VectorVue Privacy Policy

Effective Date: 2026-01-01

This Privacy Policy describes how VectorVue handles data in both self-hosted and future SaaS deployment models.

1. Scope

This policy applies to:

• Self-hosted installations of VectorVue
• Future managed SaaS offerings
• Official VectorVue services operated by NyxeraLabs

It does not apply to third-party infrastructure controlled by operators.

2. Deployment Models

2.1 Self-Hosted Version

In self-hosted deployments:

• NyxeraLabs does NOT collect operational data by default.
• All logs, credentials, and audit trails remain under operator control.
• No telemetry is transmitted externally unless explicitly enabled.

The operator is solely responsible for:

• Data protection compliance
• Secure storage
• Regulatory obligations

2.2 Future SaaS Version

In SaaS deployments, VectorVue may process:

• Account identifiers
• Authentication logs
• Role and access metadata
• Operational audit logs
• Platform usage telemetry
• Abuse detection signals

Sensitive operational artifacts remain tenant-isolated.

3. Data Categories

VectorVue may handle the following categories of data:

3.1 Account Data

• Usernames
• Email addresses
• Role assignments
• Authentication credentials (hashed)

3.2 Operational Metadata

• Execution timestamps
• Workflow actions
• Audit events
• Approval records

3.3 Security Data

• Access attempts
• Privilege escalations
• Integrity validation events
• API usage logs

VectorVue is not designed to collect personal data beyond what is required for secure account management.

4. Purpose of Processing

Data is processed for:

• Authentication and access control
• Platform integrity
• Abuse prevention
• Audit traceability
• Regulatory compliance
• Security monitoring

Data is not used for advertising or profiling.

5. Data Retention

Retention policies depend on deployment model:

• Self-hosted: defined and enforced by the operator.
• SaaS: defined by service agreement and regulatory requirements.

Audit logs may require extended retention for compliance purposes.

6. Data Security

VectorVue enforces:

• Encryption in transit (TLS)
• Encryption at rest (where configured)
• Role-based access control
• Immutable logging mechanisms

Operators must ensure infrastructure-level security controls.

7. Data Sharing

NyxeraLabs does not sell personal data.

Data may be disclosed only:

• To comply with legal obligations
• To prevent fraud or abuse
• Under explicit contractual agreement (SaaS enterprise context)

8. International Data Transfers (Future SaaS)

If SaaS is deployed internationally:

• Appropriate safeguards will be implemented
• Regulatory transfer mechanisms will be defined in service agreements

9. User Rights (SaaS Context)

Where applicable under law, users may have the right to:

• Access their personal data
• Request correction
• Request deletion
• Restrict processing
• Object to certain processing activities

Self-hosted deployments are governed by the operator’s own data policies.

10. Children’s Data

VectorVue is not intended for use by individuals under 18 years of age.

11. Changes to This Policy

This Privacy Policy may be updated to reflect:

• Platform evolution
• Regulatory changes
• SaaS deployment expansion

Material changes will be communicated where applicable.

12. Contact

For privacy-related inquiries (future SaaS context):

security@vectorvue.cloud