Effective Date: November 1, 2025

SUMMARY

Vaulti LLC (d/b/a "Vaulti AI") provides AI-powered automation solutions for business growth, including LinkedIn outreach automation, AI agent deployment, business audits and optimization, lead capture systems, revenue operations consulting, and custom automation workflows. This Privacy Policy explains what information we collect, how we use it, how we share it, and your rights regarding your personal information.

WHO WE ARE

Company: Vaulti LLC Website: https://www.vaultiai.io Address: 30 N Gould St Ste R, Sheridan, WY 82801 Contact: [email protected]

SCOPE OF THIS POLICY

This Privacy Policy applies to personal information collected through:

Our website (vaultiai.io)

Our Services and platform

Email communications

SMS/MMS messaging

Phone calls

Social media interactions

Client onboarding and consultation processes

PERSONAL INFORMATION WE COLLECT

4.1 Account and Business Information We collect information you provide when creating an account or using our Services:

Name, business name, and title

Email address and phone number

Business address and location

Subscription and billing information

Payment method details (processed by our payment processor; we do not store full credit card numbers)

Tax identification numbers (if applicable for invoicing)

4.2 Service Usage Data When you use our Services, we collect:

LinkedIn profile information and connections (with your authorization)

Contact lists, lead databases, and CRM data you upload or integrate

Email and messaging content you send through our platform

Automation workflows, scripts, and templates you create

Campaign performance data and analytics

Appointment scheduling information

Call recordings, transcripts, and notes (if applicable)

Integration data from connected platforms (CRM, email, calendar, etc.)

4.3 Communications Data We collect information from your communications with us:

Support tickets, feedback, and inquiries

Email correspondence

SMS/MMS messages you send to or receive from us

Chat conversations

Consultation notes and strategy session recordings (with consent)

Survey responses and testimonials

4.4 Technical and Usage Information We automatically collect technical data when you use our website or Services:

IP address and geographic location (city/region level)

Device type, operating system, and browser information

Pages viewed, features used, and time spent on platform

Referring URLs and navigation paths

Cookies and similar tracking technologies (see Section 11)

Log data and error reports

4.5 Third-Party Platform Data When you connect third-party platforms to our Services (LinkedIn, CRM systems, email providers, etc.), we may collect:

Profile information and settings

Contact and connection data

Engagement metrics and activity logs

API access tokens and authentication credentials

4.6 Lead and Contact Data (Processed on Your Behalf) As part of providing Services to you, we process personal information about your leads, contacts, and customers, including:

Names, email addresses, and phone numbers

Company information and job titles

Communication history and engagement data

Appointment and scheduling information

Notes, tags, and custom fields you maintain

For this data, you are the "controller" or "business" and we are your "processor" or "service provider" acting on your instructions.

HOW WE USE PERSONAL INFORMATION

5.1 To Provide and Operate the Services

Create and manage your account

Deliver automation services (LinkedIn outreach, AI agents, lead capture, etc.)

Process payments and manage subscriptions

Provide customer support and respond to inquiries

Send service-related notifications and updates

Facilitate integrations with third-party platforms

Generate reports and analytics on campaign performance

5.2 To Communicate with You

Send account-related information and important notices

Provide implementation guidance and strategic recommendations

Share performance updates and ROI tracking

Send appointment reminders and scheduling confirmations

Deliver educational content and best practices

Request feedback and conduct surveys

5.3 To Improve and Optimize Services

Analyze usage patterns and service performance

Conduct quality assurance and testing

Develop new features and functionality

Train and improve AI models and algorithms

Troubleshoot technical issues

Enhance security and prevent fraud

Create anonymized, aggregated analytics for benchmarking

5.4 To Market Our Services

Send promotional emails about our Services (with opt-out option)

Send SMS marketing messages (with opt-in consent)

Display targeted advertising

Conduct marketing campaigns and webinars

Share case studies and success stories (with your permission)

Promote special offers and new features

5.5 To Comply with Legal Obligations

Respond to legal requests and government inquiries

Enforce our Terms of Service and policies

Protect our rights, property, and safety

Prevent fraud, abuse, and security incidents

Maintain records as required by law

Comply with tax, accounting, and regulatory requirements

LEGAL BASIS FOR PROCESSING (EEA/UK/GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdiction with similar data protection laws, we process your personal information based on the following legal bases:

6.1 Performance of Contract We process your information to deliver the Services you requested and fulfill our contractual obligations under our Terms of Service.

