Privacy Policy

Last updated: November 26, 2025

Introduction

VAKE Consulting, a company registered in the United Arab Emirates ("we", "us", or "our") operates the SAP SuccessFactors AI Assistant service (the "Service"). This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We are committed to protecting your privacy and ensuring the security of your personal information. This policy applies to all users of our Service, including HR administrators, managers, employees, and support staff.

Information We Collect

Account Information

  • Email address
  • Name and organization name
  • Role and permissions within your organization
  • Billing information (processed securely through Stripe)

Service Configuration

  • SAP SuccessFactors API credentials (encrypted)
  • AI provider API keys (encrypted)
  • User preferences and settings
  • Team structure and role assignments

Usage Data

  • API call logs and usage metrics
  • Chat conversation history (optional, can be disabled)
  • Feature usage patterns
  • Error logs and debugging information

SAP SuccessFactors Data

Important: We do not permanently store your SAP SuccessFactors employee data. This data is only accessed in real-time when you make queries and is not retained after the session ends.

How We Use Your Information

We use the collected information for the following purposes:

Service Delivery

  • Authenticate and authorize your access to the Service
  • Process your queries to SAP SuccessFactors
  • Provide AI-powered assistance and automation
  • Generate reports and analytics as requested

Service Improvement

  • Analyze usage patterns to improve features
  • Debug and fix technical issues
  • Develop new functionality based on user needs
  • Optimize performance and response times

Communication

  • Send service updates and maintenance notifications
  • Respond to support requests
  • Notify about billing and subscription changes
  • Share important security alerts

Legal and Compliance

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect against fraudulent or illegal activities
  • Respond to legal requests when required
Data Security

We implement industry-standard security measures to protect your data:

Encryption

  • All sensitive data (API keys, credentials) encrypted using AES-256
  • TLS/SSL encryption for all data in transit
  • Encrypted storage in Google Cloud Platform

Access Control

  • Role-based access control (RBAC)
  • Multi-factor authentication available
  • Regular security audits and reviews
  • Principle of least privilege for data access

Infrastructure Security

  • Hosted on Google Cloud Platform with SOC 2 compliance
  • Regular security updates and patches
  • Automated backup and disaster recovery
  • DDoS protection and rate limiting

Note: While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

Data Sharing and Third Parties

We do not sell, trade, or rent your personal information. We may share your information only in these circumstances:

Service Providers

  • Stripe: Payment processing (PCI DSS compliant)
  • Google Cloud: Infrastructure and hosting
  • Firebase: Authentication and database services
  • AI Providers: Anthropic Claude (default), and optionally OpenAI, Google Gemini, xAI Grok (if configured by customer with their own API keys)
AI Provider Data Handling

Anthropic Claude (Default Provider):

  • API logs stored for 7 days only (as of September 15, 2025)
  • Your data is NEVER used for model training
  • Content flagged for policy violations may be retained up to 2 years (inputs/outputs) or 7 years (classification scores)
  • Zero-Data-Retention (ZDR) agreements available for enterprise customers upon request
  • Full policy: Anthropic Data Retention

Other AI Providers (Optional):

  • If you configure OpenAI, Google Gemini, or xAI Grok with your own API keys, their respective data retention and privacy policies apply
  • We recommend reviewing each provider's data policy before enabling them
  • VAKE has no control over third-party AI provider data practices when you use your own API keys

Legal Requirements

We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights or the safety of others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

With Your Consent

We may share your information for other purposes with your explicit consent.

Data Retention

Active Accounts

We retain your account information and configuration data for as long as your account is active or as needed to provide you services.

After Account Termination

  • Account data: Deleted within 90 days
  • Backup copies: Removed within 180 days
  • Legal records: Retained as required by law
  • Anonymized usage data: May be retained indefinitely

Chat History

Chat conversation history (if enabled) is retained for 30 days by default. You can delete your chat history at any time through the application settings.

Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal data:

Access and Portability

You have the right to access your personal data and request a copy in a portable format.

Correction

You can update or correct your information through your account settings or by contacting support.

Deletion

You can request deletion of your account and associated data. Some information may be retained for legal or legitimate business purposes.

Restriction and Objection

You can request that we restrict processing of your data or object to certain types of processing.

Opt-Out

You can opt out of marketing communications at any time through your account settings or by clicking the unsubscribe link in emails.

To exercise any of these rights, please contact us at privacy@vakeconsulting.com. We will respond to your request within 30 days.

Customer Responsibility and Disclaimer

Important: Customer Data Responsibility

By using this Service, you acknowledge and agree that:

  • You are solely responsible for the use of this Service and any data you choose to process through it
  • VAKE Consulting is not responsible for:
    • How you use the AI assistant or what queries you submit
    • The accuracy, completeness, or appropriateness of AI-generated outputs
    • Compliance with your organization's internal policies or industry regulations
    • Actions taken based on AI suggestions or recommendations
    • Any damages, losses, or liability resulting from your use of the Service
    • Third-party AI provider data handling when you use your own API keys
  • You must ensure compliance with all applicable data protection laws (GDPR, CCPA, etc.) for your jurisdiction
  • You should review the data retention and privacy policies of all AI providers you choose to use
  • You understand that AI models may occasionally produce inaccurate or inappropriate outputs, and you are responsible for verifying all results before taking action

This Service is provided as a tool to assist with SAP SuccessFactors operations. Final decisions and actions remain the responsibility of the customer. Always verify critical information before making business decisions.

International Data Transfers

As we are based in the United Arab Emirates, your information may be transferred to and processed in the UAE and other countries where our service providers operate, including the United States where our cloud infrastructure providers are located.

We ensure appropriate safeguards are in place for international transfers, including:

  • Compliance with UAE data protection regulations
  • Standard contractual clauses approved by the European Commission for EU data transfers
  • Adherence to international data protection standards
  • Ensuring all data processors maintain adequate security measures

By using our Service, you consent to your information being transferred to and processed in the UAE and other countries where we or our service providers operate.

Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes

We encourage you to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

VAKE Consulting

Registered in: United Arab Emirates

Email: privacy@vakeconsulting.com

Support: support@vakeconsulting.com

Website: www.vakeconsulting.com

For data protection inquiries specific to GDPR, you may also contact our Data Protection Officer at dpo@vakeconsulting.com