1. Overview
Slateo Inc. ("we," "our," "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy applies to Vuon, a product of Slateo, Inc., and explains what information we collect, how we use it, and your rights regarding your data.
Data Controller: Slateo Inc., contactable at privacy@vuon.ai.
For contact details of the Data Controller, Data Protection Lead, and our EU/UK Representatives, please see Section 15 below.
EU Representative: Adam Brogden, EU Representative — contact@gdprlocal.com, +353 015549700, Ireland.
UK Representative: Adam Brogden, UK Representative — contact@gdprlocal.com, +44 1772217800, England.
2. Data We Collect
Directly Collected Information
We collect the following categories of information when you interact with our services:
- Contact Information: Name, email address, company name, phone number
- Account Information: Login credentials, user preferences
- Customer Data: Data you choose to upload or process in our platform
Indirectly Collected Information
We may automatically collect certain information when you use our services:
- Usage Data: IP address, browser type, device information, and activity within our platform
- Cookies and Tracking Data: Information collected through cookies and similar technologies (see Section 7 below)
Special Category Data
We do not intentionally collect special categories of personal data as defined under Article 9 of the GDPR (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data), nor do we collect data relating to criminal convictions and offences under Article 10 of the GDPR. If you believe that such data has been inadvertently provided to us, please contact us at privacy@vuon.ai so that we can take appropriate steps.
3. Purpose and Lawful Basis for Processing
We process your personal data for the following purposes, relying on the lawful bases set out in Article 6 of the GDPR:
| Purpose | Lawful Basis (Art. 6 GDPR) |
|---|---|
| Providing, maintaining, and improving our services | Performance of a contract (Art. 6(1)(b)) |
| Account creation and authentication | Performance of a contract (Art. 6(1)(b)) |
| Communicating with you regarding your account and support requests | Performance of a contract (Art. 6(1)(b)) |
| Ensuring security and preventing fraud | Legitimate interest (Art. 6(1)(f)) |
| Analytics and service improvement | Legitimate interest (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. How We Share Your Data
We may share personal data with the following categories of third parties, for the purposes and on the lawful bases described below:
- Authentication Provider (Clerk): We share email addresses and login credentials to enable authentication and account access. Lawful basis: performance of a contract (Art. 6(1)(b)).
- Cloud Infrastructure Providers (Google Cloud Platform, Amazon Web Services): Customer data may be processed ephemerally through our cloud infrastructure. Personal data is not stored at rest in our systems — it is cached in the customer's own environment. Lawful basis: performance of a contract (Art. 6(1)(b)).
- AI Model Providers (Google Vertex AI, AWS Bedrock): Where AI features are used, data may be processed through third-party model providers. Our agreements with these providers prohibit the use of any data for model training. See Section 12 for further details. Lawful basis: performance of a contract (Art. 6(1)(b)).
- Analytics (PostHog): We share usage data such as IP addresses, browser type, and in-platform activity for analytics and service improvement. Lawful basis: legitimate interest (Art. 6(1)(f)).
- Legal and Regulatory Authorities: We may disclose personal data where required by law or in response to valid legal process. Lawful basis: legal obligation (Art. 6(1)(c)).
Where personal data is transferred outside the EU/UK, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and adequacy decisions where applicable. See Section 13 for further details.
5. How We Store and Process Your Data
Our infrastructure is hosted in the United States through Google Cloud Platform and Amazon Web Services. Personal data is collected, stored, and processed securely using appropriate technical and organizational measures.
Customer personal data is not stored at rest in Slateo's own systems. Where customer data contains personal data, it is cached within the customer's own environment. Any processing through our cloud infrastructure is ephemeral and data does not persist beyond the duration of the processing operation.
6. Data Retention
We retain personal data only as long as necessary to fulfill the purposes described in this policy or as required by law. When personal data is no longer needed, it is securely deleted or anonymized.
7. Cookies and Tracking Technologies
We use cookies and similar technologies on our website. Cookies are small text files placed on your device that help us provide and improve our services. We use the following categories of cookies:
- Essential Cookies: Required for basic website functionality, authentication (via Clerk), and security. These cookies cannot be disabled.
- Functional Cookies: Provide enhanced features, personalization, and user preferences.
