Privacy Policy

Vantage is an operational intelligence platform. We observe signals across the tools your organization already uses and surface patterns that matter. We observe; humans decide. This document describes what Vantage collects, where we store it, and how to delete it.

• Account information. Your email address, used for magic-link authentication via Resend. No password is ever stored.
• OAuth credentials. Encrypted access tokens and, where the provider supports it, refresh tokens for each connected service. Currently Slack, Google Workspace, Notion, and Jira / Atlassian.
• Connector metadata. The workspace name, your user id at the provider, and (where granted) the scopes the connection is operating under. Used to render the dashboard and to label findings.
• Audit metadata. Connect and disconnect events, so you can see your own history.
• No content data. Vantage does not store the body of your Slack messages, the contents of your Google Drive files, the text of your Notion pages, or the descriptions of your Jira issues. We read those on demand, evaluate the operational signal, and discard the raw content beyond what's needed for the immediate finding.

• Storage: Cloudflare D1, a SQLite database at the edge, scoped to your tenant.
• At-rest encryption: All access tokens and refresh tokens are encrypted with AES-256-GCM before being written to D1. The encryption keys live in a separate vault and are rotated periodically.
• Read-only by architectural constraint: Vantage requests OAuth scopes that include only read permissions. Every connector implementation is read-only by design. We cannot post a Slack message, edit a Drive file, create a Jira ticket, or modify a Notion page even if asked. The constraint is enforced in code, not just in policy.

• Cloudflare D1. Tenant data storage.
• Vercel. Application hosting.
• Resend. Delivery of magic-link sign-in emails.
• Anthropic. AI inference for the operational intelligence agents (Operations, Quality, Analytics, Resource).
• OAuth providers. Slack, Google, Notion, Atlassian. We only hold the tokens you grant us; the providers remain the system of record for their own data.

• Disconnect at any time. Every connector can be disconnected from the dashboard. Disconnecting instantly revokes Vantage's access at the provider and deletes the stored tokens from D1.
• Request full deletion. Email melaskary72@gmail.com and we'll remove your account and all associated data within 14 days.
• Export your data. Available on request to the same address.

Connector tokens are retained until you disconnect. Your account email is retained until you request deletion. Findings produced by the agents are retained as part of your audit trail and can be purged on request.

Vantage is built for enterprise operational environments and is not intended for users under 18.

Questions, deletion requests, or anything privacy-adjacent: melaskary72@gmail.com. Mohamed reads every message personally and responds in writing.

If you ever want to know exactly what Vantage can see in one of your connected tools, the answer is on the dashboard. The OAuth scopes are listed there, and the underlying connector code in our repository confirms that no write surface exists. Vantage observes. Humans decide. That's the whole product.