Privacy Policy

Last updated: 11/26/2025

Introduction

VAKE Consulting ("VAKE," "we," "us," or "our"), a company registered in the United Arab Emirates, operates the VAKE AI platform - an AI-powered interface for SAP SuccessFactors (the "Service"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Service. It applies to all users, administrators, and authorized personnel accessing the Service.

We are committed to protecting your privacy and handling your data responsibly and transparently. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of the Service.

Information We Collect

Account and Registration Information

  • Email address and name
  • Organization name and business role
  • User role and permission assignments within the Service
  • Billing and payment information (processed securely through Stripe - we do not store full payment card details)

Service Configuration Data

  • SAP SuccessFactors API credentials and connection settings (encrypted with AES-256 at rest)
  • AI provider API keys (encrypted with AES-256 at rest)
  • User preferences, saved queries, and AI memory data
  • Team structure and user management configurations

Usage and Technical Data

  • API call logs and query history
  • Chat conversation history (stored for your convenience, deletable at any time)
  • AI model usage patterns and credit consumption
  • Error logs and diagnostic information
  • Browser type, IP address, and session metadata

SAP SuccessFactors Data

Important: We do not permanently store your SAP SuccessFactors employee data. This data is accessed in real-time through your API credentials when you make queries and is not retained by our systems after the session ends. We act as a conduit, processing your instructions and relaying data between you and your SAP SuccessFactors instance.

How We Use Your Information

Service Delivery and Operations

  • Authenticate and authorize access to the Service
  • Process natural language queries and AI-powered operations
  • Generate documents, reports, and analytics as requested
  • Maintain chat history and AI memory for personalized assistance
  • Manage subscriptions, billing, and AI credit allocation

Service Improvement

  • Analyze aggregate usage patterns to improve features and performance
  • Debug technical issues and resolve errors
  • Develop new features and capabilities
  • Monitor system performance, security, and reliability

Communication

  • Send service updates, maintenance notifications, and security alerts
  • Respond to support requests and inquiries
  • Provide billing notifications and payment confirmations
  • Deliver product announcements and feature updates (with opt-out available)

Legal and Compliance Purposes

  • Comply with applicable laws, regulations, and legal obligations
  • Enforce our Terms of Service and other agreements
  • Detect, prevent, and address fraud, abuse, and security incidents
  • Respond to lawful requests from public authorities and legal processes
Data Security

We implement industry-standard technical and organizational measures to protect your data:

Encryption

  • AES-256 encryption for all credentials and sensitive configuration data at rest
  • TLS 1.2+ encryption for all data in transit
  • Encrypted cloud storage with server-side encryption for all persistent data

Access Control

  • Role-based access control (RBAC) with principle of least privilege
  • Multi-factor authentication (MFA) support
  • Regular security audits and vulnerability assessments
  • Automatic session timeout and inactivity logout

Infrastructure Security

  • Hosted on Google Cloud Platform (SOC 2 Type II compliant)
  • Data residency in the European Union (europe-west4 region)
  • Automated backups with encryption
  • DDoS protection and network security monitoring
  • Regular security patches and system updates

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to industry best practices and will promptly notify affected users in the event of a data breach as required by applicable law.

Data Sharing and Third Parties

We do not sell, rent, or trade your personal information. We share data only with the following categories of service providers, solely to the extent necessary to provide and improve the Service:

Service Providers (Sub-processors)

  • Stripe, Inc. - Payment processing and subscription management
  • Google Cloud Platform (Google LLC) - Cloud infrastructure, hosting, and data storage
  • Firebase (Google LLC) - Authentication, database, and application hosting
  • AI Providers - Anthropic (Claude), OpenAI, Google AI (Gemini), xAI (Grok) - Natural language processing
AI Provider Data Handling

Anthropic Claude (Default Provider):

  • API logs retained for up to 7 days for Trust & Safety purposes, then deleted
  • Customer data is NOT used for model training or improvement
  • Zero-Data-Retention (ZDR) option available upon request
  • See Anthropic's data retention policy at anthropic.com/privacy

Other AI Providers (Optional, Customer-Configured):

  • Each provider is subject to their own privacy policy and data handling practices
  • Customer should review provider policies before enabling alternative providers
  • VAKE has no control over data retention by third-party AI providers
  • Customer assumes responsibility for data shared with optional providers they enable

Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a lawful government request.

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your personal information.

Data Retention

Active Accounts

We retain your account information and Service data for as long as your account is active or as needed to provide the Service. Configuration data, chat history, and AI memories are maintained throughout your subscription for continuity of service.

After Account Termination

  • Customer Data available for export for 30 days following termination
  • Account data and configuration deleted within 90 days of termination
  • Backup copies removed within 180 days of termination
  • Audit logs and legally required records retained as mandated by applicable law
  • Anonymized and aggregated data may be retained indefinitely for analytics purposes

Chat History and AI Memory

Chat conversation history is retained for as long as your account is active and can be deleted by you at any time through the Service interface. AI memory data persists across sessions to provide personalized assistance and can also be managed through Settings.

Your Privacy Rights

Depending on your location, you may have the following rights under applicable data protection laws (including GDPR, CCPA, and similar regulations):

  • Right of Access - Request a copy of the personal data we hold about you
  • Right to Rectification - Request correction of inaccurate or incomplete personal data
  • Right to Erasure (Right to be Forgotten) - Request deletion of your personal data, subject to legal retention requirements
  • Right to Data Portability - Receive your data in a structured, commonly used, machine-readable format
  • Right to Restrict Processing - Request limitation of processing of your personal data
  • Right to Object - Object to processing of your personal data for certain purposes
  • Right to Withdraw Consent - Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@vakeconsulting.com. We will respond to your request within 30 days as required by applicable law. We may require identity verification before processing your request.

Customer Responsibility

Important Notice: Customer Data Responsibility

  • You are solely responsible for the legality, accuracy, and quality of all data you process through the Service
  • You must obtain all necessary consents and authorizations before processing personal data of your employees or other individuals through the Service
  • VAKE is not responsible for the accuracy, completeness, or appropriateness of AI-generated outputs - you must verify all results before acting on them
  • You are responsible for compliance with all applicable data protection and privacy laws in your jurisdiction
  • You should review the privacy policies of third-party AI providers before enabling them in your configuration

All decisions based on information provided by the Service remain the sole responsibility of the Customer. The Service is an assistive tool and does not replace professional judgment, legal advice, or compliance obligations.

International Data Transfers

Your data is primarily stored and processed within the European Union (Google Cloud europe-west4 region). However, data may be transferred to and processed in the United Arab Emirates and other countries where our service providers operate. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognized transfer mechanisms.

Contact Us

VAKE Consulting

For questions about this Privacy Policy or our data practices, contact us at: privacy@vakeconsulting.com. For general support: support@vakeconsulting.com.

For GDPR-related inquiries or to exercise your data protection rights: dpo@vakeconsulting.com