Privacy Policy

Privacy Policy

For individuals in the European Economic Area, United Kingdom, and Switzerland, please see Section 5 for specific disclosures and rights.

We at Board AI, Inc., doing business as Vallor (“Vallor”, “we”, “our” or “us”) respect your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to Personal Data that we collect from or about you when you use our website, applications, and AI contract management software (collectively, “Services”).

This Privacy Policy describes how we handle your Personal Data. Critically, we do not use the content you upload, such as contracts and related documents, to train, improve, or develop our general AI models for other users. The AI analysis performed on your content is solely for the purpose of providing the Services to you.

1. Personal Data We Collect

We collect personal data relating to you (“Personal Data”) as follows:

Personal Data You Provide: We collect Personal Data if you create an account to use our Services or communicate with us as follows:

• Account Information: When you create an account with us, we will collect information associated with your account, including your name, work email address, job title, company name, account credentials, payment information, and transaction history (collectively, “Account Information”).

• User Content: We collect and process the contracts, documents, and any related information you upload, input, or generate within our Services (“User Content”) in order to provide the Services to you. As stated above, we do not use your User Content to train our general AI models.

• Communication Information: If you communicate with us, such as by emailing our support team or filling out a form on our website, we may collect your name, contact information, and the contents of the messages you send (“Communication Information”).

• Survey Information: If you participate in our surveys or research, such as through Typeform, we may collect your name, contact information, and your responses.

Personal Data We Receive from Your Use of the Services: When you visit, use, or interact with the Services, we receive the following information about your visit, use, or interactions (“Technical Information”):

• Log Data: We collect information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol (IP) address, browser type and settings, the date and time of your request, and how you interact with our Services.

• Usage Data: We collect information about your use of the Services, such as the types of features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection. We use tools like Google Analytics and PostHog for this purpose.

• Device Information: We collect information about the device you use to access the Services, such as the name of the device, operating system, device identifiers, and browser you are using.

• Location Information: We may determine the general area from which your device accesses our Services based on its IP address for security reasons and to improve your experience.

• Cookies and Similar Technologies: We use cookies and similar technologies to operate and administer our Services, manage tags via Google Tag Manager, conduct A/B testing, perform analytics, record user sessions with tools like Hotjar and PostHog, and for remarketing purposes with services like LinkedIn Website Retargeting. For more details, please refer to our Cookie Notice.

Information We Receive from Other Sources: We may receive Personal Data from third-party services, for example, if you choose to register or log in to our Services using a third-party account like Google or Microsoft, we will receive information from that service, such as your name and email address, as permitted by your settings on that service.

2. How We Use Personal Data

We may use Personal Data for the following purposes:

• To provide, analyze, and maintain our Services, for example, to process your contracts and provide AI-powered analysis, and to authenticate you as a user.

• To improve and develop our Services and conduct research, for example, to analyze user behavior to improve our application's functionality and user experience. This does not include using your User Content to train our general AI models.

• To communicate with you, including to send you information about our Services, updates, and events, and to respond to your support requests.

• For marketing and advertising, including to present our Services to you on other websites after you have visited our site (remarketing).

• To prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems, architecture, and Services, using monitoring tools like Sentry, LogRocket, and Langsmith.

• To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, Vallor, or third parties.

We may also aggregate or de-identify Personal Data so that it no longer identifies you and use this information for the purposes described above, such as for research and to analyze service usage.

3. Disclosure of Personal Data

We may disclose your Personal Data in the following circumstances:

• Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may disclose Personal Data to vendors and service providers, including:

  • Hosting and Backend Infrastructure: Providers like Amazon Web Services (AWS), Microsoft Azure, and Vercel.

  • AI Service Providers: We send User Content to third-party AI providers such as OpenAI, Anthropic, and Unstructured.io to perform the analysis required to provide our Services. This data is processed according to our instructions and their data processing agreements.

  • Analytics and Performance Monitoring: Providers like Google Analytics, PostHog, Sentry, LogRocket, and Langsmith.

  • Customer Support and Communication: Providers like Intercom.

  • Registration and Authentication Services: Providers like Clerk, Google, and Microsoft for Single Sign-On (SSO).

