Legal
Privacy Policy
Last updated
January 5, 2026
This Privacy Policy explains how Vantel collects, uses, shares, and protects personal data when you visit our website or use our products and services.
Scope and roles
Website visitors and marketing contacts: Vantel is the data controller for personal data processed for our website, communications, sales, and marketing.
Customers using the product: When our customers upload or process personal data in the Service (for example policy documents, tenders, emails, or claims related materials), Vantel typically acts as a data processor on behalf of the customer, who is the controller. In that case, processing is governed by the customer agreement and, where applicable, a data processing agreement (DPA). If you have questions about customer controlled data, contact the customer organization first.
Personal data we collect
a. Data you provide to us: name, work email, phone number, company, job title, and any information you include in messages, forms, demos, support tickets, or other communications.
b. Account and usage data: user account details, authentication data, workspace settings, user activity logs, feature usage, and support interactions.
c. Content processed in the Service: documents, text, and other inputs uploaded by customers and users, and generated results (for example extracted fields or summaries), to the extent they include personal data.
d. Device and website data: IP address, device identifiers, browser type, pages visited, referring URLs, and cookie or similar technology data.
How we use personal data
We use personal data to:
a. provide, operate, and maintain the Services, including authentication, workspace administration, and customer support
b. secure the Services, prevent abuse, monitor performance, and debug issues
c. process payments, manage subscriptions, and administer accounts
d. communicate with you about product updates, security notices, and support
e. market our Services, run events, and manage sales activities (where permitted)
f. comply with legal obligations and enforce our agreements.
Legal bases for processing
Where GDPR applies, we rely on one or more of the following legal bases:
a. performance of a contract (for example providing the Services and support)
b. legitimate interests (for example security, fraud prevention, service improvement, and B2B marketing where allowed)
c. consent (for example certain cookies or marketing communications where required)
d. compliance with legal obligations.
AI features and training
The Services may generate outputs based on inputs. Customer content is processed to provide the requested functionality.
We do not use customer content to train general purpose models for other customers unless the customer has explicitly opted in via a written agreement or an in product setting that clearly describes the scope. We may use aggregated, anonymized, or deidentified usage metrics to improve reliability, security, and product performance.
How we share personal data
We may share personal data with:
a. service providers and subprocessors that help us run the Services (for example hosting, analytics, customer support, email delivery, payments, and authentication)
b. professional advisors (for example auditors, lawyers, and accountants)
c. authorities or other parties where required by law or to protect rights, safety, and security
d. successors in a merger, acquisition, or sale of assets, subject to standard confidentiality protections.
We do not sell personal data.
International data transfers
If personal data is transferred outside the European Economic Area, we use appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, and additional measures where required.
Data retention
We retain personal data only as long as necessary for the purposes described in this policy, including providing the Services, complying with legal obligations, resolving disputes, and enforcing agreements. Customer content retention and deletion are primarily controlled by the customer contract, workspace settings, and any DPA.
Security
We maintain technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. No system is completely secure, and you are responsible for maintaining the security of your account credentials and devices.
Your rights and choices
Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing, and to data portability. You may also withdraw consent where processing is based on consent.
Marketing emails: you can unsubscribe using the link in the message or by contacting us.
If we process your data as a processor for a customer, we may need to direct your request to that customer.
Cookies and similar technologies
We use cookies and similar technologies to operate the website, remember preferences, understand site performance, and, where applicable, support marketing. You can control cookies through your browser settings and, where available, our cookie banner or preferences tool. Blocking certain cookies may affect website functionality.
Contact and updates
Questions or requests: privacy@vantel.com
Data protection contact: Ulme Wennberg, ulme@vantel.com
We may update this Privacy Policy from time to time. If changes are material, we will provide notice by appropriate means, such as on the website or via email.