UNCLASSIFIED // FOR OFFICIAL USE ONLY

Privacy Policy

Document ID: VSI-PRIV-2025-001
Version: 3.2
Last Updated: January 1, 2025
Jurisdiction: United States · International
This Privacy Policy governs the collection, use, processing, and protection of personal information by VSI Technologies and its subsidiaries. It applies to all VSI products, services, websites, government engagements, and client deployments. VSI is committed to data minimization, purpose limitation, and the highest standards of privacy protection across all jurisdictions in which it operates.
// Table of Contents //
01Scope & Applicability02Information We Collect03How We Use Information04Disclosure & Sharing05Government & Classified Engagements06International Data Transfers07Data Retention08Your Rights & Choices09Security of Personal Information10Children's Privacy11Changes to This Policy12Contact Information
01
Scope & Applicability

This Privacy Policy applies to VSI Technologies, Inc. and all affiliated entities ("VSI," "we," "us," or "our"). It covers all information collected through: our websites (vsitechnologies.ai and subdomains), our AI software platforms and deployed systems, government and enterprise engagement processes, client onboarding and support interactions, and marketing and sales communications.

Government Engagements: For federal, state, and classified government programs, additional data handling obligations are governed by applicable government contracts, Memoranda of Understanding (MOU), Business Associate Agreements (BAA), or Data Processing Agreements (DPA), which supersede this policy where more restrictive requirements apply.

Important
VSI does not sell personal information to third parties. VSI does not use client operational data to train AI models without explicit written authorization. All data processing is governed by the principle of minimum necessary access.
02
Information We Collect

Information You Provide:

  • Contact information (name, email, title, organization, phone number)
  • Account registration and authentication credentials
  • Intake form responses and AI readiness assessment data
  • Contract, procurement, and engagement documentation
  • Communications via email, phone, secure messaging platforms
  • Payment and billing information (processed via PCI-DSS compliant processors)

Information Collected Automatically:

  • IP address, browser type, device identifiers, and operating system
  • Website usage data, page views, session duration, and navigation patterns
  • Cookies and similar tracking technologies (see Cookie Policy section)
  • Log files generated by VSI platform access and system interactions

Information from Government Systems: For government deployments, VSI AI systems may process data residing in agency systems. This data is processed under the terms of the applicable government contract and is not retained, used, or shared by VSI outside of explicit contractual authorization.

03
How We Use Information

VSI uses collected information strictly for the following purposes:

  • Delivering and operating contracted AI services and platforms
  • Processing government and commercial client engagements
  • Communicating regarding service delivery, support, and account management
  • Complying with legal obligations, government contract requirements, and regulatory mandates
  • Security monitoring, fraud prevention, and system integrity maintenance
  • Improving VSI systems using aggregated, de-identified analytics (never client operational data)
  • Sending authorized communications regarding service updates or material policy changes
Data Minimization Principle
VSI collects only the minimum personal information necessary for the stated purpose. Operational client data processed by VSI AI systems is never used for model training, product improvement, or any purpose beyond contracted service delivery without explicit written consent.
04
Disclosure & Sharing

VSI does not sell, rent, or trade personal information. Limited disclosure occurs only in the following circumstances:

Service Providers
VSI engages vetted sub-processors (cloud infrastructure, security monitoring, payment processing) under strict data processing agreements that prohibit independent use of client data.
Government & Legal Requirements
VSI may disclose information when required by law, court order, or government authority. For classified government engagements, disclosure obligations are governed by applicable security classifications and program requirements.
Business Transfers
In the event of a merger, acquisition, or asset transfer, personal information may be transferred to the acquiring entity, subject to equivalent privacy protections. Affected parties will be notified.
National Security
VSI may be required to disclose information under national security authorities. To the extent permitted by law, VSI will seek to notify affected parties of such requirements.
05
Government & Classified Engagements

VSI operates under enhanced data protection protocols for all government engagements:

