Updated: October 28, 2025

Privacy Policy

We at VastSilicon Inc. (together with our affiliates, “VastSilicon,” “we,” “our” or “us”) respect your privacy. This Privacy Policy describes our practices regarding Personal Data we collect from or about you when you use our products, services, applications, and websites (collectively, “Services”). This policy applies to all current and future products and services provided by us, our affiliates, subsidiaries, and successors. Your use of our Services is also governed by our Terms of Service.

Personal Data we collect

We collect Personal Data in accordance with the permissions and authorizations you provide when using the Services:

  • Account and device information:We process data required for the Services to operate as designed, including data related to your account, device environment, and Services interactions. The specific data processed depends on how you configure and use the Services.
  • Data from system permissions you grant:The Services operate through integrations with your system environment. Data may be processed as a result of these integrations in accordance with the permissions you grant and the features you enable.
  • Backup and sync data:The Services may process and maintain backups of configuration data, preferences, and locally stored data related to your use of the Services and integrated applications.
  • Usage analytics:We collect and analyze usage data to improve our Services, develop new capabilities, and conduct research. This may include analyzing how you use features, identifying patterns, and testing improvements. We may create de-identified and aggregated data which may be used for any purpose including research, product development, and service improvement. Such de-identified data is not subject to individual privacy rights and may be retained for any purpose.
  • Automatic technical information:When you use the Services, certain data is automatically collected to enable Services features and improve performance. The scope of this data depends on how you configure and use the Services.
  • Other Personal Data we may collect:The Services may process Personal Data beyond what is explicitly described in this policy as necessary for technical operations, business purposes, and in accordance with applicable law. This includes data from your computing environment and third-party applications for compatibility and functionality. The categories above are illustrative and not exhaustive.

How we use Personal Data

We use Personal Data for the following purposes:

  • To provide our Services:We use your Personal Data to provide, maintain, and improve the Services, including delivering requested features and functionality, processing authentication and managing user accounts, storing your preferences and settings, ensuring compatibility with integrated applications, synchronizing your data across devices and sessions, and creating backups to prevent data loss and enable recovery. We also use your Personal Data to send service-related notifications and updates, respond to your inquiries and provide customer support services when needed.
  • To improve and develop new services:We use your Personal Data to develop new features and services, conduct research and data analysis, and analyze usage patterns and user behavior to understand how you use our Services. We may create aggregated, anonymized, or de-identified data from the Personal Data we collect, which we may use for any purpose. Such aggregated data is not subject to this Privacy Policy.
  • For safety and security:We use your Personal Data to comply with legal obligations and government requests, respond to security incidents and unauthorized activity, enforce our Terms of Service and policies, and implement security measures to protect the Services and our users.
  • For business operations:We use your Personal Data for internal business operations and record-keeping, development and improvement of current and future products and services, enabling cross-product functionality and integration, and in connection with business transactions such as mergers, acquisitions, or asset sales. We may also conduct surveys and collect feedback, send marketing communications (subject to your opt-out rights), and use your Personal Data for any other purpose with your consent or as permitted by law.

Disclosure of Personal Data

We may share your Personal Data in the following circumstances:

  • Service Providers and Partners:We work with third-party service providers for cloud infrastructure and hosting, authentication, payment processing, analytics, error reporting, AI services for content processing, and other operational purposes who may access or process your Personal Data to provide services on our behalf. Our service providers may change from time to time.
  • Legal Requirements and Disclosures:We may disclose Personal Data when required by law, legal process, government request, or when we believe, in our sole discretion, that disclosure is necessary or appropriate to protect our rights, property, or safety, or that of others, or to enforce our Terms of Service and policies.
  • Business Transfers:In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your Personal Data may be transferred to the acquiring entity or successor without your consent.
  • With Your Consent:We may share Personal Data for any other purpose with your consent or at your direction.
  • Third-Party Services Disclaimer:We are not responsible for the privacy practices of third-party services. Your use of third-party services is at your own risk.

