Privacy Policy

Last Updated: 03/11/2026

DEKS MEDIA L.L.C ("Company," "we," "us," or "our") is an AI-powered platform that helps users build, validate, and launch digital products using natural-language instructions, integrations, and collaborative tools (the "Services"). We take privacy and security seriously and aim to comply with applicable privacy laws in the United States, the European Economic Area, the United Kingdom, Switzerland, and Canada.

This Privacy Policy ("Policy") explains how we collect, use, share, and otherwise process personal information from users, including visitors, customers, and end users ("you" or "your"). By using the Services, you acknowledge this Policy. This Policy incorporates our Terms of Service and any applicable Data Processing Agreement (DPA) by reference. If there is any conflict between this Policy and a signed DPA, the DPA controls with respect to Customer Personal Data.

If you do not agree with this Policy, please stop using the Services.

1. Personal Data

For purposes of this Policy, "personal data" (also called "personal information" under certain U.S. state laws) means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to a particular individual or household, as defined under applicable privacy laws (including GDPR/UK GDPR, revised Swiss FADP, PIPEDA, and applicable U.S. state privacy statutes).

We do not intentionally collect special-category / sensitive personal data (e.g., biometric identifiers, health data, precise geolocation) and we instruct users not to upload such data to the Services. If you choose to submit sensitive data, you do so at your own risk and the Services are not designed for such use.

2. Collection and Use of Information

We collect information in three primary ways: (a) information you provide, (b) information collected automatically when you use the Services, and (c) information from third parties (e.g., integrations).

Information you provide

This may include:

Account identifiers (name, email, password hash, workspace details, preferences)

Billing information (subscription tier, invoices, transaction metadata; payment cards are handled by PCI-compliant processors and not stored by us except as tokenized references)

Support communications (messages, attachments, bug reports, feedback)

Customer Data you submit through the Services (such as prompts, instructions, code, configuration files, and other content)

Information collected automatically

When you use the Services, we may collect:

device and browser signals, IP address, approximate location (e.g., city-level)

usage events (feature usage, clicks, session identifiers)

diagnostics, crash reports, and performance data

Children's Data

The Services are not intended for anyone under 18 (or the age of majority in your jurisdiction), and we do not knowingly collect personal data from minors. If we learn we collected personal data from a minor without required consent, we will delete it. If you believe a minor has provided data to us, contact us at privacy@ventora.cc.

We process personal data based on one or more of the legal bases described in Section 3, for the purposes described in Section 4.

3. Legal Bases for Processing Your Data

We process personal data only when a valid legal basis applies under the relevant privacy regime.

Applicable privacy frameworks

United States: CCPA/CPRA (California) and other state privacy laws in force during your use of the Services.

International: GDPR (EEA), UK GDPR, and revised Swiss FADP for residents of the EEA/UK/Switzerland.

Canada: PIPEDA.

Legal bases we rely on

Contract performance: to provide, maintain, and support the Services under our Terms or customer agreement.

Legitimate interests: to secure the platform, prevent abuse/fraud, generate aggregate analytics, and improve product capabilities (balanced against your rights).

Consent: for non-essential cookies, certain marketing communications, and other processing that requires consent in your jurisdiction.

Legal obligations: to comply with accounting, tax, export-control/sanctions rules, and lawful requests.

Vital interests: rarely, to prevent serious harm or respond to emergencies.

We do not use automated decision-making that produces legal or similarly significant effects on individuals (e.g., GDPR Article 22).

4. Purposes of Use and Processing

We use personal information for the following business and commercial purposes:

Service delivery and support: account creation, authentication, providing AI-assisted features, storing projects, and responding to support requests.

Service integrity and security: preventing unauthorized access, detecting abuse, enforcing policies, and protecting the platform and users.

Service improvement and research: analyzing usage patterns and product interactions to improve reliability, features, and AI experience; where feasible, we do so using de-identified or aggregated data.

Personalization: remembering settings and tailoring the interface/experience to your preferences.

Product updates and limited marketing: sending important product notices, updates, and optional marketing communications, and measuring their effectiveness (you can opt out as described in Section 9).

Compliance: meeting legal, regulatory, sanctions/export-control, record-keeping, and audit requirements.

5. Data Processing and Sub-Processors

Where Company processes personal data on behalf of a customer under a DPA, we act as a processor/service provider/contractor (as applicable) and process that data according to customer instructions and the DPA.

We use third-party vendors ("sub-processors") to provide infrastructure and business operations. Examples include:

cloud hosting and databases

payment processing

customer support tools

analytics and monitoring

AI model / inference providers (where configured)

All sub-processors are contractually required to protect personal data and process it only for permitted purposes. We may provide notice of material sub-processor changes and allow customers to object within a reasonable period (where required by contract).

6. International Data Transfers

If you access the Services from the EEA, UK, or Switzerland, your personal data may be transferred to the United States or other jurisdictions that may not provide the same level of data protection.

We use appropriate safeguards where required, such as:

EU Standard Contractual Clauses (SCCs) (including relevant modules)

UK International Data Transfer Addendum (or UK IDTA, as applicable)

Swiss addendum/adaptations where required by Swiss law

other valid transfer mechanisms recognized by applicable law

7. Investigations and Legal Disclosures

We may investigate and disclose information if we believe in good faith that it is necessary to:

comply with a valid legal process or governmental request (e.g., subpoena or court order)

detect, prevent, or address fraud, security incidents, or misuse

protect our rights, safety, and property, or those of our users, affiliates, or the public

Disclosures will be limited to what is necessary and made in accordance with applicable law.

