Enterprise-Grade Security|AES-256 Encryption|NAVIS CVS Quality Standard

Privacy Policy

Last Updated: March 22, 2026

1. Introduction

Valuation Equity Metrics, LLC, a Minnesota limited liability company doing business as VEMLogic.AI (“VEMLogic,” “we,” “us,” or “our”), operates the VEMLogic.AI platform and all associated products and services. This Privacy Policy describes how we collect, use, share, retain, and protect information in connection with your use of the Platform.

This Privacy Policy applies to all VEMLogic products and services, including but not limited to: VEMLogic Business Valuations (app.vemlogic.ai), the VEMLogic Value Modeler (sandbox.vemlogic.ai), VEMLogic Brownfield Acquisition Intelligence (brownfield.vemlogic.ai), VEMLogic Transaction Data Rooms (when launched), the VEMLogic marketing website (vemlogic.ai), and all related websites, applications, APIs, and communications.

By creating an account, accessing the Platform, uploading documents, purchasing services, or otherwise interacting with VEMLogic, you acknowledge that you have read, understood, and consent to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree to this Privacy Policy, you must discontinue use of the Platform.

This Privacy Policy should be read in conjunction with our Terms of Service, which govern your use of the Platform. Capitalized terms not defined in this Privacy Policy have the meanings given to them in the Terms of Service.

2. Information We Collect

VEMLogic collects information from and about Users in several categories, depending on how you interact with the Platform and which modules you use.

2A — Account Information

When you create an account or make a purchase, we collect your name, email address, phone number, company or organization name, job title or role, billing address, and professional credentials or certifications (if voluntarily provided). This information is necessary to create and manage your account, process transactions, and communicate with you about the Platform and your services.

2B — Transaction and Service Data

Depending on which Platform modules you use, we may collect and process: financial statements, tax returns, profit and loss statements, and balance sheets (Business Valuations); environmental reports, regulatory filings, property records, historical land use documents, and contamination assessments (Brownfield); legal documents, corporate records, contracts, and due diligence materials (Transaction Data Rooms); intake form responses, valuation parameters, modeling assumptions, scenario configurations, and transaction details (all modules); and site addresses, property descriptions, parcel information, and geographic data (Brownfield).

2C — Usage Data

We automatically collect information about how you interact with the Platform, including pages visited, features used, analysis requests submitted, reports generated and downloaded, session duration, click patterns, navigation paths, search queries entered, dashboard interactions, and error logs. This data helps us understand how the Platform is used, identify issues, and improve the user experience.

2D — Device and Technical Data

We collect technical information about the devices and networks you use to access the Platform, including IP address, browser type and version, operating system and version, device type and identifiers, screen resolution, referring URLs, and Cloudflare analytics data. This information is collected automatically through server logs and analytics tools.

2E — Payment Data

Payment processing is handled entirely by Stripe, Inc., a PCI DSS Level 1 certified payment processor. VEMLogic does not store, process, or have access to full credit card numbers, CVV codes, or bank account numbers. We retain transaction records (including amounts, dates, invoice numbers, and product descriptions), Stripe customer identifiers, and billing history for accounting, tax compliance, and customer service purposes.

2F — Communications

We retain records of communications between you and VEMLogic, including emails to and from VEMLogic support, in-platform messages and notifications, waitlist and interest form submissions, beta feedback and survey responses, and any other correspondence you send to us. These records help us provide customer support, improve our services, and maintain a record of our interactions.

2G — Cookies and Tracking Technologies

The Platform uses cookies and similar technologies for the following purposes:

  • Functional cookies: Session management, authentication state, and user preferences. These are essential for the Platform to operate correctly.
  • Analytics cookies: Usage patterns, feature adoption, and performance monitoring. Used to understand how Users interact with the Platform and to identify areas for improvement.
  • Preference cookies: User interface settings, display preferences, and language selections.

VEMLogic does not use third-party advertising cookies, retargeting pixels, behavioral tracking technologies, or data broker integrations. We do not serve advertisements on the Platform and do not share cookie data with advertising networks.

