Trust & Data

Last updated

1. Plain-Language Commitments

This page is the short version. The legal versions live in our Privacy Policy, Terms of Service, and Security pages. If anything here conflicts with those, those control.

2. Your IP stays yours

Everything you bring into VenturOS - your idea, your repo, your documents, your conversations with your Team - stays yours. Everything VenturOS produces for you (briefs, plans, copy, analyses, code suggestions) also stays yours. We are a processor of your data, not an owner of it.

  • You own your inputs: idea, repo context, uploaded docs, and Team conversations.
  • You own all AI-generated outputs produced for you.
  • We do not share, sell, license, or expose your data to other users or to third parties, except sub-processors required to run the service (listed on our Security page).
  • We do not use your data, code, or conversations to train, fine-tune, or evaluate any AI model - ours or our providers'. AI providers we use are configured to disable training on customer data and contractually bound to that.
  • GitHub access is strictly read-only. We never write to your repo.
  • You can export or delete your data on demand. Deletion timelines are in section 7 below.

3. What We Do

  • We process your data only to operate VenturOS for you.
  • We give you full ownership of your inputs and your AI-generated outputs.
  • We keep GitHub access strictly read-only.
  • We encrypt your data in transit and at rest.
  • We let you delete your account and your data on demand.

4. What We Don't Do

  • We do not sell your data. Ever.
  • We do not train AI models on your code, your business data, or your conversations.
  • We do not let our AI providers train on your data.
  • We do not share your idea, your repo, or your outputs with other users.
  • We do not write to your GitHub repository.
  • We do not share your data with third parties for advertising.
  • We do not use dark patterns to keep you in the product.

5. What We Collect

The minimum required to run the service:

  • Account basics: name, email, authentication tokens.
  • Workspace data you create or upload: repo context, business documents, conversations with your Team.
  • Technical usage: pages visited, errors, performance metrics - used to keep the product working.
  • Billing data, processed by our payment partner if you subscribe to a paid plan.

6. GDPR & Your Rights

If you are in the EEA, the UK, or another GDPR-aligned jurisdiction, you have the right to:

  • Access the data we hold about you.
  • Correct data that is inaccurate.
  • Delete your account and your data.
  • Export your data in a portable format.
  • Restrict or object to certain processing.
  • Withdraw consent for any consent-based processing.

Exercise any of these rights by emailing hello [at] ventur-os.com. We respond within 30 days.

7. Deletion

When you delete your account:

  • Account data is removed within 30 days (we keep it briefly to allow accidental-deletion recovery).
  • Workspace data is removed within 90 days.
  • Repository context from GitHub disconnections is purged within 24 hours.
  • Backups are rotated out within 90 days.
  • Aggregated, anonymised analytics may persist beyond this - these contain no personal identifiers.

8. International Data Transfers

Some of our sub-processors operate in the US. We use Standard Contractual Clauses (SCCs) and equivalent safeguards required by GDPR for these transfers. See our Security page for the full sub-processor list.

9. Reporting an Issue

Privacy concern, data request, or security issue: hello [at] ventur-os.com. We acknowledge within 72 hours.