← Home

Privacy Policy

Last updated: 12 June 2026

Draft for review. This policy is a working template and is not yet legal advice. It should be reviewed by qualified counsel, and the bracketed placeholders (legal entity, jurisdiction, contact addresses) completed, before Vespere serves real customers.

This Privacy Policy explains how [Legal entity name] (“Vespere,” “we,” “us”) collects, uses, and protects information when you use the Vespere platform at cloud.vespere.io and our website at vespere.io (together, the “Service”).

1. Information we collect

Information you provide

Account information — your name, work email, organization, and the people you invite to your account.
Billing information — processed by our payment provider; we store a customer reference and plan, not full card details.
Communications — messages you send us (e.g., support or beta requests).

Information from the tools you connect

When you connect a third-party tool (such as an RMM, MDM, identity, or endpoint-protection platform), Vespere reads operational and configuration data needed to produce device and tooling-health findings — for example device inventory, OS and patch state, encryption and compliance status, and similar signals. We do not collect the content of your end users’ files, emails, or messages. The credentials you provide for these tools are encrypted and used only to retrieve this data.

Information collected automatically

Usage and device data — log data, IP address, browser type, and how you interact with the Service.
Cookies — a strictly necessary session cookie to keep you signed in. We do not use advertising cookies.

2. How we use information

To provide the Service — reconcile your devices, generate findings, and produce guidance and scripts.
To secure and operate the Service, including authentication, abuse prevention, and audit logging.
To communicate with you about your account, security, and service changes.
To process billing and manage your subscription.
To improve the Service. We do not sell your data, and we do not use your connected-tool data to train third-party models.

3. AI-generated guidance

Vespere uses a third-party AI provider to generate the guidance and scripts shown with each finding. Only the minimal finding context needed to produce that output is sent to the provider; your connected-tool credentials are never sent. Vespere generates guidance and scripts only — it never executes anything in your environment. You review and run any script yourself.

4. Service providers

We share information with vendors who process it on our behalf under contract, including:

Amazon Web Services — cloud hosting and storage.
WorkOS — authentication and identity.
Stripe — payment processing.
Anthropic — AI-generated guidance and scripts.

We do not sell personal information.

5. Security

We apply administrative, technical, and physical safeguards appropriate to the sensitivity of the data, including per-account isolation enforced at the database, envelope encryption of connected-tool credentials with per-account keys, encryption in transit and at rest, least-privilege access, and append-only audit logging. No method of transmission or storage is perfectly secure, but we design to limit the blast radius of any single incident to a single tenant.

6. Data retention and deletion

We retain your data for as long as your account is active. When you cancel, we delete or irreversibly de-identify your account data and connected-tool credentials within a reasonable period, except where we must retain limited records for legal, tax, or accounting purposes. You may request export or deletion at any time at privacy@vespere.io.

7. Your rights

Depending on where you live (including under GDPR and CCPA/CPRA), you may have the right to access, correct, delete, or port your personal information, and to object to or restrict certain processing. To exercise these rights, contact us at privacy@vespere.io. We will respond as required by applicable law.

8. International transfers

The Service is operated in the United States. If you access it from elsewhere, your information will be processed in the United States under appropriate safeguards.

9. Children

The Service is intended for businesses and is not directed to children under 16. We do not knowingly collect information from children.

10. Changes

We may update this policy from time to time. We will post the new version here and update the date above; material changes will be communicated to account owners.

11. Contact

Questions about this policy or your data: privacy@vespere.io, [Legal entity name and mailing address].