Privacy Policy
Last updated: April 2026
Draft — subject to legal review before general availability.
1. Introduction
This Privacy Policy explains how Vantage Advisory Group ("we", "us", "our"), operating VersionForge ("the Service"), collects, uses, stores, and protects your information. We are committed to safeguarding the privacy of our users and handling data responsibly.
2. Data We Collect
Account Information
- Email address (used for authentication and communications)
- Company/organization name
Connector Credentials
- API keys, OAuth tokens, and connection credentials for your connected systems (Workday, NetSuite, Adaptive Planning, Pigment, Stripe, etc.)
- These credentials are encrypted at rest using AES-256-GCM and are never stored in plaintext
Sync Metadata
- Pipeline configurations, schedules, and transform rules you define
- Sync execution logs: timestamps, row counts, status, error messages
- Audit trail data (who ran what, when, and what changed)
Transient Sync Data
- Data extracted from source systems during pipeline execution is processed in memory and is not persisted beyond what is needed for staging, verification, and delivery
Usage Data
- Browser type, page views, and feature usage (collected for product improvement)
- Error reports and performance telemetry
3. How We Use Your Data
- To operate and maintain the Service, including executing your configured pipelines
- To authenticate your identity and secure your account
- To send transactional emails (magic links, sync alerts, error notifications)
- To monitor performance, diagnose issues, and improve the Service
- To comply with legal obligations
We do not sell your personal information. We do not use your synced business data for advertising, training models, or any purpose unrelated to providing the Service.
4. Third-Party Services
The Service relies on the following third-party providers to operate. Each processes only the minimum data necessary for their function:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database and authentication | Account info, encrypted credentials, sync metadata |
| Resend | Transactional email | Email address, email content |
| Sentry | Error monitoring | Error stack traces, browser metadata |
| Trigger.dev | Background job execution | Pipeline configuration, execution metadata |
5. Data Retention
- Account data is retained for the duration of your account and deleted within 30 days of account deletion.
- Sync execution logs are retained for 90 days for audit purposes, then automatically purged.
- Encrypted credentials are deleted immediately upon connector removal or account deletion.
- Transient sync data (extracted rows) is not persisted beyond pipeline execution.
6. Data Security
We implement industry-standard security measures including: encryption at rest (AES-256-GCM for credentials), encryption in transit (TLS 1.2+), row-level security policies on all database tables, and least-privilege access controls. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.
7. Your Rights
Depending on your jurisdiction (including under the GDPR, CCPA, and similar regulations), you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate personal data.
- Deletion: Request deletion of your personal data and account.
- Portability: Request an export of your data in a structured, machine-readable format.
- Restriction: Request that we limit processing of your personal data.
- Objection: Object to processing of your personal data for certain purposes.
To exercise any of these rights, contact us at zaid@vantageadvisory.co. We will respond within 30 days.
8. Cookies
The Service uses strictly necessary cookies for authentication (session tokens). We do not use advertising or tracking cookies. Analytics data, if collected, uses privacy-respecting methods without persistent cross-site identifiers.
9. Children's Privacy
The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact
For questions or concerns about this Privacy Policy or our data practices, contact us at zaid@vantageadvisory.co.