Legal

Privacy Policy

Last updated: June 18, 2026

1. Overview

Vaglica Group LLC (“Vaglica Group,” “we,” “our,” or “us”) operates the Xaedros platform at app.vaglicagroup.com. This Privacy Policy explains how we collect, use, store, and protect your information, and your rights regarding that data.

2. Information We Collect

Account data: Business name, contact name, email address, phone number, and billing information provided during registration.

Connected account data: OAuth tokens and associated permissions for Google Workspace, Gmail, Google Calendar, Google Drive, and social media platforms. Tokens are encrypted at rest using AES-256 (Fernet). We access only the data necessary to provide requested features.

Business data you provide: Leads, customer records, invoices, campaign content, and other business data you upload or import.

Usage data: Log data, audit events, API requests, and platform activity generated during your use of the platform.

Payment data: Payment processing is handled by Stripe. We do not store credit card numbers on our servers.

3. Google User Data

When you connect your Google account, we request access to Gmail (to send outreach emails and detect replies), Google Calendar (to schedule meetings), and Google Drive (to store reports). We access Google user data only to provide the features you explicitly enable. We do not sell, share, or use your Google data for advertising or training AI models. Your Google tokens are encrypted at rest. You can revoke access at any time at Google Account Permissions.

Our use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. How We Use Your Information

We use your information to: provide and operate the platform; send outreach emails from your connected account; manage leads and CRM data; generate reports and analytics; improve our AI models and platform features; communicate with you about your account; comply with legal obligations; and detect and prevent fraud and abuse.

5. Data Storage & Security

Location: All data is stored on servers located in Dallas, Texas, USA. We do not transfer your data outside the United States without explicit notice.

Encryption at rest: Server storage is encrypted at the hypervisor level (AES-256) by Vultr. API keys and OAuth tokens are additionally encrypted at the application level using Fernet symmetric encryption. File storage (Cloudflare R2) uses server-side encryption (SSE).

Encryption in transit: All connections use TLS 1.2 or higher. HTTP is automatically redirected to HTTPS. HSTS is enforced on all domains.

Access controls: Role-based access control (RBAC) limits which users can access which data. All data access is logged in an immutable audit trail.

Audit log: All write operations are recorded in an append-only audit log. Logs are retained for 90 days in our database and archived for 1 year in encrypted object storage.

6. Data Sharing

We do not sell your personal data. We do not share your data with third parties for advertising. We may share data with: (a) service providers who assist in operating the platform (AWS SES, Cloudflare R2, Anthropic, New Relic) under strict data processing agreements; (b) law enforcement when required by law; or (c) successor entities in the event of a merger or acquisition, with prior notice to you.

7. Data Retention

We retain your data for as long as your account is active. Upon account cancellation: your data is retained for 30 days to allow recovery, then permanently deleted. Audit logs are retained for up to 1 year. You may request immediate deletion by contacting support@vaglicagroup.com.

8. Your Rights

You have the right to: access your personal data (available via Settings → Data Export); correct inaccurate data; delete your data (submit request to support@vaglicagroup.com); restrict or object to certain processing; data portability (full export available in platform settings); and withdraw consent at any time. California residents have additional rights under CCPA. EU/EEA residents have rights under GDPR, including the right to lodge a complaint with your supervisory authority.

9. Cookies

We use session cookies for authentication only. We do not use advertising cookies, tracking pixels, or fingerprinting. No third-party analytics scripts are loaded on the platform.

10. Children’s Privacy

The platform is not directed to individuals under 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided data, we will delete it promptly.

11. Data Processing Agreement

Enterprise clients who require a Data Processing Agreement (DPA) for GDPR compliance may execute one at vaglicagroup.com/dpa or by contacting legal@vaglicagroup.com. We execute DPAs within 24 hours of request.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or platform notification at least 14 days before taking effect.

13. Contact

Vaglica Group LLC — privacy@vaglicagroup.com — Miami, Florida, USA