Privacy Policy

OrgVector ("we," "us," or "our") is operated by elrrich, LLC ("elrrich"). This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the OrgVector website and application at orgvector.elrrich.llc and related services (collectively, the "Service").

By using the Service, you agree to this policy. If you do not agree, do not use the Service.

Account and profile data: email address, name, and password credentials (or equivalent) when you register; profile fields you choose to provide; company or workspace identifiers; preferences such as language and experience mode.

Organizational data you enter: org charts, positions, departments, cost centers, salary ranges or other financial fields you add, health-check responses, assessments, scenarios, programs, versions, and related metadata needed to provide the product.

Billing data: when you subscribe, payment processing is handled by Stripe. We receive limited billing identifiers (for example, customer and subscription identifiers) and do not store full credit card numbers on our servers.

Technical and usage data: IP address, browser type, device identifiers, timestamps, and similar diagnostics to operate the Service, secure accounts, and understand usage. We use Google Analytics (GA4) on the marketing site and app to measure traffic and product usage; you can control cookies through your browser settings where applicable.

Communications: messages you send to support or feedback channels.

We use the information above to provide, maintain, and improve the Service; authenticate users; enforce plan limits and team roles; process subscriptions; send transactional emails (for example, account and billing notices); detect abuse and prevent fraud; comply with law; and respond to your requests.

We do not sell your personal information. We do not use your organizational chart data to train third-party generative AI models.

Where we rely on legal bases under GDPR or similar laws: performance of a contract (providing the Service); legitimate interests (security, analytics, product improvement), balanced against your rights; consent where required (for example, certain cookies or marketing communications); legal obligation where applicable.

We use trusted third parties to run the Service. They process data only on our instructions and under appropriate safeguards:

Supabase (database, authentication, and related infrastructure) for storing account and application data.

Vercel (hosting and edge delivery) for running the web application.

Stripe (payments and billing) for subscriptions.

Google Analytics for website and product analytics.

We may use additional subprocessors (for example, email delivery) and will update this policy or a linked page when material providers change.

We retain account and application data for as long as your account is active and for a reasonable period afterward to resolve disputes, enforce agreements, and comply with legal obligations. If you delete your account or request deletion where applicable, we will delete or anonymize personal data subject to backup retention and legal requirements.

Specific retention periods may depend on your subscription status and backups; contact us for details about your data.

We use industry-standard measures including encryption in transit (HTTPS), access controls, and reliance on security practices of our infrastructure providers. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, or to data portability. You may also withdraw consent where processing is consent-based.

To exercise these rights, contact us at the email below. You may also lodge a complaint with your local data protection authority.

California residents: we do not sell personal information as defined under the CCPA/CPRA. You may request certain disclosures and opt-outs as applicable law requires.

If you access the Service from outside the United States, your information may be processed in the United States and other countries where our providers operate. We use appropriate safeguards (such as standard contractual clauses) where required by law.

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected such information, contact us and we will delete it.

We may update this Privacy Policy from time to time. We will post the updated version on this page and indicate the "Last updated" date. Material changes may be communicated through the Service or by email where appropriate.

Questions about this Privacy Policy or OrgVector data practices: contact elrrich, LLC through https://elrrich.llc or the support channel provided in the application.

Data controller: elrrich, LLC, United States.