6.2 Legitimate Interests We process your information based on our legitimate business interests, including:

Service improvement and optimization

Security and fraud prevention

Analytics and business intelligence

Marketing to existing customers

Network and information security These interests are balanced against your rights and freedoms.

6.3 Consent We process information based on your explicit consent when required, including:

SMS/MMS marketing messages (opt-in required)

Recording consultation calls or strategy sessions

Processing sensitive personal information

Certain cookies and tracking technologies You may withdraw consent at any time (see Section 13).

6.4 Legal Obligations We process information to comply with applicable laws, regulations, legal processes, and government requests.

HOW WE SHARE PERSONAL INFORMATION

7.1 Service Providers and Processors We share information with trusted third-party service providers who assist us in operating our Services:

a) Cloud Infrastructure and Hosting

Amazon Web Services (AWS)

Google Cloud Platform

Microsoft Azure

b) Communication and Messaging

Email service providers (SendGrid, Mailgun, etc.)

SMS/MMS providers (Twilio, etc.)

VoIP and telephony services

c) Platform Integrations

LinkedIn API services

CRM platforms (HubSpot, Salesforce, Go High Level, etc.)

Calendar and scheduling tools

Email marketing platforms

d) Payment Processing

Stripe

PayPal

Other payment processors

e) Analytics and Tracking

Google Analytics

Mixpanel

Hotjar

Other analytics tools

f) Customer Support

Help desk and ticketing systems

Live chat providers

Support documentation platforms

These service providers are contractually obligated to use your information only to provide services to us and to protect your information.

7.2 Third-Party Platforms You Authorize When you connect third-party platforms (LinkedIn, CRM, email, etc.) to our Services, we share information with those platforms as necessary to provide the integration functionality you requested. Your use of third-party platforms is subject to their own privacy policies and terms of service.

7.3 Business Transfers If Vaulti LLC is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have.

7.4 Legal Requirements and Protection of Rights We may disclose information when required by law or when we believe in good faith that disclosure is necessary to:

Comply with legal obligations, court orders, or government requests

Enforce our Terms of Service or other agreements

Protect the rights, property, or safety of Vaulti LLC, our users, or the public

Detect, prevent, or address fraud, security, or technical issues

Respond to claims of illegal activity or violations of third-party rights

7.5 With Your Consent or Direction We may share information with third parties when you explicitly direct us to do so or provide your consent.

7.6 Aggregated and Anonymized Data We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This may include industry benchmarks, usage statistics, and research findings.

7.7 Important Exclusion: SMS Opt-In Data We do NOT share text messaging originator opt-in data and consent with any third parties for marketing or promotional purposes. All mobile opt-in data is collected solely to provide Services and will not be shared with unaffiliated third parties.

SMS/MMS MESSAGING TERMS

8.1 Consent to Receive Messages By providing your mobile phone number to Vaulti AI or opting in to our SMS program, you expressly consent to receive text messages from us, including:

a) Service notifications and account updates b) Appointment reminders and confirmations c) Implementation guidance and strategic recommendations d) Performance updates and ROI tracking e) Marketing and promotional messages f) System alerts and important notices

Message frequency varies depending on your service package and activity level. You are not required to consent to SMS marketing as a condition of purchasing Services, though service-related SMS may be necessary for service delivery.

8.2 Message and Data Rates Standard message and data rates apply. Charges are determined by your mobile carrier and may vary. Vaulti AI is not responsible for any carrier charges you incur.

8.3 Opt-Out Rights (STOP) You may opt out of SMS messages at any time by:

Replying STOP to any message

Texting STOP to any Vaulti AI number

Emailing [email protected] with "SMS OPT-OUT" in the subject line

Updating your communication preferences in your account settings

After you text STOP, we will send one final confirmation message and you will not receive further marketing SMS from us. Note that opting out of marketing SMS may not stop transactional or service-related messages necessary for service delivery.