  • Advertising and Marketing Partners: Providers like LinkedIn for remarketing purposes.

  • Survey and Feedback Tools: Providers like Typeform.

  • Content Delivery: Providers like Google Fonts.

• 
  

• Business Transfers: If we are involved in a strategic transaction, reorganization, bankruptcy, receivership, or transition of service to another provider (a “Transaction”), your Personal Data may be disclosed in the diligence process and transferred to a successor or affiliate as part of that Transaction.

• Government Authorities or Other Third Parties: We may share your Personal Data to comply with a legal obligation, to protect and defend our rights or property, to detect or prevent fraud or illegal activity, or to protect the safety of our users or the public.

• Affiliates: We may disclose Personal Data to our affiliates, meaning an entity that controls, is controlled by, or is under common control with Vallor. Our affiliates will use this Personal Data in a manner consistent with this Privacy Policy.

• Business Account Administrators: If you join a business or enterprise account, the administrators of that account may access and control your Vallor account and your User Content.

  
  

4. Retention

We’ll retain your Personal Data for only as long as we need it to provide our Services to you, or for other legitimate business purposes such as resolving disputes, ensuring safety and security, or complying with our legal obligations. The retention period will depend on factors such as the amount and nature of the data, the potential risk of harm from unauthorized use or disclosure, and any applicable legal requirements.

5. Your Rights and Disclosures for EEA, UK, and Switzerland

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, you have certain statutory rights in relation to your Personal Data. You may have the right to:

• Access your Personal Data and information relating to how it is processed.

• Delete your Personal Data from our records.

• Update or correct your Personal Data.

• Transfer your Personal Data to a third party (right to data portability).

• Restrict how we process your Personal Data.

• Withdraw your consent at any time where we rely on consent as the legal basis for processing.

• Object to how we process your Personal Data.

• Lodge a complaint with your local data protection authority.

You can exercise some of these rights through your Vallor account settings. If you are unable to exercise your rights through your account, please submit your request to support@vallor.ai.

Legal Basis for Processing: We process your Personal Data on the following legal bases: (i) for the performance of the contract between you and Vallor (i.e., to provide the Services); (ii) for our legitimate interests, such as to improve and secure our Services, and for marketing, provided these interests are not overridden by your rights; (iii) with your consent, where required; and (iv) to comply with our legal obligations.

International Data Transfers: Vallor is based in the United States, and we process and store your Personal Data on servers in the U.S. and other jurisdictions. When we transfer your Personal Data from the EEA, UK, or Switzerland, we do so in compliance with applicable data protection laws, using legally valid transfer mechanisms such as the Standard Contractual Clauses.

6. Children's Privacy

Our Services are not directed to, or intended for, individuals under the age of 18. We do not knowingly collect Personal Data from children. If you have reason to believe that a child has provided Personal Data to Vallor through the Services, please contact us at support@vallor.ai. We will investigate any notification and, if appropriate, delete the Personal Data from our systems.

7. Security

We implement commercially reasonable technical, administrative, and organizational measures designed to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error-free. Therefore, you should take special care in deciding what information you provide to the Services.

8. Additional U.S. State Disclosures

Some U.S. state privacy laws require specific disclosures. The following table provides additional information about the categories of Personal Data we collect and how we use and disclose that information.

We do not “sell” Personal Data or “share” Personal Data for cross-contextual behavioral advertising (as those terms are defined under applicable state privacy laws).

Your Rights: Depending on where you live and subject to applicable exceptions, you may have the following privacy rights:

• The right to know information about our processing of your Personal Data, including the right to access your Personal Data.

• The right to request deletion of your Personal Data.

• The right to correct your Personal Data.

• The right to be free from discrimination for exercising your privacy rights.

Exercising Your Rights: You can exercise your rights by submitting a request to support@vallor.ai.

Verification: To protect your Personal Data, we may require you to verify your identity before we can honor your request. If we cannot verify your identity, we may deny your request.

9. Changes to the Privacy Policy

We may update this Privacy Policy from time to in response to changing legal, technical, or business developments. When we do, we will publish the updated version and effective date on this page.

10. How to Contact Us

If you have any questions or concerns not already addressed in this Privacy Policy, please contact us at support@vallor.ai.