VSA
Back to Home

Privacy Policy

Last updated: July 9, 2025

1. Introduction

VSA ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://vsa-ai.com, use our vehicle scheduling AI platform, or engage with our services.

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use our Service.

This Privacy Policy applies to all users of our Service, including dealerships, service centers, their employees, and end customers who interact with our AI scheduling system.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you provide directly to us, including:

  • Account Information: Name, email address, phone number, company details, job title, and business address when you create an account
  • Contact Information: Details provided through contact forms, support requests, or sales inquiries
  • Vehicle Service Data: Information about vehicle appointments, service history, customer preferences, and scheduling details
  • Payment Information: Billing details, subscription information, and payment method data (processed securely through third-party payment processors)
  • Communication Data: Messages, chat conversations, and communications through our platform, including WhatsApp interactions
  • Feedback and Surveys: Responses to surveys, feedback forms, and user experience research

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

  • Usage Data: How you interact with our Service, features used, time spent, and navigation patterns
  • Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers
  • Log Data: IP address, access times, pages viewed, referring URLs, and crash logs
  • Location Data: General location information based on IP address (not precise geolocation unless explicitly permitted)
  • Performance Data: Service performance metrics, load times, and error reports

2.3 Information from Third Parties

We may receive information from third-party sources:

  • Integration Partners: Data from dealership management systems (DMS), CRM systems, and scheduling software
  • WhatsApp Business API: Message content, phone numbers, and interaction data for scheduling purposes
  • Analytics Providers: Website usage statistics and user behavior insights
  • Business Partners: Information from authorized partners and integrators

3. How We Use Your Information

3.1 Service Provision

  • Provide, operate, and maintain our AI scheduling platform
  • Process vehicle service appointments and manage scheduling workflows
  • Enable communication between dealerships and customers
  • Integrate with existing dealership management systems
  • Provide customer support and technical assistance

3.2 Service Improvement

  • Analyze usage patterns to improve our Service and user experience
  • Develop new features and functionality
  • Train and improve our AI models for better scheduling accuracy
  • Monitor service performance and reliability
  • Conduct research and development activities

3.3 Communication

  • Send account-related notifications and service updates
  • Provide customer support and respond to inquiries
  • Send marketing communications (with your consent)
  • Notify you about changes to our Service or policies
  • Send security alerts and system notifications

3.4 Legal and Business Operations

  • Comply with legal obligations and regulatory requirements
  • Protect against fraud, abuse, and security threats
  • Enforce our Terms of Service and other agreements
  • Conduct business operations and financial reporting
  • Facilitate business transfers or corporate transactions

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the specific context:

  • Contract Performance: Processing necessary to provide our Service and fulfill our contractual obligations
  • Legitimate Interests: Processing for business operations, security, and service improvement (where not overridden by your rights)
  • Legal Compliance: Processing required to comply with applicable laws and regulations
  • Consent: Processing based on your explicit consent for specific purposes (e.g., marketing communications)
  • Vital Interests: Processing necessary to protect health, safety, or security in emergency situations

5. Information Sharing and Disclosure

5.1 Service Providers and Partners

We share information with trusted third parties who assist in operating our Service:

  • Cloud Infrastructure: Amazon Web Services (AWS), Microsoft Azure for secure data hosting
  • AI and Analytics: OpenAI for AI processing, Google Analytics for usage insights
  • Communication Services: WhatsApp Business API, email service providers
  • Payment Processors: Stripe, PayPal for secure payment processing
  • Customer Support: Help desk and support ticketing systems

5.2 Business Transfers

In the event of a merger, acquisition, corporate divestiture, or dissolution, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5.3 Legal Requirements

We may disclose your information when required by law or to:

  • Comply with legal process, court orders, or government requests
  • Protect the rights, property, or safety of VSA, our users, or others
  • Investigate potential violations of our Terms of Service
  • Prevent or investigate fraud, security breaches, or technical issues

5.4 Aggregated and De-identified Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you for research, analytics, and business purposes.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our Service and maintain your account
  • Comply with legal obligations and regulatory requirements
  • Resolve disputes and enforce our agreements
  • Improve our Service and develop new features

Specific retention periods vary based on data type and business requirements. Account information is typically retained for the duration of your subscription plus 3 years. Communication data may be retained for up to 7 years for business and legal purposes.

When information is no longer needed, we securely delete or anonymize it according to our data retention policies and applicable legal requirements.

