Privacy Policy - VentraLink

Privacy Policy for VentraLink

Effective Date: Nov 20, 2025

1. Introduction

Welcome to VentraLink ("VentraLink," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, VentraLink, and its associated services (collectively, the "Service"). This policy details our practices, including those relevant to integrations with third-party services such as QuickBooks Online via the Intuit QuickBooks Online API.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access or use the Service.

2. Information We Collect

Notice at Collection

Category of Personal Information	Examples	Purpose of Collection	Shared With
Identifiers	Name, email, IP address, Third-party User IDs (e.g., Zoom, QBO)	Account setup, communications, integration mapping	Service providers
Commercial Information	Transaction history (QuickBooks), Call Metadata	Integration features, Call Compass	QuickBooks, Zoom
Audio, Visual, or Similar Information	Call recordings, voice inputs, video meeting data	To provide Call Compass, sentiment analysis, and transcription services	Service providers (AI & Storage)
Internet Activity	Device info, usage logs	Security, analytics	Analytics providers
Geolocation (approximate)	IP-based location	Service operation, security, Internal analytics	Service providers, Analytics providers
Inferences	Employee performance metrics, call sentiment scores	Call Coaching and Personalization	Internal use, shared with AI processors (e.g. Google, Open AI, Anthropic, X.ai) to generate insights.

We retain this information as described in Section 6.
You have rights regarding this data, as outlined in Sections 7-8.

We may collect information about you in a variety of ways. The information we may collect via the Service includes:

Personal Data:
- Account Information: When you register for an account on VentraLink, we collect information such as your name, email address, and password. If you authenticate using Google or other third-party authentication services, we will collect information as permitted by that service and your privacy settings (typically your name and email address).
- User Settings: We store preferences and settings you configure within VentraLink, such as operational rules, interface preferences, and brand associations.
Data from Integrated Third-Party Services (e.g., QuickBooks Online, Zoom):
- To provide integration features, we access and process data from your connected third-party accounts via their respective APIs.
  - QuickBooks Online: Company info, Chart of Accounts, Vendors, Customers, Employees, and Transaction data.
  - Zoom: User profiles, Meeting/Call metadata (duration, participants), and Cloud Recordings (audio/video/transcripts) for the purpose of generating Call Coaching insights.
- OAuth Tokens: We store OAuth 2.0 access tokens and refresh tokens for these services (e.g., Intuit, Zoom). These tokens are encrypted at rest.
Uploaded Files and Content:
- Document Repository: Files you upload to the document repository (e.g., PDFs, operational documents). These may be stored using third-party cloud storage services like Google Cloud Storage (GCS).
- Data Files for Processing: Files you upload for processing and import into integrated services (e.g., IIF files for QuickBooks Online). Original files and their parsed data may be stored temporarily or for logging purposes, potentially using third-party cloud storage.
Log Data and Usage Information:
- Like most web services, we automatically collect information that your browser or device sends whenever you use our Service ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, device type, operating system, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, actions taken within the application, and other statistics.
- We collect this information for troubleshooting, debugging, monitoring the performance and security of our Service, and for internal development purposes to improve VentraLink.
Cookies and Similar Technologies:
- We may use cookies (small text files placed on your device) and similar tracking technologies (e.g., web beacons, pixels) to operate and personalize the Service, remember your preferences (like session information), ensure secure authentication, and gather usage analytics. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service effectively.

3. How We Use Your Information

Having accurate information permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Service to:

Create and manage your VentraLink account.
Provide, operate, and maintain the core functionalities of VentraLink, including any communication, document management, and operational tools.
Enable and manage your secure connection to integrated third-party services like QuickBooks Online.
Fetch, process, and display your data from linked third-party services as requested by you within the Service.
Create, update, or delete data in your linked third-party accounts (e.g., QuickBooks Online) as explicitly initiated by you through the Service.
Store, retrieve, and manage documents and files you upload.
Process data files (e.g., IIF files) according to your instructions and import the resulting data into linked third-party services.
Apply user-defined settings and rules.
Monitor and analyze usage, trends, and user interactions to improve your experience with the Service and for internal development and troubleshooting purposes. This includes reviewing log data and API interaction details.
Maintain the security and integrity of our Service, including preventing fraudulent activity and ensuring compliance with our terms.
Respond to your comments, questions, and provide customer support.
Comply with legal and regulatory obligations.