3. How We Use Your Information

VEMLogic uses the information we collect for the following purposes:

  • Providing, operating, and maintaining the Platform and all contracted services, including document processing, AI analysis, report generation, and data room management
  • Processing uploaded documents through AI analysis pipelines, including transmission to third-party AI providers for natural language processing, document extraction, and analytical review
  • Generating reports, valuations, environmental analyses, modeling outputs, risk assessments, and recommendations
  • Processing payments, managing subscriptions, issuing invoices and receipts, and handling billing inquiries
  • Communicating with you regarding service updates, analysis completion notifications, report delivery, account information, security alerts, and material changes to the Platform or these policies
  • Improving Platform accuracy, reliability, AI model performance, and analytical capabilities through ongoing analysis and refinement of processing methods
  • Developing aggregate benchmarks, industry analytics, market data compilations, and research publications using anonymized, de-identified data that cannot reasonably be used to identify any individual User
  • Training, improving, and developing AI models, analytical methods, prompt engineering, and processing algorithms using anonymized, de-identified data that cannot reasonably be used to identify any individual User
  • Ensuring Platform security, detecting and preventing fraud, investigating suspicious activity, and protecting the rights and safety of VEMLogic and its Users
  • Complying with applicable legal and regulatory obligations, including tax reporting, financial record-keeping, and responding to lawful government requests
  • Enforcing our Terms of Service and other applicable agreements

4. How We Share Your Information

VEMLogic shares User information only in the limited circumstances described below. We do not sell personal information to third parties.

4A — AI Processing Providers

Uploaded documents and text extracted from those documents are transmitted to third-party AI providers as listed in our Data Sub-Processor Schedule for AI-powered analysis, review, and verification. These transmissions occur through secure, encrypted API connections and are subject to each provider's respective data processing terms and privacy policies. VEMLogic uses API configurations that minimize data retention by AI providers where such configurations are available.

4B — Infrastructure and Service Providers

VEMLogic uses the following infrastructure and service providers, each of which processes User data as necessary to provide their respective services: Cloudflare, Inc. (hosting, content delivery network, Workers serverless computing, R2 object storage, and D1 database); Clerk, Inc. (user authentication, session management, and identity verification); Stripe, Inc. (payment processing, subscription management, and billing); Box, Inc. (enterprise document storage, collaboration, and secure file sharing); and Functional Software, Inc. d/b/a Postmark (transactional email delivery for notifications, receipts, and service communications). Each provider is subject to its own data processing agreements and privacy policies.

4C — Professional Advisors

We may share information with our legal counsel, accountants, auditors, and other professional advisors as necessary for VEMLogic's business operations, legal compliance, financial reporting, and the protection of VEMLogic's rights and interests. All such advisors are bound by professional confidentiality obligations.

4D — Business Transfers

In the event of a merger, acquisition, sale of all or a portion of our assets, corporate reorganization, bankruptcy, or similar transaction, User data may be transferred as part of the transaction. In such cases, VEMLogic will make reasonable efforts to notify affected Users of any change in ownership or control of their personal information and to ensure that the acquiring entity agrees to handle User data in a manner consistent with this Privacy Policy or provides notice of any material changes.

4E — Legal Requirements

We may disclose User information when we believe in good faith that disclosure is required by applicable law, subpoena, court order, arbitral order, or government request, or when we believe disclosure is necessary to: protect the rights, property, or safety of VEMLogic, our Users, or the public; investigate or prevent fraud, security threats, or illegal activity; enforce our Terms of Service or other agreements; or respond to an emergency involving danger of death or serious physical injury. Where legally permissible, VEMLogic will make reasonable efforts to notify affected Users before disclosing their information in response to legal process.

4F — Aggregate and De-Identified Data

We may share aggregate, anonymized, or de-identified data with partners, researchers, industry organizations, and the public for purposes including industry benchmarking, market analysis, academic research, and the publication of industry reports and trend analyses. This data is processed to ensure that it cannot reasonably be used to identify any individual User, their business, or their specific transactions. De-identification methods include aggregation across multiple data points, removal of direct identifiers, and statistical techniques to prevent re-identification.

4G — We Do Not Sell Personal Information

VEMLogic does not sell, rent, lease, or trade personal information to third parties for monetary or other valuable consideration as defined under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), or any other applicable state or federal privacy law. VEMLogic does not share personal information with third parties for cross-context behavioral advertising.

