Privacy Policy
Last updated: 8 July 2026
This Privacy Policy explains how Vento Group Ltd ("Vento.AI", "we", "us") collects, uses and protects personal data when you use our website (https://ventogroup.uk) and the Vento.AI platform. We are committed to protecting your privacy in accordance with the UK GDPR and the Data Protection Act 2018.
1. Who we are
Vento Group Ltd is the data controller for personal data relating to our account holders and website visitors. Company number [COMPANY NUMBER]; registered office [REGISTERED OFFICE ADDRESS], United Kingdom. We are registered with the UK Information Commissioner's Office (ICO) under reference [ICO REGISTRATION NUMBER]. You can contact us at privacy@ventogroup.uk.
2. Our two roles
Vento.AI is a business tool used by HVAC / air-conditioning installers. Depending on the data, we act as either:
- A controller — for data about our account holders and their staff (names, emails, business details, billing and usage data). This policy governs that data.
- A processor— for the personal data our business customers enter about their own clients (e.g. a homeowner's name, address and survey details). The installer is the controller of that data; we process it only on their instructions under our Terms of Service (which include a data-processing agreement).
3. Personal data we collect
- Account & profile — name, work email, phone, role, organisation name and address.
- Customer & job data — details you enter about your clients, properties, surveys, room designs and proposals (processed on your behalf).
- Billing — subscription plan and payment status. Card details are handled directly by Stripe; we never store full card numbers.
- Content you provide — survey photos, notes, signatures on proposals, and messages to our AI assistant.
- Technical & usage — IP address, device/browser type, log and diagnostic data, and essential cookies (see our Cookie Policy).
4. How we use personal data and our lawful bases
- To provide the service (create accounts, run surveys, generate proposals, take payments) — performance of a contract.
- To bill and manage subscriptions — contract and legal obligation (tax/accounting).
- To secure the platform (rate limiting, fraud/abuse prevention, audit logging) — legitimate interests.
- To improve and support the product — legitimate interests.
- To send service emails (confirmations, proposal and installation notices) — contract. Any marketing email is sent only with your consent, which you can withdraw at any time.
5. AI features
Vento.AIincludes AI features (the "Flow" assistant and proposal text suggestions) powered by Anthropic's Claude models. When you use these features, the relevant text is sent to Anthropic to generate a response. This data is not used to train their models. Do not enter special-category personal data into these features.
6. Sharing your data
We do not sell personal data. We share it only with the service providers (sub-processors) that help us run the platform, each bound by contract to protect it:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage & backend hosting | EU (Ireland) |
| Vercel | Application hosting & content delivery network | EU & global edge |
| Stripe | Card payment processing & subscription billing | EU / USA (SCCs) |
| GoCardless | Direct Debit payment processing | United Kingdom |
| Resend | Transactional email delivery | USA (SCCs) |
| Anthropic | AI assistant & proposal text generation (Claude) | USA (SCCs) |
| Google Maps Platform | Address autocomplete & static map images | USA (SCCs) |
We may also disclose data where required by law, or to establish, exercise or defend legal claims.
7. International transfers
Some providers process data outside the UK/EEA. Where they do, we rely on the UK International Data Transfer Agreement or Addendum to the EU Standard Contractual Clauses, plus appropriate safeguards, to protect your data.
8. How long we keep it
We keep account and customer data for as long as your account is active and for a reasonable period afterwards to meet legal, tax and accounting obligations (typically up to 6 years for financial records). We delete or anonymise data when it is no longer needed. You can ask us to delete your organisation's data at any time from Settings or by contacting us.
9. Security
We protect data with encryption in transit and at rest, strict tenant isolation (row-level security), access controls, rate limiting and audit logging. No system is perfectly secure, but we take reasonable and appropriate technical and organisational measures to safeguard your data.
10. Your rights
Under UK data protection law you have the right to: access your data; correct inaccurate data; erase data; restrict or object to processing; data portability; and withdraw consent. To exercise any of these, email privacy@ventogroup.uk. You also have the right to complain to the ICO (ico.org.uk), though we'd appreciate the chance to help first.
11. Cookies
We use only essential cookies needed to sign you in and keep the platform secure. See our Cookie Policy for details.
12. Children
Vento.AI is a business tool and is not intended for anyone under 18. We do not knowingly collect data from children.
13. Changes to this policy
We may update this policy from time to time. We will post the new version here and update the "last updated" date; material changes will be notified in-app or by email.
14. Contact
Questions about this policy or your data? Email privacy@ventogroup.uk or write to us at [REGISTERED OFFICE ADDRESS], United Kingdom.