We will only use your data for the purposes of providing and improving the VentraLink service as described herein. We will not use your data for other purposes without your explicit consent, unless required by law.

4. How We Share Your Information

We do not sell or share (as defined by the California Privacy Rights Act) your personal information for monetary or other valuable consideration. We only disclose personal information to service providers and partners as necessary to operate our Service, as described below.

With Integrated Third-Party Services (e.g., Intuit for QuickBooks Online):
To provide the integration features, we must exchange data with the APIs of the third-party services you connect (e.g., Intuit's QuickBooks Online API). This includes sending requests to fetch your data and sending requests to create or modify data in your third-party service account, based on actions you take within VentraLink. Our use of data from these services is also governed by their respective developer terms and policies.
Third-Party Service Providers:
We may share your information with third-party vendors... Examples include:
- Cloud Infrastructure: Google Cloud Platform (GCP) for application hosting, database hosting, and file storage.
- Artificial Intelligence & Processing: Google (Gemini/Vertex AI) for processing call recordings and generating coaching insights.
- Background Task Processing: Tools like Redis for managing asynchronous tasks.
- Authentication Services: Such as Google (if you use Google Sign-In).
Specialized Service Providers for Enhanced Functionality (Including AI and Personalization):
To improve and personalize your experience, develop new features, or gain insights into service usage, VentraLink may in the future engage specialized third-party service providers. These services could include, for example, artificial intelligence (AI) platforms for data analysis or feature development...

If we engage such providers, and they require access to or process inferences drawn from your data, they will do so under contractual agreements that obligate them to:
- Act as our service provider/processor.
- Use the data only for the specific purposes we define and for providing the service to VentraLink.
- Maintain the confidentiality and security of the information.
- Not use the data for their own independent purposes or for any other third party.
We will not share your personal information, including inferences, with such providers for purposes beyond providing or improving our Service to you.
By Law or to Protect Rights:
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of VentraLink, our users, or others, we may share your information as permitted or required by any applicable law, rule, or regulation.
Business Transfers:
We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.
With Your Consent:
We may disclose your personal information for any other purpose with your explicit consent.

5. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information and the data processed through our Service. Key measures include:

Encryption: Sensitive information, such as OAuth tokens for third-party services, is encrypted at rest. Data transmission to and from our service (and to linked third-party services) is protected using HTTPS.
Access Controls: We implement access controls designed to limit access to your data to authorized personnel and services on a need-to-know basis.
Secure Development Practices: We strive to follow industry-standard secure coding practices and regularly review our security measures.

While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee absolute security if you provide personal information.

6. Data Retention

We will retain your personal information and data processed through the Service for as long as your account is active, as needed to provide you the Service, and to fulfill the purposes outlined in this policy.

Specifically:

Account Information & User Settings: Retained as long as your VentraLink account is active.
OAuth Tokens for Third-Party Services: Retained as long as your connection to the respective third-party service (e.g., QuickBooks Online) is active within VentraLink. If you disconnect the integration or delete your VentraLink account, these tokens will be deleted.
Uploaded Files (e.g., to S3): Retained as long as you keep them in the document repository or as determined by specific feature retention settings.
Log Data: Retained for a limited period necessary for security, troubleshooting, and development analysis, after which it may be deleted or anonymized.
IIF Import Logs: To assist with troubleshooting, allow you to review past import activity, and ensure the integrity of our Service, we retain IIF import logs for a period of up to 12 months from the date of import while your account is active. Following this period, logs are automatically deleted. If you close your VentraLink account, your IIF import logs will be retained for an additional 90 days maximum to address any final queries, after which they will be permanently deleted.

