Privacy Policy

1. OVERVIEW OF POLICY

This Privacy Policy (this "Policy") is provided by Veza Digital, LLC dba Veza Agency Network (also "we" or "us" or "our") regarding our activities on users' (also "user" or "you" or "your") data processing.

Data processing involves the collection, use, disclosure, and security of users' data. We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and Quebec's Law 25 (Law 64), where applicable. For GDPR purposes, Veza Digital, LLC is your data controller.

By submitting personal data during your use of our Services or website, you agree to the processing practices described in this Policy. If you do not agree with how we process your data, you may not use our Services or access our website.

2. DATA COLLECTION

When you engage with our Services or website, we may collect the following categories of personal data:

• Personal data such as name, email address, phone number, and other contact information;
• Tracking data such as your Internet Protocol (IP) address, browser type, device information, and location information;
• History of previous transactions and service engagements;
• Statistical and analytics information;
• Cookie data collected automatically through your browser;
• Data you provide when you contact us, submit a form, or engage in a client onboarding process; and
• Call and meeting recordings or transcripts generated through AI notetaking tools used during client communications (see Section 9).

3. HOW WE USE COLLECTED DATA

We use the data we collect for the following purposes:

• Contact data such as name, email address, and phone number are used to communicate with you regarding our Services, project updates, and administrative matters;
• Non-personal information such as IP address, browser type, location, and device type are collected automatically to operate and improve our website and to enforce our Terms of Service;
• Cookie information helps us track site activity and improve your experience on our website;
• Statistical data helps us understand how our website and Services are used and where improvements can be made; and
• Call and meeting transcription data is used for internal project documentation, quality assurance, and service delivery purposes.

4. DISCLOSURE OF DATA

We do not sell your personal data or share it with third parties for their independent marketing purposes. We may disclose your information in the following circumstances:

a. Third-Party Service Providers: We engage third-party vendors and platforms to assist in delivering our Services. These providers are contractually obligated to use your data only as directed by us and in accordance with applicable law. Categories of third-party service providers include payment processors, cloud hosting providers, project management and collaboration platforms, and artificial intelligence tools and platforms used in service delivery (see Section 9).

b. Regulatory and Legal Obligations: We may disclose your data to government agencies, regulatory bodies, or law enforcement where we are legally required to do so, including in connection with suspected fraudulent or unlawful activity.

c. Business Transfers: In the event of a merger, acquisition, consolidation, or sale of all or substantially all of our assets, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.

5. COOKIES AND OTHER TRACKING TECHNOLOGIES

Cookies are small data files placed on your device to track and store information about your browsing activity. We use the following types of cookies:

• Session cookies, which allow us to recognize returning users during a browsing session;
• Essential cookies, which enable core website functionality and access to all site features; and
• Performance cookies, which allow us to monitor usage statistics and improve our website.

You may disable cookies through your browser settings, though doing so may limit access to certain features. We also use Google Analytics to track and analyze website usage. You may opt out of Google Analytics by installing the Google Analytics opt-out browser add-on.

6. MARKETING

We may send you marketing emails, including promotions, updates, and service information, to the email address you have provided. You may opt out of marketing communications at any time by using the unsubscribe link in any marketing email or by contacting us at ops@vezanetwork.com.

7. DATA SECURITY

We employ physical and technical measures to protect your data from unauthorized access, disclosure, or loss. Access to personal data is restricted to personnel and contractors with a legitimate need to process it. However, no security measures are absolute. We cannot guarantee that your data will be fully protected against all threats, and we are not liable for data lost to unauthorized access or cyberattack. You are responsible for maintaining the confidentiality of any login credentials associated with your account or our platforms.

8. DATA RETENTION

We retain personal data for as long as it is necessary to fulfill the purposes for which it was collected, including to provide Services, comply with legal obligations, resolve disputes, and enforce our agreements. Following the termination of a client engagement, we will retain necessary data for a period of seven (7) years to satisfy regulatory and contractual requirements, after which personal data will be deleted or anonymized.

