Privacy Policy

    Last updated

    May 2026 update: Added GitHub repository data category, refined description of financial data handling, refreshed AI training-data exclusion language.

    1. Who We Are

    VenturOS is operated by Venture Operating Systems - FZCO ("VenturOS," "we," "us," or "our"), a Free Zone Company registered at DTEC, Dubai Silicon Oasis, Dubai, United Arab Emirates. We are the data controller for the personal data processed through our platform at ventur-os.com and associated services.

    For any privacy-related questions, contact us at: hello@ventur-os.com

    2. What Data We Collect

    Account & Authentication Data

    When you create an account, we collect: full name, email address, display name, profile photo (optional), account ID, hashed password, and authentication tokens.

    Workspace & Business Data

    In the course of using VenturOS, you and your team may upload or input: company information (name, stage, industry), financial data you choose to share (revenue, expenses, projections), pitch decks and documents, GitHub repository contents (read-only when you connect a repo), OKRs and milestones, team member information, and other business data you choose to enter.

    Technical & Usage Data

    We automatically collect: IP address, browser type and version, device type and operating system, pages visited and features used, session duration and interaction events, crash reports and error logs, and referral source.

    Payment Data

    If you subscribe to a paid plan, our payment processor collects billing information. We do not store full credit card numbers on our servers.

    3. What We Do NOT Collect

    We do not collect: biometric data, health or medical information, religious or political affiliations, racial or ethnic origin, sexual orientation, genetic data, data from minors (our service is not directed at anyone under 18), or contacts, calendars, or social graphs from your device.

    4. How We Use Your Data

    • Service delivery: To operate, maintain, and improve VenturOS and provide you with the features you use.
    • Authentication & security: To verify your identity, protect your account, and detect fraud or abuse.
    • AI features: To power AI-assisted features within the platform. Your business data may be sent to AI providers for processing your specific requests. We do not use your data to train third-party AI models.
    • Communication: To send you service-related notices, respond to support requests, and (with your consent) send product updates.
    • Analytics: To understand how VenturOS is used, diagnose issues, and improve the product.
    • Legal compliance: To comply with applicable laws, regulations, and legal processes.

    5. Legal Basis for Processing (GDPR)

    If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction where GDPR or similar legislation applies, we process your data on the following legal bases:

    • Contract performance: Processing necessary to provide you the VenturOS service you signed up for (Article 6(1)(b) GDPR).
    • Legitimate interests: Analytics, security, fraud prevention, and product improvement, where these interests are not overridden by your rights (Article 6(1)(f) GDPR).
    • Consent: Marketing communications and optional cookies, which you can withdraw at any time (Article 6(1)(a) GDPR).
    • Legal obligation: Where we are required to process data by law (Article 6(1)(c) GDPR).

    6. AI Data Processing

    VenturOS uses artificial intelligence to provide features such as automated analysis, content generation, and strategic recommendations. When you use AI-powered features:

    • Your data is sent to third-party AI providers solely to process your specific request.
    • We do not permit AI providers to use your data for training their models.
    • AI outputs are generated based on your inputs and are not shared with other users.
    • You retain full ownership of your inputs and the AI-generated outputs.

    We contractually require our AI providers to maintain confidentiality and not retain your data beyond what is necessary to fulfill the request.

    7. Third-Party Service Providers

    We use the following categories of service providers who may process your data on our behalf:

    Provider CategoryPurposeData Region
    Cloud hostingInfrastructure and storageEU / US
    AuthenticationAccount sign-up and loginEU
    AI inferenceAI-powered featuresUS
    AnalyticsProduct usage analyticsEU
    Payment processingSubscription billingUS / EU
    Error trackingCrash reports and diagnosticsEU / US
    Object storageFile and document storageEU / US
    Cache and sessionsPerformance and session managementEU / US

    All service providers are bound by data processing agreements that require them to process your data only on our instructions, maintain appropriate security measures, and comply with applicable data protection laws.

    8. International Data Transfers

    Your data may be transferred to and processed in countries outside the UAE, EEA, or your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including: Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions where applicable, and contractual commitments with service providers requiring equivalent protection.

    9. Data Retention

    • Account data: Retained for the duration of your account, plus 30 days after deletion request to allow recovery.
    • Workspace data: Retained for the duration of your account. Deleted within 90 days of account closure.
    • Usage and analytics data: Aggregated and anonymised within 24 months.
    • Payment records: Retained for 7 years as required by UAE and international accounting regulations.
    • Support correspondence: Retained for 3 years after resolution.

    10. Your Rights

    Depending on your jurisdiction, you may have the following rights:

    • Access: Request a copy of the personal data we hold about you.
    • Rectification: Request correction of inaccurate or incomplete data.
    • Erasure: Request deletion of your personal data ("right to be forgotten").
    • Portability: Request your data in a structured, machine-readable format.
    • Restriction: Request that we limit processing of your data.
    • Objection: Object to processing based on legitimate interests.
    • Withdraw consent: Where processing is based on consent, withdraw it at any time.
    • Lodge a complaint: You have the right to lodge a complaint with a supervisory authority.

    To exercise any of these rights, contact us at hello@ventur-os.com. We will respond within 30 days.

    11. Data Security

    We implement appropriate technical and organisational measures to protect your data, including: encryption in transit (TLS 1.2+) and at rest, access controls and authentication, regular security assessments, employee access limited to need-to-know basis, and incident response procedures.

    12. Children's Privacy

    VenturOS is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.

    13. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. Your continued use of VenturOS after the effective date of any changes constitutes acceptance of the updated policy.

    14. Contact Us

    Venture Operating Systems - FZCO
    DTEC, Dubai Silicon Oasis
    Dubai, United Arab Emirates
    Email: hello@ventur-os.com