5. Data Retention

VEMLogic retains different categories of information for different periods based on the nature of the data, the purpose for which it was collected, and applicable legal requirements:

  • Account data: Retained while the account is active plus three (3) years after account closure or last activity, whichever is later. This retention period supports fraud prevention, dispute resolution, and compliance with legal obligations.
  • Uploaded documents: Retained for the duration of the active service period plus ninety (90) days to allow for report revisions, corrections, and customer support. For Brownfield Acquisition Intelligence, site document packages are retained for the duration of the site's active status plus one (1) year to support ongoing due diligence activities. Users may request earlier deletion at any time, subject to applicable legal hold requirements.
  • Platform-generated reports: Retained for five (5) years from the date of generation to support long-term reference, audit trails, and dispute resolution.
  • Usage and analytics data: Retained indefinitely in aggregate, de-identified form for trend analysis, benchmarking, and Platform improvement. Individual-level usage data is retained for two (2) years.
  • Payment records: Retained for seven (7) years per applicable financial record-keeping requirements, including IRS regulations and generally accepted accounting principles.
  • Communications: Retained for three (3) years from the date of the communication to support customer service continuity and dispute resolution.

6. Data Security

VEMLogic implements comprehensive technical and organizational security measures to protect User information from unauthorized access, disclosure, alteration, and destruction:

  • AES-256 encryption at rest for all stored documents, data, and backups across Box Enterprise, Cloudflare R2, and Supabase infrastructure
  • TLS 1.3 encryption in transit for all data transmissions between Users' browsers, the Platform, and all third-party service providers
  • Role-based access controls with least-privilege enforcement, managed through Clerk authentication and authorization
  • Enterprise-grade cloud infrastructure through trusted partners including Box Enterprise and Cloudflare
  • Regular security audits, vulnerability assessments, and penetration testing of Platform infrastructure and application code
  • Comprehensive audit logging of document access, user actions, and administrative operations
  • Incident response procedures with established protocols for detection, containment, investigation, and notification within 72 hours of a confirmed breach affecting personal data
  • Network security including web application firewalls, DDoS protection, and bot management through Cloudflare
  • Secure development practices including code review, dependency scanning, and security testing as part of the development lifecycle

Despite these measures, no method of electronic transmission or electronic storage is completely secure. VEMLogic cannot guarantee absolute security of User data. Users are responsible for maintaining the security of their own account credentials, devices, and networks. In the event of a security incident affecting your personal data, we will notify you in accordance with applicable law and our incident response procedures.

7. Your Rights and Choices

Depending on your jurisdiction and applicable law, you may have certain rights regarding your personal information. VEMLogic is committed to honoring these rights for all Users regardless of location, subject to the exceptions noted below.

7A — Access and Portability

You may request a copy of the personal data we hold about you in a structured, commonly used, and machine-readable format (such as CSV, JSON, or PDF). We will respond to verified requests within thirty (30) days. If the request is unusually complex or voluminous, we may extend this period by an additional thirty (30) days with notice.

7B — Correction

You may request correction of personal data that is inaccurate, incomplete, or outdated. You may also update your account information directly through the Platform's account settings. We will process correction requests within fifteen (15) business days.

7C — Deletion

You may request deletion of your personal data. We will honor deletion requests subject to the following exceptions: data required to be retained by applicable law (including tax and financial record-keeping requirements); data necessary to complete an ongoing service engagement; data required for the establishment, exercise, or defense of legal claims; data required for fraud prevention and Platform security; and data that has already been anonymized and aggregated in a manner that cannot reasonably be used to identify you.

Upon receiving a verified deletion request, we will delete or de-identify the applicable data within thirty (30) days and confirm completion in writing.

7D — Opt-Out of Communications

You may opt out of marketing communications (newsletters, product announcements, promotional offers) at any time by using the unsubscribe link in any marketing email or by contacting us at admin@vemlogic.ai. Transactional communications — including analysis completion notifications, payment receipts, security alerts, and material changes to the Platform or these policies — cannot be opted out of while maintaining an active account, as they are necessary for the provision of contracted services.

7E — Cookie Preferences

You may manage cookie preferences through your browser settings or through any cookie consent mechanism provided on the Platform. Please note that disabling functional cookies may impair Platform functionality, including authentication and session management. Disabling analytics cookies will not affect your ability to use the Platform.