Call and meeting recordings or transcripts generated through AI notetaking tools are retained for internal documentation purposes and are subject to the same retention schedule unless a shorter period is agreed upon in the applicable Statement of Work.

9. USE OF ARTIFICIAL INTELLIGENCE TOOLS

Veza Digital, LLC uses artificial intelligence tools and platforms in connection with the delivery of our Services and the operation of our business. This section describes how AI tools may interact with personal data and client information.

9.1. AI Tools in Service Delivery. We and our contractors may use AI-assisted tools, including generative AI platforms, AI-powered design and development tools, AI writing and research tools, and AI notetaking and transcription platforms. These tools are provided by third-party vendors and are subject to their own terms of service and privacy policies.

9.2. AI Notetaking on Client Calls. We use AI-powered transcription and notetaking tools, including Google Gemini and similar platforms, to capture notes during client calls and meetings. These tools may process audio and generate text transcriptions. By participating in calls or meetings conducted in connection with our Services, participants consent to the use of such tools for documentation purposes. Transcripts are used internally and are not shared with third parties except as described in Section 4.

9.3. Client Data Input Restrictions. We use reasonable measures to avoid inputting personal data or client confidential information into third-party AI platforms in ways that are inconsistent with this Policy. However, because AI tools are operated by third-party providers, we cannot guarantee how those platforms process data submitted to them. We encourage clients to review the privacy policies of applicable AI platforms upon request.

9.4. AI-Generated Content. AI tools may be used to assist in the creation of content, designs, code, or other deliverables provided to clients. The use of AI in this capacity does not alter our data processing obligations as described in this Policy.

10. USER RIGHTS

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• The right to access a copy of the personal data we hold about you;
• The right to correct or update inaccurate personal data;
• The right to request deletion of your personal data, subject to applicable legal retention requirements;
• The right to restrict or object to certain processing of your data;
• The right to data portability where technically feasible;
• The right to withdraw consent to processing where processing is based on consent; and
• The right to lodge a complaint with a supervisory authority in your jurisdiction.

To exercise any of these rights, please contact us at ops@vezanetwork.com. We will respond to requests within the timeframe required by applicable law (generally 30 days).

11. LEGAL BASIS FOR DATA PROCESSING

We process personal data on the following legal bases:

• Consent: where you have provided explicit consent to the processing;
• Contract performance: where processing is necessary to deliver the Services you have engaged us to provide;
• Legal obligation: where we are required by law to process your data; and
• Legitimate interests: where processing is necessary for our legitimate business interests and does not override your rights and freedoms.

12. MINORS

Our Services are intended for individuals who are at least 18 years of age. We do not knowingly collect or process personal data from individuals under 18. If we become aware that we have collected data from a minor, we will delete such data promptly. If you believe we have inadvertently collected data from a minor, please contact us at ops@vezanetwork.com.

13. THIRD PARTY LINKS

Our website may contain links to third-party websites or services. We do not control the content or privacy practices of those third parties and are not responsible for any data you submit to or that is collected by third-party sites accessed through links on our website. We encourage you to review the privacy policies of any third-party sites you visit.

14. GOVERNING LAW

This Policy is governed by the laws applicable to the jurisdiction of the relevant client engagement, consistent with the governing law provisions of the applicable Master Services Agreement or Terms of Service. For users in the European Union, this Policy is subject to the GDPR. For users in Canada, this Policy is subject to PIPEDA and, where applicable, Quebec's Law 25.

15. PAYMENTS

We use Stripe for payment processing. Stripe collects identifying information about the devices that connect to its services and uses this information to operate and improve its services, including for fraud detection. Your payment data is processed by Stripe directly and is not stored by Veza Digital, LLC. You can review Stripe's privacy practices at stripe.com/privacy.

16. UPDATES TO THIS POLICY

We may update this Policy from time to time to reflect changes in our practices, legal requirements, or the tools and platforms we use. Updates will be posted on this page with a revised effective date. We encourage you to review this Policy periodically. Continued use of our Services following an update constitutes acceptance of the revised Policy.