply.

We do not publicly list individual vendors. Business clients may request the categories of recipients and, under a data processing agreement, the specific subprocessors relevant to their data by contacting [email protected].

8. Cookies and tracking technologies

We use cookies and similar technologies to operate the site, remember your preferences, measure performance, and understand usage. You can control cookies through your browser settings and, where we offer one, our cookie banner / preference centre. Non-essential cookies (such as analytics) are set in the UK/EEA only where you have consented. Some features will not work without essential cookies.

9. International data transfers

Some of our service providers may be located in the United States and other countries. Where we transfer personal data originating in the UK or EEA to a country that does not have an adequacy decision, we rely on an appropriate safeguard — such as the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum (IDTA) or Addendum to the SCCs, and/or transfers to providers certified under the EU–US Data Privacy Framework — together with supplementary measures where needed. You can request more information at [email protected].

10. Data retention

We keep personal information for as long as needed to provide the Service, comply with our legal and tax obligations, resolve disputes, and enforce our agreements. Account and billing records are typically retained for the duration of the relationship plus the period required by applicable law. Processor data is retained per the client's instructions and our agreement with them, and is deleted or returned on termination as set out there.

11. Your privacy rights

If you are in the UK or EEA (GDPR / UK GDPR): you have the right to access your data; to rectify inaccurate data; to erase data ("right to be forgotten"); to restrict or object to processing; to data portability; and to withdraw consent where we rely on it. You also have the right to lodge a complaint with your supervisory authority — in the UK, the Information Commissioner's Office (ICO); in the EEA, your local Data Protection Authority. We ask that you contact us first so we can try to resolve it.

If you are in the United States (including residents of California, Virginia, Colorado, Connecticut, Texas, Oregon, Montana, and other states with comprehensive privacy laws), you may have the right to: know and access the personal information we hold about you; correct inaccuracies; delete your personal information; obtain a portable copy; and opt out of any sale, sharing, or targeted advertising and of certain profiling. We do not sell or share personal information as defined under these laws. We will not discriminate against you for exercising your rights, and you may use an authorised agent where the law allows.

How to exercise your rights: email [email protected] with your request. We will verify your identity and respond within the time required by applicable law (generally within 30–45 days). If you are an end customer of one of our clients, please direct your request to that business; we will support them as their processor.

12. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information, including access controls, encryption in transit, and vendor due diligence. No system is perfectly secure, and we cannot guarantee absolute security, but we work to protect your information and to notify you and any regulators of a breach where the law requires.

13. Children's privacy

The Service is for businesses and is not directed to children. We do not knowingly collect personal information from anyone under 16 (or the relevant age in your jurisdiction). If you believe a child has provided us data, contact us and we will delete it.

14. Third-party websites and services

The Service may link to or integrate with third-party sites and services (for example, review platforms and our service providers). Their privacy practices are governed by their own policies, and we are not responsible for them.

15. Changes to this policy

We may update this policy from time to time. We will post the updated version with a new "Last updated" date and, where required, notify you of material changes. Your continued use of the Service after the effective date means you accept the changes.

16. Contact us

GetVectorLogic All enquiries, privacy requests, and rights requests: [email protected]