7. Data Security

We implement comprehensive security measures to protect your information:

7.1 Technical Safeguards

  • Encryption: Data encryption in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Multi-factor authentication and role-based access controls
  • Network Security: Firewalls, intrusion detection, and secure network architecture
  • Data Backup: Regular automated backups with secure storage
  • Vulnerability Management: Regular security assessments and penetration testing

7.2 Operational Safeguards

  • Employee Training: Regular security and privacy training for all staff
  • Access Monitoring: Logging and monitoring of all data access activities
  • Incident Response: Comprehensive incident response and breach notification procedures
  • Vendor Management: Due diligence and security requirements for all third-party providers

7.3 Compliance and Certifications

We maintain compliance with industry standards and undergo regular audits to ensure the highest level of data protection. While no method of transmission or storage is 100% secure, we continuously improve our security practices.

8. Your Privacy Rights

8.1 General Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Portability: Request transfer of your data to another service provider
  • Restriction: Request limitation of processing in certain circumstances
  • Objection: Object to certain types of processing based on legitimate interests

8.2 GDPR Rights (EEA Residents)

If you are in the EEA, you have additional rights under GDPR:

  • Right to Withdraw Consent: Withdraw consent for consent-based processing at any time
  • Right to Lodge a Complaint: File a complaint with your local data protection authority
  • Right to Automated Decision-Making: Object to decisions made solely by automated processing

8.3 CCPA Rights (California Residents)

If you are a California resident, you have additional rights under CCPA:

  • Right to Know: Request information about personal information collected, used, or disclosed
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: Protection against discrimination for exercising CCPA rights

8.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@vsa-ai.com. We will respond to your request within 30 days (or as required by applicable law). We may require verification of your identity before processing your request.

9. Cookies and Tracking Technologies

9.1 Types of Cookies

We use the following types of cookies and similar technologies:

  • Essential Cookies: Necessary for basic website functionality and security
  • Performance Cookies: Collect anonymous information about website usage and performance
  • Functional Cookies: Remember your preferences and provide enhanced features
  • Analytics Cookies: Help us understand how visitors interact with our website

9.2 Third-Party Cookies

We may use third-party cookies for:

  • Google Analytics for website analytics and user behavior insights
  • Customer support chat widgets
  • Social media integration and sharing features
  • Security and fraud prevention services

9.3 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Service. You can also use our cookie consent manager to adjust your preferences.

10. International Data Transfers

We may transfer your information to countries outside your home country for processing and storage. When we transfer personal information internationally, we ensure appropriate safeguards are in place:

  • Adequacy Decisions: Transfers to countries with adequate data protection laws
  • Standard Contractual Clauses: EU-approved contract terms for international transfers
  • Binding Corporate Rules: Internal privacy rules for multinational organizations
  • Certification Programs: Privacy Shield successor frameworks and similar programs

All international transfers comply with applicable data protection laws and regulations.

11. Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we discover that we have collected personal information from a child without parental consent, we will delete that information promptly.

12. Third-Party Services

Our Service may contain links to third-party websites, applications, or services that are not owned or controlled by us. This Privacy Policy does not apply to third-party services.

12.1 Integrated Services

We integrate with various third-party services that have their own privacy policies:

  • OpenAI: Please review their privacy policy for information about their data practices
  • Google Analytics: Please review their privacy policy for information about their data practices
  • AWS: Please review their privacy policy for information about their data practices
  • Microsoft Azure: Please review their privacy policy for information about their data practices

12.2 Your Responsibility

We encourage you to review the privacy policies of any third-party services you access through our Service. We are not responsible for the privacy practices of these third parties.

13. Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

  • Investigate and contain the breach immediately
  • Assess the scope and impact of the incident
  • Notify relevant authorities within 72 hours (where required by law)
  • Inform affected users without undue delay if there is a high risk to their rights and freedoms
  • Provide clear information about the breach and steps being taken
  • Offer assistance and guidance on protective measures

We maintain a comprehensive incident response plan and conduct regular drills to ensure effective breach response.

14. Privacy Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Notify you by email (if you have provided an email address)
  • Post a prominent notice on our website
  • Update the "Last Updated" date at the top of this policy
  • Provide additional notice as required by applicable law

Your continued use of our Service after the effective date of the updated Privacy Policy constitutes acceptance of the changes. We encourage you to review this Privacy Policy periodically.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: privacy@vsa-ai.com

Privacy Officer: privacy@vsa-ai.com

Mailing Address:

VSA, Inc.
123 AI Boulevard
Tech City, CA 94000
United States

For EEA residents, you may also contact our Data Protection Officer at dpo@vsa-ai.com.

We will respond to all legitimate privacy requests within 30 days (or as required by applicable law). For urgent privacy matters, please mark your communication as "URGENT - Privacy Request."

16. Definitions

For the purposes of this Privacy Policy:

  • Personal Information: Any information that identifies, relates to, or could reasonably be linked with you
  • Processing: Any operation performed on personal information, including collection, use, storage, and deletion
  • Service: VSA's vehicle scheduling AI platform, website, and related services
  • User: Any individual who accesses or uses our Service
  • Controller: The entity that determines the purposes and means of processing personal information
  • Processor: The entity that processes personal information on behalf of the controller