VontosVontos
Legal

Privacy Policy

How we collect, use, and protect your information

Last updated: March 1, 2026

At Vontos, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services. Please read this policy carefully to understand our practices regarding your data.

Information We Collect

  • Account Information: When you create an account, we collect your name, email address, organization name, and role.
  • Usage Data: We collect information about how you interact with our platform, including features used, content created, and time spent.
  • Student Data: When institutions use Vontos, student data is collected as directed by the institution, including learning evidence, assessments, and progress information.
  • Technical Data: We automatically collect device information, browser type, IP address, and cookies for platform functionality.

How We Use Your Information

  • Provide, maintain, and improve our services
  • Process and complete transactions
  • Send administrative information and updates
  • Respond to inquiries and provide customer support
  • Analyze usage patterns to improve user experience
  • Comply with legal obligations and protect our rights

Data Sharing and Disclosure

  • We do not sell personal information to third parties.
  • We may share data with service providers who assist in operating our platform (hosting, analytics, customer support).
  • We may disclose information when required by law or to protect our rights and safety.
  • Institutions control their own student data and may export or delete it at any time.

Student Data Protection

  • We comply with FERPA (Family Educational Rights and Privacy Act) requirements.
  • Student data is owned by the institution and processed only as directed.
  • We implement strict access controls and encryption for all student information.
  • We do not use student data for advertising or marketing purposes.
  • Institutions can request complete deletion of their data at any time.

Data Security

  • We use industry-standard encryption (TLS 1.3) for data in transit.
  • All data at rest is encrypted using AES-256 encryption.
  • We conduct regular security audits and penetration testing.
  • Access to data is restricted based on role and necessity.
  • We maintain SOC 2 Type II compliance for enterprise customers.

Your Rights and Choices

  • Access: You can request a copy of your personal data.
  • Correction: You can update or correct your account information.
  • Deletion: You can request deletion of your account and associated data.
  • Portability: You can export your data in standard formats.
  • Opt-out: You can opt out of non-essential communications.

International Data Transfers

  • Vontos is based in the United States. Data may be transferred to and processed in the US.
  • We implement appropriate safeguards for international transfers, including Standard Contractual Clauses.
  • For EU/EEA users, we comply with GDPR requirements.

Changes to This Policy

  • We may update this policy periodically. We will notify you of significant changes via email or platform notification.
  • Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us

  • If you have questions about this Privacy Policy or our data practices, please contact us at:
  • Email: privacy@vontos.io
  • Address: Vontos Inc., 123 Education Lane, San Francisco, CA 94105