Privacy Policy

Effective January 1, 2026

Privacy Policy

1. Who we are

VindexAI Holdings ("VindexAI," "we," "us") is a technology company based in Louisville, Kentucky. We build AI intelligence products for operators across healthcare, sales, and personal productivity. Our products include VindexAI Health, SynCORE, and Drive.

2. Information we collect

Account information: Name, email address, company name, role, and any information you provide when creating an account or contacting us.

Usage data: How you interact with our products, including features used, session duration, and performance metrics. This helps us improve the experience.

Health data (Val users): For users of VindexAI Health, we may process health-related data including wearable device metrics, lab results, and protocol adherence data. This data is classified as Protected Health Information (PHI) and handled under strict HIPAA compliance. See our HIPAA Notice for details.

Technical data: Device type, browser, IP address, and similar technical information collected automatically when you use our services.

3. How we use your information

  • Service delivery: To provide, maintain, and improve our products.
  • Communication: To respond to your requests, send product updates, and provide support.
  • Product improvement: To analyze usage patterns and improve functionality. We use aggregated, de-identified data where possible.
  • Security: To detect and prevent fraud, abuse, and security incidents.
  • Legal compliance: To comply with applicable laws and regulations.

4. Data sharing

We do not sell your data. Period. We do not sell personal information to third parties. We do not share data for advertising purposes.

We share data only with:

  • Service providers: Infrastructure and hosting providers who process data on our behalf, under contractual obligations to protect your information.
  • Business associates (health data): For Val users, data may be shared with authorized healthcare providers under Business Associate Agreements (BAAs).
  • Legal requirements: When required by law, court order, or to protect the safety of our users.

5. HIPAA compliance

VindexAI Health processes Protected Health Information (PHI) on behalf of covered entities (healthcare providers). All PHI is handled in compliance with HIPAA through our subsidiary, VindexAI Wellness LLC. For full details, see our HIPAA Notice.

6. Data retention

We retain your information for as long as your account is active or as needed to provide services. When you close your account, we delete or anonymize your data within 90 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes).

Health data governed by HIPAA is retained per the requirements of the applicable BAA and federal regulations.

7. Security

We implement industry-standard security measures including encryption at rest and in transit, access controls, audit logging, and regular security assessments. Our infrastructure runs on Google Cloud Platform with a signed Business Associate Agreement. No system is perfectly secure, but we take reasonable and appropriate measures to protect your data.

8. Your rights

Depending on your location, you may have the right to access, correct, delete, or export your personal information. To exercise these rights, contact us at privacy@vindexai.io.

9. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or through our products. Continued use of our services after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or requests:

VindexAI Holdings
Louisville, KY
privacy@vindexai.io