- Analytics Cookies: Help us understand how visitors interact with our website to improve user experience. We use PostHog and Mux for analytics.
Through these cookies, we may collect data including your IP address, browser type, device information, pages visited, and interactions within our platform.
You can manage your cookie preferences at any time through our dialog, where you can accept, reject, or customize which categories of cookies are active.
8. Security of Data
We implement administrative, technical, and physical safeguards designed to protect your data against unauthorized access, alteration, or destruction. These measures include encryption of data in transit, access controls, regular security assessments, and organizational policies governing the handling of personal data.
Data processed by AI systems is not used for model training. Where AI features process data, it may be anonymized or limited to metadata to prevent identification of individuals.
9. EU/EEA and UK Data Subject Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights in relation to your personal data:
- Right of access — to obtain a copy of the personal data we hold about you.
- Right to rectification — to correct inaccuracies in your personal data.
- Right to erasure — to request deletion of your personal data.
- Right to restriction of processing — to request that we limit the processing of your personal data.
- Right to object to processing — to object to our processing of your personal data.
- Right to data portability — to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to object to automated decision-making, including profiling — you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you, in accordance with Article 22 of the GDPR.
To exercise any of these rights, please contact us at privacy@vuon.ai. We will respond to your request within 30 days.
10. How to Request Data Deletion
If you wish to request deletion of your personal data, please submit a formal Data Deletion Request by emailing privacy@vuon.ai with the subject line "Data Deletion Request." We will acknowledge your request within 5 business days and delete your data within 30 days of receipt, unless retention is required by law.
11. Children's Information
Our services are not directed at children below the age of 16 and we do not knowingly collect, use, or process personal data from children below the age of 16. If we become aware that we have inadvertently collected personal data from a child without appropriate consent, we will take steps to delete such data as soon as possible. If you are a parent or guardian and believe that your child has provided us with their personal information without your consent, please contact us at privacy@vuon.ai, so that we can take appropriate action.
12. Artificial Intelligence
Vuon provides AI-powered features as part of its platform. Where these features are used, data may be processed through third-party AI model providers, including Google Vertex AI and AWS Bedrock. Our agreements with these providers prohibit the use of any customer data for model training purposes.
Slateo does not use personal data to train its own AI models. Vuon provides configurable privacy controls within the platform that allow each customer to determine the extent to which their data is processed by AI features. Customers may choose to limit AI processing to metadata only, which does not include personal data.
Where AI systems process data, it may be anonymized or aggregated to prevent the identification of individuals.
13. International Data Transfers
As our infrastructure is hosted in the United States, personal data may be transferred to and processed in a country outside the European Economic Area (EEA) and the United Kingdom. Where such transfers take place, we ensure that appropriate safeguards are in place in accordance with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Addendum, and reliance on adequacy decisions where applicable.
14. Legitimate Interest
Where we rely on legitimate interest as a lawful basis for processing personal data (as set out in Section 3 above), we do so for the following purposes:
- Ensuring the security of our platform and preventing fraud
- Analysing usage patterns to improve and develop our services
Before relying on legitimate interest, we conduct a Legitimate Interest Assessment (LIA) to ensure that our interests are not overridden by the rights and freedoms of data subjects. You may object to processing based on legitimate interest by contacting us at privacy@vuon.ai.
15. Contact Us and Complaints
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:
- Data Controller: Slateo Inc. — privacy@vuon.ai
- Data Protection Lead: Will Bunting — privacy@vuon.ai
- EU Representative: Adam Brogden — contact@gdprlocal.com, +353 015549700, Ireland
- UK Representative: Adam Brogden — contact@gdprlocal.com, +44 1772217800, England
If you remain dissatisfied with how we process your personal data, you have the right to lodge a complaint with your local data protection supervisory authority:
- UK data subjects: Information Commissioner's Office (ICO) — https://ico.org.uk/make-a-complaint/
- EU data subjects: Find your local authority — EDPB Members List
16. Changes to This Policy
We keep our privacy notice under regular review to make sure it is up to date and accurate. If we make material changes to this Privacy Policy, we will notify you by updating the effective date at the top of this page and, where appropriate, by providing additional notice through our platform or via email.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
© 2026 Slateo, Inc. All rights reserved.