8.4 Help and Support (HELP) For help with SMS messages:

Reply HELP to any message for assistance

Email [email protected]

Visit https://www.vaultiai.io/sms-help

8.5 Carrier Disclaimer Mobile carriers are not liable for delayed or undelivered messages. Message delivery depends on carrier network availability and functionality, which we do not control.

8.6 Your Responsibilities as Business Client If you use our Services to send SMS/MMS to your customers, leads, or contacts, you acknowledge that you are responsible for:

a) Obtaining proper opt-in consent from recipients in compliance with:

Telephone Consumer Protection Act (TCPA)

FCC regulations

State laws

Carrier guidelines and policies

b) Maintaining documentation of opt-in consent

c) Including required elements in all messages:

Clear identification of sender

Opt-out instructions (STOP)

Help instructions (HELP)

d) Honoring opt-out requests immediately (within minutes, not hours)

e) Respecting quiet hours (generally 8 AM - 9 PM recipient local time)

f) Avoiding prohibited content including:

SHAFT content (Sex, Hate, Alcohol, Firearms, Tobacco)

Cannabis/CBD (where restricted)

Phishing, scams, or fraud

Deceptive or misleading content

High-risk financial offers

Malware or viruses

g) Completing A2P 10DLC registration for business messaging (US)

h) Following all applicable laws and carrier policies

We may suspend or terminate your messaging access if your practices risk carrier filtering, generate complaints, or violate laws or policies.

8.7 Mobile Information Protection Your mobile phone number and SMS opt-in data:

Will NOT be shared with third parties for their marketing purposes

Will NOT be sold or rented to third parties

Will be used solely to provide you with Services you requested

Will be protected in accordance with this Privacy Policy

8.8 Privacy Policy Access This Privacy Policy is accessible at https://www.vaultiai.io/privacy and is referenced in all SMS opt-in processes.

YOUR RESPONSIBILITIES AS DATA CONTROLLER

When you use our Services to contact your leads, customers, or prospects, you are the "data controller" or "business" for that data. You are responsible for:

9.1 Providing Privacy Notices Providing legally required privacy notices to your contacts explaining:

What information you collect

How you use it

Who you share it with

Their rights regarding their data

9.2 Obtaining Consents Obtaining all necessary consents for:

Sending marketing communications

Recording calls or meetings

Processing personal data

International data transfers (if applicable)

Automated decision-making

9.3 Honoring Rights Requests Honoring data subject rights requests from your contacts, including:

Access requests (providing copies of data)

Correction requests (updating inaccurate data)

Deletion requests (right to be forgotten)

Objection to processing

Data portability

9.4 Ensuring Lawful Processing Ensuring you have a lawful basis for processing personal data and complying with applicable data protection laws including GDPR, CCPA, and other regulations.

9.5 Maintaining Consent Records Maintaining documentation of opt-ins, consents, and the source of your contact data.

We act as your service provider/processor for contact data and will process it according to your instructions and our Terms of Service.

INTERNATIONAL DATA TRANSFERS

10.1 Transfer of Data Vaulti AI is based in the United States. If you access our Services from outside the United States, your information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate.

10.2 Safeguards for International Transfers When we transfer personal data from the EEA, UK, or Switzerland to the United States or other countries, we use appropriate safeguards including:

Standard Contractual Clauses approved by the European Commission

Data Processing Addendums with GDPR-compliant terms

Supplementary measures to ensure adequate protection

Other approved transfer mechanisms

10.3 Acknowledgment of Transfer By using our Services, you acknowledge and consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

DATA RETENTION

11.1 Retention Periods We retain personal information for as long as necessary to:

Provide the Services and fulfill transactions

Comply with legal, tax, and accounting obligations

Resolve disputes and enforce agreements

Protect our legal rights and prevent fraud

Fulfill legitimate business purposes

11.2 Specific Retention Periods

Account information: Duration of account plus 3 years

Billing and payment records: 7 years (tax/accounting requirements)

Communication records: 3 years

Support tickets: 3 years

Usage logs: 2 years

Marketing communications: Until opt-out plus necessary compliance period

Lead/contact data (processed for you): According to your instructions or deletion request

11.3 Deletion Requests You may request deletion of your personal information at any time (see Section 13). We will delete or anonymize your information within a reasonable timeframe unless retention is required by law or for legitimate business purposes.

