Privacy Policy

Last Updated: February 19, 2026

This Privacy Policy explains how Vantirs ("Vantirs," "we," "our," or "us") collects, uses, and protects information in connection with the Vantirs CE 3.0 compliance engine and related services (the "Service").

If you do not agree with this Privacy Policy, you must not use the Service.

1. Legal Status

Vantirs is currently operated as a pre-incorporation venture by its founder. Formal incorporation is in progress. Upon incorporation, this Privacy Policy will be updated to reflect the registered legal entity.

For any legal or privacy-related inquiries, please contact: anixagency7@gmail.com

2. Scope

This Policy applies to:

Merchants using Vantirs
Website visitors
Authorized account users

This Policy does not apply to Stripe or other third-party platforms.

3. Data We Process

A. Account Information (Controller Role)

We collect:

Name
Email address
Company name
Billing information

Purpose: Account creation, authentication, billing.

Legal basis (GDPR): Contract performance.

B. Stripe Integration Data (Processor Role)

To provide our Service, merchants provide a restricted Stripe API key.

We may process:

Dispute identifiers
Charge identifiers
Transaction amounts and timestamps
Dispute status
Limited metadata (billing country, IP address, customer ID)
Evidence files submitted to Stripe

We do NOT:

Store full card numbers
Store CVC codes
Process sensitive authentication data
Store raw Stripe webhook payloads

Stripe remains the payment processor and PCI DSS entity.

Legal basis: Processing under merchant instruction (Data Processor role).

C. Technical and Usage Data

IP address
Device type and browser
API request logs
Error logs
Authentication events

Purpose: Security, fraud prevention, system stability.

Legal basis: Legitimate interest.

4. How We Use Data

We use information to:

Generate CE 3.0 compliant evidence
Match historical transactions
Submit dispute evidence to Stripe
Secure the Service
Improve reliability and performance
Comply with legal obligations

We do not sell personal data.

We do not use merchant data for advertising.

5. Data Processing Roles

For account data: Vantirs acts as a Data Controller.

For Stripe dispute and transaction data: Vantirs acts as a Data Processor on behalf of merchants.

A Data Processing Agreement (DPA) is available upon request.

6. Security Measures

We implement:

TLS encryption in transit
AES-256 encryption at rest
Restricted API key scopes
Role-based access controls
Database row-level isolation
Continuous security monitoring

API keys are encrypted at rest and never logged in plaintext.

No system is completely secure, but we implement commercially reasonable safeguards.

7. Subprocessors

We may use infrastructure providers, including:

Hosting provider
Database provider
Payment processor (Stripe)
Email infrastructure provider

All subprocessors are bound by contractual confidentiality and security obligations.

8. Data Retention

We retain data only as necessary to:

Provide the Service
Comply with tax and legal requirements
Resolve disputes

Typical retention:

Account data: Duration of account + up to 7 years (where legally required)
Dispute data: As instructed by merchant
Logs: Up to 12 months

Upon account deletion, personal data is deleted or anonymized within 30 days, unless legally required otherwise.

9. International Transfers

Data may be processed outside your jurisdiction.

For EU/UK users, appropriate safeguards such as Standard Contractual Clauses are used where required.

10. Your Rights

EEA / UK users may:

Access their data
Request correction
Request deletion
Request portability
Restrict or object to processing

California residents may:

Request disclosure of categories of data collected
Request deletion
Confirm data is not sold

Requests: anixagency7@gmail.com

11. Children's Privacy

The Service is not intended for individuals under 18.

12. Changes

We may update this Policy periodically. Continued use of the Service constitutes acceptance of changes.