VistaDeep Back to Home

Privacy Policy

Last updated: December 11, 2025

VistaDeep ("we", "our", or "us") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and safeguard your information when you access or use our supply chain intelligence platform and related services ("Services").

As an Italy-based company, we process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Italian law.

1. Data Controller

The Data Controller responsible for your personal data is:

VistaDeep srl
Registered in Italy
Email: admin@vistadeep.ai

2. Types of Data We Collect

We process several categories of data through the VistaDeep platform.

2.1 Personal Data You Provide

We collect personal data that you voluntarily provide, including:

  • Name, email address, company name, and role
  • Account registration and authentication data
  • Communication preferences and support messages
  • Workspace and collaboration settings
  • Billing and subscription information (processed by third-party payment providers)

2.2 Supply Chain & Operational Data ("Customer Data")

Customers may upload, enter, or integrate business information such as:

  • Supplier, facility, and network information
  • Multi-tier dependencies and relationships
  • Operational metrics (lead times, logistics data, inventory, orders, disruptions)
  • Risk assessments, annotations, and event evaluations
  • Any additional business data the customer chooses to process within the Services

You retain full ownership of all Customer Data.

2.3 Derived Data ("System-Generated Data")

To operate the Services, the platform may generate:

  • Event or change signal interpretations
  • Risk propagation outputs
  • Vulnerability and readiness indicators
  • Simulations, predictive insights, and modeling results
  • AI-generated recommendations from our proprietary Morvela™ intelligence layer
  • System logs, metadata, and technical performance data

Derived data is created solely to power and improve the functionality of the Services.

2.4 Automatically Collected Technical Data

When you use the Services, we automatically collect:

  • IP address, browser type, device identifiers
  • Session data and access timestamps
  • Usage analytics and interaction patterns
  • Authentication status and security logs
  • Cookies and similar tracking technologies

This information helps us secure, maintain, and improve the platform.

3. How We Use Your Data

We process your data to:

  • Provide, operate, and maintain the Services
  • Enable supply chain mapping, risk detection, simulation, and analysis
  • Deliver predictive and AI-driven insights
  • Facilitate collaboration across teams and partner organizations
  • Improve platform performance and user experience
  • Prevent fraud, security threats, and misuse
  • Process payments and manage subscriptions
  • Comply with legal obligations

4. Use of AI (Morvela™) and Machine Learning

VistaDeep uses proprietary AI systems, including Morvela™, to provide insights, recommendations, and modeling capabilities.

4.1 Customer Data Is Not Used to Train Shared Models

We do not use Customer Data to train or improve generalized AI or machine learning models used across multiple customers.

4.2 Customer Data Remains Isolated

Customer environments are kept strictly separated.

No data is shared across customers unless explicitly enabled through collaboration features.

4.3 AI Outputs Are Assistive

Morvela™ provides advisory insights such as:

  • predictions
  • mitigation recommendations
  • scenario evaluations
  • impact assessments

These outputs are not guarantees and should not replace professional or operational judgment.

5. Legal Basis for Processing (GDPR)

We process data under the following legal bases:

  • Contractual necessity – to deliver the Services
  • Legitimate interests – to improve, secure, and monitor the platform
  • Consent – for certain communications or optional features
  • Compliance with legal obligations

6. Data Sharing and Disclosure

We do not sell personal data.

We may share data only in the following cases:

6.1 With Service Providers

Third-party vendors helping us operate infrastructure, security, support, analytics, and payment processing.

All processors operate under GDPR-compliant agreements.

6.2 Collaboration Features

If you invite external partners (e.g., suppliers) into shared workspaces, you control:

  • What data is shared
  • With whom
  • Under what permissions

6.3 Legal Requirements

We may disclose information to comply with applicable laws, regulations, court orders, or protect our rights.

6.4 Business Transactions

In the event of merger, acquisition, or restructuring, data may be transferred under strict confidentiality.

7. Data Security

We follow industry-standard security practices, including:

  • Encryption in transit and at rest
  • Access controls with authentication and authorization policies
  • Continuous monitoring and audit logging
  • Backup and redundancy mechanisms
  • Strict internal data handling and confidentiality policies

While we take all reasonable precautions, no system is completely secure.

8. International Data Transfers

Your data may be transferred or processed outside Italy or the EU.

When data leaves the EU/EEA, we ensure appropriate safeguards, such as:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Other GDPR-permitted mechanisms

9. Data Retention

We retain:

  • Personal data: as long as your account is active
  • Customer Data: until you delete it or request deletion
  • Backups: retained for a limited period for disaster recovery
  • System logs: retained as needed for security and compliance

When no longer needed, data is securely erased or anonymized.

10. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Withdraw consent
  • Request restriction of processing
  • Object to processing
  • Request data portability
  • File a complaint with the Italian Data Protection Authority (Garante Privacy)

To exercise your rights, contact us at: admin@vistadeep.ai

11. Cookies and Tracking Technologies

We may use cookies for:

  • Authentication
  • Session management
  • Analytics
  • Improving user experience

You may control cookies through your browser settings.

A separate Cookie Policy can be provided if needed.

12. Children's Privacy

Our Services are not intended for individuals under 18.

We do not knowingly collect personal data from minors.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

Material changes will be posted on this page with an updated "Last updated" date.

Continuing to use the Services after changes take effect constitutes acceptance of the revised Privacy Policy.

14. Contact Us

If you have any questions or requests regarding this Privacy Policy, please contact:

VistaDeep
Email: admin@vistadeep.ai