11.4 Data After Account Termination After account termination or cancellation:

We retain data for 30 days to facilitate potential reactivation

After 30 days, we delete or anonymize data unless retention is required

You are responsible for exporting any data you wish to retain before canceling

SECURITY MEASURES

12.1 Security Commitment We implement reasonable technical and organizational measures to protect personal information from unauthorized access, disclosure, alteration, and destruction.

12.2 Security Measures Include

Encryption of data in transit (TLS/SSL) and at rest

Access controls and authentication requirements

Regular security assessments and penetration testing

Employee training on data protection and security

Incident response and breach notification procedures

Vendor security assessments

Network security and firewall protections

Backup and disaster recovery procedures

12.3 No Absolute Security Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. You use our Services at your own risk.

12.4 Account Security You are responsible for:

Maintaining the confidentiality of your login credentials

Using strong, unique passwords

Notifying us immediately of any unauthorized access

Implementing security measures on your devices and networks

YOUR RIGHTS AND CHOICES

13.1 Access and Correction You have the right to:

Access your personal information

Request a copy of your data in a portable format

Correct or update inaccurate information

Request account information export

To exercise these rights, contact [email protected] or use your account settings.

13.2 Deletion Rights You have the right to request deletion of your personal information, subject to:

Legal retention requirements

Pending transactions or disputes

Fraud prevention and security needs

Other legitimate business purposes

13.3 Objection and Restriction Rights You have the right to:

Object to processing based on legitimate interests

Request restriction of processing in certain circumstances

Object to automated decision-making (if applicable)

13.4 Withdraw Consent Where processing is based on consent, you may withdraw consent at any time by:

Updating account settings

Using opt-out links in emails

Replying STOP to SMS messages

Contacting [email protected]

Withdrawal does not affect the lawfulness of processing before withdrawal.

13.5 Marketing Opt-Out You may opt out of marketing communications:

Email Marketing:

Click "unsubscribe" in any marketing email

Update email preferences in account settings

Email [email protected] with "EMAIL OPT-OUT"

SMS Marketing:

Reply STOP to any marketing message

Text STOP to any Vaulti AI number

Email [email protected] with "SMS OPT-OUT"

Note: Opting out of marketing does not stop transactional or service-related communications necessary for service delivery.

13.6 Cookie Preferences You can control cookies through your browser settings (see Section 16). Note that disabling cookies may affect functionality of our website and Services.

13.7 Do Not Track Our website does not currently respond to "Do Not Track" browser signals. You can control tracking through your browser and device settings.

13.8 Right to Lodge a Complaint If you are in the EEA, UK, or another jurisdiction with a data protection authority, you have the right to lodge a complaint with your supervisory authority if you believe we have violated your privacy rights.

13.9 Exercising Your Rights To exercise any of your rights:

Email: [email protected]

Mail: Vaulti LLC, 30 N Gould St Ste R, Sheridan, WY 82801

Account Settings: https://www.vaultiai.io/account/settings

We will respond to verified requests within 30 days (45 days for complex requests). We may require verification of your identity before fulfilling requests.

13.10 Requests on Behalf of Contacts If you are an end user or contact of one of our Clients (rather than our direct Client), we may refer your request to the Client, as they are the data controller for your information. Please contact the business that collected your information directly.

CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

14.1 Categories of Personal Information Collected In the past 12 months, we have collected the following categories of personal information:

Identifiers (name, email, phone, IP address, account ID)

Commercial information (purchase history, subscription details)

Internet/network activity (browsing history, interactions with website/Services)

Geolocation data (city/region level from IP address)

Audio/visual information (call recordings, video consultations if applicable)

Professional information (job title, company, business information)

Inferences (preferences, characteristics, trends drawn from data analysis)

14.2 Sources of Personal Information We collect personal information from:

Directly from you (account creation, forms, communications)

Automatically through your use of Services (usage data, cookies)

Third-party platforms you authorize (LinkedIn, CRM systems, etc.)