We will also retain and use your information as necessary to comply with our legal obligations (e.g., financial record-keeping if applicable), resolve disputes, and enforce our agreements.

7. Your Rights and Choices

Depending on your jurisdiction and applicable law, you may have certain rights regarding the personal information we hold about you. These rights may include:

Right to Access: You have the right to request access to the personal information we hold about you and to receive a copy of that information.
Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. You can typically review and change some of your account information through your account settings in VentraLink. For other corrections, please contact us.
Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal information, subject to certain exceptions. For example, we may need to retain certain information for legal or legitimate business purposes, such as to complete transactions, comply with our legal obligations, resolve disputes, or enforce our agreements. Specific retention periods for certain data types are outlined in Section 6. Account termination can be initiated through your account settings.
Right to Data Portability: Where applicable, you have the right to receive the personal information you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller without hindrance from us.
Right to Object to or Restrict Processing: You may have the right to object to or request the restriction of processing of your personal information under certain circumstances.
Right to Withdraw Consent: If we are processing your personal information based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
Account Information Management: You may at any time review or change certain information in your account or terminate your account through your account settings in VentraLink.
Third-Party Service Connections (e.g., QuickBooks Online): You can disconnect your linked third-party accounts (like QuickBooks Online) from VentraLink at any time via the Service interface. Doing so will prevent further data synchronization with that service through VentraLink, and our system will delete the associated OAuth tokens for that specific service. Data already imported or created in the third-party service via VentraLink will remain in that third-party service account, subject to their policies.
Cookies: You can typically control cookie settings through your browser. Refer to your browser's help documentation for more information.

To exercise any of these rights, please contact us using the contact details provided in Section 12. We will respond to your request within a reasonable timeframe and in accordance with applicable law. We may need to verify your identity before processing your request. Please note that these rights are not absolute and may be subject to limitations.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

Right to Know: You have the right to request that we disclose the categories of personal information we have collected, the sources of that information, the purposes for which it is collected, and the categories of third parties with whom we share it.
Right to Access: You have the right to request a copy of the specific pieces of personal information we have collected about you.
Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions.
Right to Opt-Out of Sale or Sharing of Personal Information: VentraLink does not sell personal information as defined by the CCPA. We also do not share your personal information for cross-context behavioral advertising.
Right to Limit the Use of Sensitive Personal Information: VentraLink does not use or disclose sensitive personal information for purposes that would trigger the right to limit its use under the CPRA. Under CPRA, “sensitive personal information” includes things like Social Security numbers, driver's license numbers, precise geolocation, racial or ethnic origin, and health information. VentraLink does not collect or use this type of information in a way that triggers the right to limit its use.
Right Against Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

You may exercise your rights by contacting us at: privacy@ventralink.com

You may also designate an authorized agent to make a request on your behalf.

We will verify your request by matching email address and other account details. We may request additional information to confirm your identity.

To exercise these California-specific rights, or any other rights mentioned in Sections 7-8, please contact us as detailed in Section 12 (Contact Us). When making a CCPA-specific request, please mention 'CCPA Request' in your communication.

9. Third-Party Websites and Services

The Service integrates with and may contain links to third-party websites and services, such as QuickBooks Online (Intuit), Zoom for phone call recording, and Google (for authentication and infrastructure). This Privacy Policy does not apply to the privacy practices of these third parties. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services, or applications that may be linked to or from the Service. We encourage you to review their privacy policies before providing them with information.

Intuit (QuickBooks Online): https://www.intuit.com/privacy/
Zoom Video Communications: https://explore.zoom.us/en/privacy/
Google (Privacy & Terms): https://policies.google.com/privacy

10. Children's Privacy

Our Service is not directed to individuals under the age of 13 (or any higher age threshold applicable in your jurisdiction for consent to process personal information). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to remove that information from our servers. If you believe that we might have any information from or about a child, please contact us.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements,or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top of this Privacy Policy. We may also provide notice through the Service or by other means, as appropriate. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us at: privacy@ventralink.com. If your request pertains to California privacy rights, please include 'CCPA Request' in the subject line of your email to help us expedite your request.