Retention

We retain Personal Data for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods vary by data type and purpose:

  • Active Account Data:Personal Data necessary for Services operations is retained as long as your account is active and for a reasonable period thereafter.
  • Business Purposes:We may retain Personal Data for as long as necessary for business purposes including: legal compliance and dispute resolution; security, fraud prevention, and safety enforcement; service improvement and analytics; business operations and record-keeping; audit and regulatory requirements; and other lawful purposes. The specific retention period depends on the nature of the data and the purpose for which it is processed.
  • Technical and Usage Data:Usage data, logs, diagnostic data, and metadata may be retained indefinitely for service improvement, security, analytics, and business purposes.
  • Aggregated and De-identified Data:Aggregated, anonymized, or de-identified data may be retained indefinitely and used for any purpose. This data is not subject to this Privacy Policy and is not affected by deletion requests.
  • Backup and Archival Systems:Personal Data may persist in backup and archival systems for extended periods after deletion from active systems. We are not required to delete Personal Data from backup systems on an accelerated timeline.
  • Deletion Requests:When you request deletion, we will delete your Personal Data unless we have a legal obligation to retain it, need it to complete a transaction you requested, or need it for security, fraud prevention, or to exercise our legal rights. Deletion from backup systems may take additional time to complete. Deletion requests apply only to identifiable Personal Data and do not apply to de-identified, aggregated, or anonymized data.

Security

  • Security Measures:We implement commercially reasonable security measures to protect Personal Data. However, no security system is impenetrable. We cannot and do not guarantee the security of your Personal Data.
  • Your Responsibility:You are responsible for maintaining the confidentiality of your account credentials and for all activities under your account.
  • Breach Notification:We are not liable for any unauthorized access, disclosure, or loss of Personal Data. Notification obligations, if any, are governed by applicable law.
  • No Absolute Security:Data transmission over the internet is inherently insecure. You acknowledge and accept all risks associated with electronic data transmission.

Your rights

  • General Rights:Depending on your jurisdiction, you may have certain rights regarding your Personal Data, such as access, correction, deletion, or portability. To exercise these rights, contact us at legal@vastsilicon.com. We aim to respond to requests as required by applicable law within applicable timeframes.
  • European Users - GDPR Rights:Users in the European Economic Area have rights under the General Data Protection Regulation, including access, rectification, erasure, data portability, restriction, and objection. Our legal basis for processing includes contract performance (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)). To exercise your rights, contact us at legal@vastsilicon.com. We aim to respond within 30 days. We may charge a reasonable fee or refuse requests that are manifestly unfounded or excessive.
  • International Data Transfers:Personal Data may be transferred to, stored, and processed in countries where we, our affiliates, or service providers operate. Our service providers implement appropriate safeguards as required by applicable law.
  • Verification Requirements:We may require verification of your identity before processing requests regarding your Personal Data. Verification may include providing account credentials, government-issued identification, or other data sufficient to confirm your identity. We may deny requests if we cannot verify your identity.
  • Limitations on Rights:We may limit or deny requests that: are manifestly unfounded or excessive; require disproportionate technical effort; jeopardize the privacy of others; are technically impractical; or conflict with legal requirements. Certain data may be exempt from access or deletion, including data necessary for legal compliance, security, fraud prevention, or debugging. We reserve the right to charge a reasonable fee for repetitive requests beyond those required to be free by law.
  • Response Timeframes:We aim to respond to rights requests within legally required timeframes. For CCPA requests: 45 days (extendable to 90 days). For GDPR requests: 30 days (extendable to 90 days). Delays may occur for verification, complex requests, or legal requirements.

Additional U.S. state disclosures

  • California Residents - CCPA Rights:California residents may have rights under the California Consumer Privacy Act, including the right to know what Personal Data we collect, request deletion, and opt-out of sale (we do not sell Personal Data). To exercise these rights, contact legal@vastsilicon.com. We aim to respond within 45 days. The first two requests per year are free; additional requests may incur a reasonable fee if repetitive or excessive.

Changes to the privacy policy

We may modify, amend, or update this Privacy Policy at any time, for any reason, without prior notice. Changes become effective immediately upon posting. Your continued use of the Services after any changes constitutes your acceptance of the new Privacy Policy. It is your sole responsibility to review this policy periodically. If you do not agree to any changes, you must immediately stop using the Services.

How to contact us

For questions, concerns, or requests regarding this Privacy Policy or your Personal Data, contact us at: legal@vastsilicon.com. We may respond to inquiries as required by applicable law.