Privacy Policy

Last updated: March 31, 2026

VectAero takes data privacy seriously, especially given the sensitive nature of law enforcement operations. This policy explains, in plain language, what data we collect, how we protect it, and what controls your agency has over that data.

What Data We Collect

  • Agency profile information (name, ORI number, primary contact details)
  • Officer certification records (names, badge numbers, certification numbers, expiry dates)
  • Incident reports (locations, descriptions, officer assignments)
  • Technology inventory records
  • Event planning data
  • Usage analytics (page views and feature usage only — no personally identifiable information)

How Officer Certification Data Is Handled

  • Stored in encrypted Supabase PostgreSQL with Row Level Security (RLS) ensuring organization-level isolation
  • Certification documents stored in private Supabase Storage buckets — not publicly accessible
  • Each agency's data is completely isolated. There is no cross-organization access under any circumstances
  • All database connections use TLS encryption in transit

AI Document Processing

When enabled by your agency administrator, uploaded certification documents are processed by Anthropic's Claude AI for automatic field extraction. Here is exactly how that works:

  • Zero Data Retention (ZDR) is enforced on every API call. Anthropic does not store, log, or retain any document content that passes through their API.
  • Documents are never used for AI model training.
  • All processing occurs on US-based servers only.
  • Your agency administrator can disable AI processing entirely at any time under Settings → Privacy & AI.
  • An Anthropic Data Processing Agreement (DPA) is available upon request — contact support@vectaero.com.

Data Retention

  • Active account data: retained while your subscription is active
  • Incident reports: retained for 7 years in accordance with federal record-keeping requirements
  • Audit logs: retained for 5 years
  • Deleted data: permanently removed within 30 days of a deletion request

Multi-Tenant Data Isolation

  • Every piece of data is scoped to your organization via Clerk organization IDs
  • Row Level Security (RLS) is enforced at the database level — not just the application layer
  • There are no shared tables and no data mixing between agencies
  • Your data is never visible to other agencies, period

How to Request Data Deletion

  • Email support@vectaero.com with your agency name and ORI number
  • We will confirm receipt and begin processing within 5 business days
  • All data, including backups, will be permanently removed within 30 days
  • A deletion confirmation certificate will be provided for your records

Contact

For DPA requests, security questionnaires, or compliance inquiries, reach us at support@vectaero.com.