8. State Privacy Law Compliance

8A — California (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act, including: the right to know what personal information is collected, used, shared, or sold; the right to request deletion of your personal information; the right to opt out of the sale or sharing of personal information (VEMLogic does not sell or share personal information for cross-context behavioral advertising); the right to correct inaccurate personal information; the right to limit the use of sensitive personal information; and the right not to be discriminated against for exercising your privacy rights.

To exercise your CCPA/CPRA rights, submit a verifiable consumer request to admin@vemlogic.ai. We will verify your identity before processing the request and will respond within forty-five (45) days as required by law.

8B — Virginia, Colorado, Connecticut, and Other States

Residents of Virginia (under the Virginia Consumer Data Protection Act), Colorado (under the Colorado Privacy Act), Connecticut (under the Connecticut Data Privacy Act), and other states with comprehensive consumer privacy legislation may exercise applicable rights — including access, correction, deletion, portability, and opt-out rights — by contacting admin@vemlogic.ai.

VEMLogic will respond to all verified privacy rights requests within the timeframes required by the applicable state law. If we decline to take action on a request, we will inform you of the reason and provide information about how to appeal the decision.

9. AI-Specific Data Practices

Given the central role of artificial intelligence in the Platform, VEMLogic provides the following specific disclosures regarding how User data interacts with AI systems:

  • Documents and data uploaded for AI analysis are transmitted to third-party AI providers via encrypted, authenticated API connections. Transmissions are made on a per-request basis and are not batched with data from other Users.
  • VEMLogic engages third-party AI providers as listed in our Data Sub-Processor Schedule under each provider's standard commercial API data processing terms. VEMLogic selects providers whose commercial API terms restrict the use of customer API inputs and outputs for model training, and configures its API usage to minimize data retention where such options are available.
  • VEMLogic's own internal analytics and development processes may use anonymized, de-identified data derived from document analysis to improve prompt effectiveness, refine accuracy benchmarks, optimize processing pipelines, and develop new analytical methods. No identifiable User data is used for these purposes.
  • No uploaded document content is used in its original, identifiable form for any purpose other than providing the contracted service to the User who uploaded it. All derivative uses are limited to anonymized, de-identified, and aggregated data.

VEMLogic continuously evaluates the data practices of its AI providers and will update this section as AI provider terms, capabilities, and data handling practices evolve.

10. Children's Privacy

The Platform is a business-to-business financial technology service and is not directed to, designed for, or intended to be used by individuals under the age of eighteen (18). VEMLogic does not knowingly collect, use, or disclose personal information from children under 18. If we discover that we have inadvertently collected personal information from a child under 18, we will take prompt steps to delete such information from our systems. If you believe that a child under 18 has provided personal information to VEMLogic, please contact us immediately at admin@vemlogic.ai.

11. International Data Transfers

The Platform is hosted on Cloudflare's global network, and data may be processed, stored, and transmitted in the United States and other jurisdictions where Cloudflare, our AI providers, and our other service providers maintain facilities. VEMLogic's primary operations are based in the United States.

By using the Platform, you consent to the transfer of your information to the United States and other jurisdictions where data protection laws may differ from those in your jurisdiction of residence. VEMLogic will take reasonable steps to ensure that your information receives an adequate level of protection in the jurisdictions in which it is processed, including through the use of contractual safeguards and the selection of service providers with robust privacy and security practices.

12. Changes to This Policy

VEMLogic may update, revise, or modify this Privacy Policy at any time to reflect changes in our data practices, Platform functionality, legal requirements, or business operations. The “Last Updated” date at the top of this Privacy Policy indicates the date of the most recent revision.

For material changes that substantially alter how we collect, use, or share your personal information, VEMLogic will make reasonable efforts to provide advance notice via email to the address associated with your account. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree to the revised Privacy Policy, you must discontinue use of the Platform and may request deletion of your account and personal data in accordance with Section 7C.

13. Contact

Valuation Equity Metrics, LLC

d/b/a VEMLogic.AI

General inquiries: admin@vemlogic.ai

Data protection inquiries: admin@vemlogic.ai

Effective: March 22, 2026