8. Log Data

When you use the Services, we collect operational telemetry ("Log Data") to maintain security and reliability. Log Data may include:

IP address and approximate location (city-level)

browser/device type and version

pages, APIs, and features accessed

timestamps, duration, session identifiers

error, debug, and performance signals

other usage statistics

Retention: Log Data is typically retained for up to 90 days, unless a longer period is required for security, compliance, or dispute resolution.

9. Cookies and Other Tracking

We and selected partners use cookies, pixels, and similar technologies ("Cookies") to run, secure, and measure our Services. We generally use four categories:

Strictly Necessary Cookies: required for sign-in, session routing, fraud prevention, and consent storage.

Analytics & Performance Cookies: help measure feature adoption, diagnose issues, and improve performance (consent where required).

Functional Cookies: remember preferences such as language, theme, or layout.

Marketing Cookies (if enabled): measure campaign performance and conversions (consent where required; opt-outs honored where applicable).

You can manage cookie preferences through:

our cookie preference tools (if available),

your browser settings, and/or

recognized opt-out signals such as Global Privacy Control (where legally applicable).

Disabling non-essential cookies won't break core functionality but may reduce product insights and measurement.

10. Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect personal data (e.g., encryption in transit, access controls, monitoring). No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

Your role: keep credentials confidential, enable multi-factor authentication when available, and notify us promptly if you believe your account has been compromised.

The Services may rely on third-party providers (e.g., hosting, databases, AI inference providers). While we select reputable vendors, their availability and performance are outside our direct control.

11. Retention of Your Information

We keep personal information only as long as needed to achieve the purposes described in this Policy, including to:

provide and improve the Services,

meet legal obligations,

resolve disputes, and

enforce agreements.

Typical retention practices include:

Account data: retained while the account is active; deleted or de-identified within a reasonable period after termination (subject to legal holds).

Customer Data: retained as needed to provide the Services and according to customer instructions; backup retention may extend for a limited period (e.g., up to 90 days).

Billing records: retained as required by accounting/tax rules.

To request deletion, contact privacy@ventora.cc.

12. Links to Other Sites

The Services may include links or integrations with third-party services (e.g., GitHub, payment providers, data platforms). Those third parties control their own privacy practices. Review their policies before providing data to them. We are not responsible for third-party privacy or security practices.

13. Notice and Communications

By using the Services, you agree to receive transactional and administrative messages from us (e.g., security alerts, billing notices, account messages). You can opt out of non-essential marketing emails via the unsubscribe link or your account settings; doing so will not affect important service messages.

We may provide legal or privacy notices via email, in-product banners, or other methods permitted by law.

14. Governing Law & Venue

Unless mandatory local law provides otherwise, this Policy is governed by the laws of the State of Delaware, USA, without regard to conflict-of-law rules.

If you are located in a jurisdiction that grants mandatory consumer or data-protection rights, those rights take precedence to the extent they conflict with this Policy.

15. No Coding Advice

The Services may generate or suggest code and configurations. These outputs are not professional engineering advice. You are responsible for reviewing, testing, validating, and securing anything produced by the Services. Use of generated output is at your own risk.

Ownership, licensing, and usage restrictions related to Customer Data and outputs are addressed in our Terms of Service.

16. Contact Details

If you have questions, concerns, or want to exercise your privacy rights, contact us:

Email: privacy@ventora.cc

Mail: 2999 NE 191ST ST STE 907, MIAMI, FL 33180-3117

Data Protection Officer: dpo@ventora.cc

We aim to respond to verified requests within 30 days, or within the period required by applicable law.

17. Residents of the United States, Canada, EEA, United Kingdom, and Switzerland

This section supplements the rest of the Policy and applies to individuals in the United States (including states with consumer privacy statutes), Canada, the EEA, the UK, and Switzerland.

Categories of personal data we collect

Depending on how you use the Services, we may collect:

Identifiers: name, business email, phone number (optional), user/workspace IDs, IP address (city-level location only).

Commercial information: subscription tier and purchase history; payment card details are handled by PCI-compliant payment processors.

Internet/network activity: login events, feature usage, telemetry, prompts submitted, and content generated within the Services.

Project information: files, repositories, configuration data you upload or connect via integrations.

Sensitive personal information: not intentionally collected; do not upload it.

Your rights (subject to legal limits)

You may have rights to:

access / know

data portability

deletion

correction

withdraw consent (where applicable)

opt out of certain processing (e.g., targeted advertising, where applicable)

We will not discriminate against you for exercising your rights.

To exercise rights, email privacy@ventora.cc. We may verify your identity before responding. Where required, you may appeal a denial by replying to our decision within a reasonable timeframe (e.g., 60 days).

18. Changes to This Policy

We may update this Policy to reflect changes in our practices, legal requirements, or the Services. We will post the updated Policy and revise the "Last Updated" date above.

If changes materially reduce your rights or expand processing purposes, we will provide notice as required by law (e.g., email or an in-product banner).

19. Severability

If any part of this Policy is determined to be invalid or unenforceable, the remaining provisions remain in effect.

20. Entire Agreement

This Policy, together with the Terms of Service, any applicable DPA, and any supplemental product terms, forms the entire agreement regarding privacy and data protection for the Services. If there is a conflict, the DPA controls with respect to Customer Personal Data, then this Policy, then the Terms.