Privacy Policy

1. Data Controller

The data controller responsible for your personal data is MTE Software Limited, a company registered in England and Wales (Company Number 16983418), with its registered office at 71-75 Shelton Street, London WC2H 9JQ, United Kingdom. We are registered with the Information Commissioner's Office (ICO) under registration number ZC093445.

For any data protection enquiries, please contact us at hello@getvortalis.com.

2. Data We Collect

We may collect and process the following categories of personal data:

• Account information: name, email address, company name, job title, and password (hashed).
• Usage data: API call logs, feature usage, session duration, pages visited, and actions performed within the platform.
• Technical data: IP address, browser type, device information, operating system, and referring URLs.
• Billing data: payment method details (processed by our payment provider), invoicing information, and transaction history.
• Communication data: any correspondence you send to us, including support requests and feedback.
• Agent and service configuration data: policy definitions, service connection metadata, and agent registration details you configure within the platform.

3. How We Use Your Data

We use your personal data for the following purposes:

• To provide, maintain, and improve the Vortalis platform and its features.
• To create and manage your account and authenticate your access.
• To process billing and payments for your subscription.
• To monitor platform performance, detect anomalies, and ensure security.
• To provide customer support and respond to your enquiries.
• To send service-related communications, including security alerts and product updates.
• To comply with legal obligations, including regulatory and audit requirements.
• To analyse usage patterns and improve the user experience.

4. Legal Basis for Processing

We process your personal data on the following legal bases under the UK GDPR:

• Contract performance: processing necessary to fulfil our contractual obligations to you, including providing the Vortalis platform and managing your account.
• Legitimate interests: processing necessary for our legitimate business interests, such as improving our services, ensuring platform security, and preventing fraud, where these interests are not overridden by your rights.
• Legal obligation: processing necessary to comply with applicable laws and regulations.
• Consent: where you have given explicit consent, for example for marketing communications. You may withdraw consent at any time.

5. Data Storage & Security

We take the security of your data seriously. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher. Access to personal data is restricted to authorised personnel on a need-to-know basis.

Our infrastructure is hosted on secure cloud platforms with SOC 2 Type II certified data centres. We implement regular security assessments, vulnerability scanning, and penetration testing to maintain the integrity of our systems.

The Vortalis platform itself is designed around a zero-trust architecture where sensitive data processed by AI agents is tokenised, ensuring that the underlying content is never exposed to external systems.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements.

• Account data: retained for the duration of your account and for up to 12 months after account closure.
• Audit logs: retained for a minimum of 7 years to meet regulatory compliance requirements.
• Billing records: retained for 6 years in accordance with UK tax legislation.
• Usage analytics: aggregated and anonymised data may be retained indefinitely for product improvement.

7. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

• Right of access: you may request a copy of the personal data we hold about you.
• Right to rectification: you may request correction of inaccurate or incomplete personal data.
• Right to erasure: you may request deletion of your personal data where there is no compelling reason for its continued processing.
• Right to data portability: you may request a machine-readable copy of the personal data you have provided to us.
• Right to object: you may object to processing based on legitimate interests or for direct marketing purposes.
• Right to restrict processing: you may request that we limit the processing of your personal data in certain circumstances.
• Rights related to automated decision-making: you have the right not to be subject to decisions based solely on automated processing that significantly affect you.

To exercise any of these rights, please contact us at hello@getvortalis.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use cookies and similar technologies to maintain your session, remember your preferences, and understand how you use our platform. The cookies we use fall into the following categories:

• Strictly necessary cookies: required for the platform to function, including authentication and security cookies.
• Functional cookies: used to remember your preferences and settings.
• Analytics cookies: used to understand usage patterns and improve the platform. These are anonymised where possible.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the platform.

9. Third-Party Services

We may share your data with trusted third-party service providers who assist us in operating the platform. These providers are contractually bound to process your data only on our instructions and in accordance with this policy. They include:

• Cloud infrastructure and hosting providers.
• Payment processing services (e.g., Stripe).
• Email delivery services for transactional communications.
• Analytics providers for platform usage insights.
• Customer support tools.

We do not sell your personal data to third parties. We may disclose personal data if required to do so by law or in response to valid legal process.

10. International Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place, including:

• Transfers to countries with an adequacy decision from the UK Secretary of State.
• Standard Contractual Clauses (SCCs) approved by the ICO.
• Binding Corporate Rules where applicable.

You may request further information about the safeguards we use by contacting us.

11. Children

Vortalis is a business-to-business platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected data from a person under 18, please contact us immediately and we will take steps to delete such data.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the date at the top of this page and, where appropriate, by sending you an email notification.

We encourage you to review this policy periodically to stay informed about how we protect your data.

13. Contact

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your data protection rights, please contact us: