VennBrief

Privacy & Security

Your data confidentiality is our top priority. Here you'll find everything about how we process, protect, and handle your information.

Last updated: 9 Februarie 2026

1. Introduction

Venn ("we", "our") is committed to protecting our users' privacy. This policy explains how we collect, use, and protect your personal information when you use our platform. We believe in full transparency - that's why this page covers not only your personal data, but also how our AI technology works and how your uploaded documents are handled.

2. Data we collect

We collect the following types of information:

  • Account information: name, email address, password (stored securely using one-way hashing - we never store your password in plain text)
  • Evaluation data: your answers to the evaluation questions and the AI-generated conversation
  • Uploaded documents: contracts or other PDF files you choose to upload for contract review analysis
  • Usage data: how you interact with the platform (pages visited, features used)
  • Technical data: IP address, browser type, device type

3. AI Technology We Use

Venn uses advanced artificial intelligence to analyze your partnership evaluations and generate decision briefs. Here's what you need to know:

  • AI Provider: We use OpenAI's language models (GPT family) for all AI-powered analyses
  • How it works: Your evaluation answers are sent to OpenAI's API for processing. The AI generates insights, scores, and recommendations based on your responses
  • No AI training on your data: OpenAI does not use data submitted through their API to train their models. Your information is processed and discarded by OpenAI after generating the response
  • No human review: Your evaluation answers and documents are processed exclusively by AI systems. No Venn employee or OpenAI staff reads your individual responses
  • AI limitations: AI-generated analyses are for informational purposes. They do not constitute legal, financial, or business advice. Final partnership decisions remain entirely yours

4. How We Handle Uploaded Documents

When you use the contract review feature and upload documents (PDF files), here is exactly what happens:

  • Storage: Documents are stored in encrypted cloud storage (Supabase Storage) associated with your account and specific evaluation
  • Processing: Documents are processed by our AI system to extract relevant information for your contract analysis. The text content is sent to OpenAI's API for analysis
  • Access control: Only you can access your uploaded documents. They are linked to your user account and cannot be accessed by other users
  • No sharing: We never share your uploaded documents with third parties, other users, or use them for any purpose other than your specific contract review
  • Deletion: You can request deletion of your documents at any time. When you delete your account, all associated documents are permanently removed from our storage
  • File limits: Maximum file size is 20MB per document, PDF format only, up to 10 documents per evaluation

5. How We Use Your Data

We use your data exclusively to:

  • Provide the evaluation and analysis services you requested
  • Generate your partnership compatibility reports (Decision Briefs)
  • Analyze uploaded contracts as part of the contract review feature
  • Communicate with you about your account and services
  • Improve our platform and AI analysis quality (using aggregated, anonymized data only)

6. Data Sharing & Third-Party Processors

We do not sell your personal data. We do not share your data for marketing purposes. The following third-party services process data on our behalf:

OpenAI (API processing): Processes evaluation answers and document text to generate AI analyses. OpenAI operates under strict data processing agreements and does not use API data for model training. Data is sent to OpenAI's API for processing only and is not retained by OpenAI

Supabase (EU servers): Provides our database and file storage infrastructure. All data is stored on European Union servers. Data is encrypted at rest and in transit

Vercel (EU servers): Hosts our web application on European infrastructure. Serves only the application - does not store your evaluation data

All third-party processors are bound by data processing agreements that comply with GDPR requirements.

7. Data Retention

We retain your data as follows:

  • Account data: Retained as long as your account is active. Deleted within 30 days of account deletion request
  • Evaluation data and reports: Retained as long as your account is active so you can access your Decision Briefs
  • Uploaded documents: Retained as long as your account is active. Permanently deleted upon account deletion
  • AI processing data: Not retained by OpenAI after response generation. Venn stores only the final analysis results
  • Technical logs: Retained for up to 90 days for security and debugging purposes, then automatically deleted

8. Data Security

We implement multiple layers of security to protect your data:

  • Encryption in transit: All data is transmitted over HTTPS/TLS
  • Encryption at rest: Database and file storage are encrypted at rest
  • Access controls: Strict role-based access controls ensure only authorized systems access your data
  • Authentication: Secure authentication with encrypted password storage
  • Isolation: Each user's data is logically isolated - you can only access your own evaluations and documents

9. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right to access: Request a copy of all personal data we hold about you
  • Right to rectification: Correct any inaccurate personal data
  • Right to erasure: Request permanent deletion of your data ("right to be forgotten")
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to certain types of data processing
  • Right to restrict processing: Request that we limit how we use your data

We respond to all rights requests within 30 days. To exercise any of these rights, contact us at the address below.

10. International Data Transfers

Our database and hosting infrastructure (Supabase, Vercel) operate on EU servers, keeping your data within the European Union. For AI processing, evaluation data is sent to OpenAI's API, which may involve transient processing outside the EU. This transfer is protected by Standard Contractual Clauses (SCCs) approved by the European Commission and OpenAI's data processing agreement, which ensures your data is not retained after processing.

11. Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will notify you by email or through a prominent notice on our platform. We encourage you to review this page periodically.

12. Contact Us

For any privacy-related questions, concerns, or to exercise your rights, contact us:

Email: privacy@venn.ro