Business partners and affiliates

Public sources (LinkedIn profiles, company websites)

14.3 Business or Commercial Purposes for Collection We collect and use personal information for the purposes described in Section 5, including:

Providing and operating Services

Communication and customer support

Service improvement and optimization

Marketing and advertising

Security and fraud prevention

Legal compliance

14.4 Categories of Third Parties We Share With We share personal information with:

Service providers and vendors

Third-party platforms you authorize

Professional advisors (legal, accounting)

Government authorities (as required by law)

Business transaction parties (mergers, acquisitions)

14.5 Sale or Sharing of Personal Information We do NOT "sell" personal information as defined by CCPA.

We may "share" personal information for cross-context behavioral advertising purposes. You have the right to opt out (see below).

Specifically:

We do NOT sell or share mobile opt-in data or SMS consent information

We do NOT sell contact/lead data processed on your behalf

We may share website usage data with advertising platforms for retargeting

14.6 Sensitive Personal Information We do not collect or process "sensitive personal information" as defined by CPRA except where necessary for Services and with your consent (e.g., call recordings if they contain sensitive information).

14.7 Your California Privacy Rights As a California resident, you have the right to:

a) Know/Access: Request disclosure of:

Categories of personal information collected

Categories of sources

Business purposes for collection

Categories of third parties we share with

Specific pieces of personal information collected

b) Delete: Request deletion of personal information, subject to exceptions

c) Correct: Request correction of inaccurate personal information

d) Opt-Out of Sale/Sharing: Opt out of "sale" or "sharing" for cross-context behavioral advertising

e) Limit Use of Sensitive Personal Information: Limit use of sensitive personal information (if applicable)

f) Non-Discrimination: Not be discriminated against for exercising your rights

14.8 How to Exercise California Rights To exercise your rights:

Email: [email protected] with "CALIFORNIA PRIVACY REQUEST"

Call: Submit request via website contact form

Opt-Out Link: Use "Do Not Sell or Share My Personal Information" link on our website

We will respond within 45 days (up to 90 days for complex requests). We may require verification of your identity and California residency.

14.9 Authorized Agents You may designate an authorized agent to submit requests on your behalf. The agent must provide proof of authorization.

14.10 Service Provider Role For lead/contact data processed on your behalf as a Client, we act as a "service provider" under CCPA. We do not sell or share this data for our own purposes.

EUROPEAN PRIVACY RIGHTS (GDPR/UK GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under GDPR/UK GDPR (in addition to rights described in Section 13).

15.1 Legal Bases for Processing See Section 6 for our legal bases for processing your information.

15.2 Your GDPR Rights You have the right to:

Access your personal data

Rectification of inaccurate data

Erasure ("right to be forgotten") in certain circumstances

Restriction of processing

Data portability

Object to processing

Not be subject to automated decision-making

Withdraw consent at any time

Lodge a complaint with a supervisory authority

15.3 International Data Transfers See Section 10 for information about international transfers and safeguards.

15.4 Data Protection Officer For GDPR-related inquiries, contact: Email: [email protected] Subject: GDPR/Data Protection Inquiry

15.5 Supervisory Authority You have the right to lodge a complaint with the data protection authority in your jurisdiction.

15.6 Data Processing Addendum A Data Processing Addendum (DPA) with Standard Contractual Clauses is available for Clients subject to GDPR. Request a DPA by emailing [email protected].

COOKIES AND TRACKING TECHNOLOGIES

16.1 What Are Cookies Cookies are small text files stored on your device when you visit websites. We use cookies and similar tracking technologies to improve functionality, analyze usage, and personalize your experience.

16.2 Types of Cookies We Use

a) Essential Cookies Required for website functionality:

Authentication and security

Session management

Load balancing

Form submission

These cookies cannot be disabled without affecting functionality.

b) Analytics Cookies Help us understand how you use our Services:

Google Analytics

Mixpanel

Usage statistics and performance monitoring

c) Functional Cookies Enhance functionality and personalization:

Language preferences

Display settings