  • All government engagement data is segregated from commercial client environments
  • Personnel accessing government program data are subject to applicable clearance and need-to-know requirements
  • Data processed under classified programs is handled exclusively within approved secure facilities and architectures
  • No government operational data is retained beyond contract performance requirements without explicit authorization
  • All government data handling is logged with tamper-evident audit trails accessible to agency Contracting Officer Representatives (COR)
  • Privacy Impact Assessments (PIA) are conducted for all federal agency deployments as required by the E-Government Act of 2002
  • System of Records Notices (SORN) are coordinated with agency Privacy Officers where VSI systems maintain Privacy Act-covered records
06
International Data Transfers

VSI maintains data residency controls for all international engagements. For clients with data sovereignty requirements:

  • US federal government data remains within CONUS and FedRAMP authorized environments
  • International government data is processed within the client nation's approved infrastructure upon request
  • Cross-border transfers comply with applicable frameworks: EU-US Data Privacy Framework, UK adequacy decisions, and bilateral data sharing agreements
  • GDPR Article 46 Standard Contractual Clauses (SCCs) are available for EU/EEA data transfers
  • Transfer Impact Assessments (TIA) conducted for high-risk international transfers
07
Data Retention

VSI retains personal information only as long as necessary for the purposes described in this policy or as required by applicable law or contract.

Client Operational Data
Deleted or returned within 30 days of contract termination unless retention is required by government contract, regulation, or legal hold.
Account & Contact Data
Retained for the duration of the business relationship plus 3 years for legal and audit purposes.
Government Program Data
Subject to applicable federal records retention schedules (44 U.S.C. § 3301 et seq.) and agency-specific requirements.
Security Logs
Retained for a minimum of 1 year for security monitoring purposes, or longer if required by FedRAMP, FISMA, or contractual requirements.
08
Your Rights & Choices

Subject to applicable law and government contract restrictions, individuals have the following rights regarding their personal information:

  • Access: Request a copy of personal information VSI holds about you
  • Correction: Request correction of inaccurate or incomplete personal information
  • Deletion: Request deletion of personal information, subject to legal retention requirements
  • Restriction: Request restriction of processing in certain circumstances
  • Portability: Receive your personal information in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdrawal of Consent: Withdraw consent where processing is consent-based

To exercise these rights, contact privacy@vsitechnologies.ai. Government employees and contractors should direct requests through their agency Privacy Officer. VSI will respond within 30 days.

09
Security of Personal Information

VSI implements administrative, technical, and physical safeguards aligned to NIST 800-53, FedRAMP, and ISO 27001 standards. Specific controls include AES-256 encryption at rest, TLS 1.3 for all data in transit, role-based access controls with least-privilege enforcement, multi-factor authentication for all personnel, continuous security monitoring, and annual independent security assessments. See our full Security Policy for complete technical controls documentation.

10
Children's Privacy

VSI services are not directed to individuals under the age of 18. VSI does not knowingly collect personal information from minors. If VSI becomes aware that personal information has been collected from a minor without parental consent, it will be deleted promptly. Government agency deployments serving populations that may include minors are subject to additional COPPA, FERPA, or equivalent state-law requirements as specified in the applicable government contract.

11
Changes to This Policy

VSI will notify affected parties of material changes to this Privacy Policy via email to registered account holders and by posting a prominent notice on vsitechnologies.ai. For government clients, material changes will be communicated through official contract channels and, where required, submitted for Contracting Officer review. The effective date of each version is documented in the document metadata above.

12
Contact Information

Privacy inquiries should be directed to:

Privacy Officer Contact
VSI Technologies Privacy Officer
Email: privacy@vsitechnologies.ai
Secure: legal@vsitechnologies.ai
Address: Available to verified government clients and contracting officers upon request
Response SLA: 30 business days · Emergency: 5 business days for government agencies
// Document Authorization //
Issuing Authority
VSI Technologies Legal & Compliance Division
Contact
legal@vsitechnologies.ai
Document Control
Reviewed annually or upon material change
Related Documents
Privacy Policy Security Policy Terms & Conditions FIPS 140-2 Classified Engagement
© 2025 VSI Technologies · All Rights Reserved
Privacy Security Terms FIPS 140-2 Classified Home
VSI Technologies · government@vsitechnologies.ai · legal@vsitechnologies.ai · All documents subject to revision · Not legal advice · Consult qualified counsel for compliance determinations