Privacy Policy

Last updated: 8 July 2026

This Privacy Policy explains how Vento Group Ltd ("Vento.AI", "we", "us") collects, uses and protects personal data when you use our website (https://ventogroup.uk) and the Vento.AI platform. We are committed to protecting your privacy in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who we are

Vento Group Ltd is the data controller for personal data relating to our account holders and website visitors. Company number [COMPANY NUMBER]; registered office [REGISTERED OFFICE ADDRESS], United Kingdom. We are registered with the UK Information Commissioner's Office (ICO) under reference [ICO REGISTRATION NUMBER]. You can contact us at privacy@ventogroup.uk.

2. Our two roles

Vento.AI is a business tool used by HVAC / air-conditioning installers. Depending on the data, we act as either:

  • A controller — for data about our account holders and their staff (names, emails, business details, billing and usage data). This policy governs that data.
  • A processor— for the personal data our business customers enter about their own clients (e.g. a homeowner's name, address and survey details). The installer is the controller of that data; we process it only on their instructions under our Terms of Service (which include a data-processing agreement).

3. Personal data we collect

  • Account & profile — name, work email, phone, role, organisation name and address.
  • Customer & job data — details you enter about your clients, properties, surveys, room designs and proposals (processed on your behalf).
  • Billing — subscription plan and payment status. Card details are handled directly by Stripe; we never store full card numbers.
  • Content you provide — survey photos, notes, signatures on proposals, and messages to our AI assistant.
  • Technical & usage — IP address, device/browser type, log and diagnostic data, and essential cookies (see our Cookie Policy).

4. How we use personal data and our lawful bases

  • To provide the service (create accounts, run surveys, generate proposals, take payments) — performance of a contract.
  • To bill and manage subscriptionscontract and legal obligation (tax/accounting).
  • To secure the platform (rate limiting, fraud/abuse prevention, audit logging) — legitimate interests.
  • To improve and support the productlegitimate interests.
  • To send service emails (confirmations, proposal and installation notices) — contract. Any marketing email is sent only with your consent, which you can withdraw at any time.

5. AI features

Vento.AIincludes AI features (the "Flow" assistant and proposal text suggestions) powered by Anthropic's Claude models. When you use these features, the relevant text is sent to Anthropic to generate a response. This data is not used to train their models. Do not enter special-category personal data into these features.

6. Sharing your data

We do not sell personal data. We share it only with the service providers (sub-processors) that help us run the platform, each bound by contract to protect it:

ProviderPurposeLocation
SupabaseDatabase, authentication, file storage & backend hostingEU (Ireland)
VercelApplication hosting & content delivery networkEU & global edge
StripeCard payment processing & subscription billingEU / USA (SCCs)
GoCardlessDirect Debit payment processingUnited Kingdom
ResendTransactional email deliveryUSA (SCCs)
AnthropicAI assistant & proposal text generation (Claude)USA (SCCs)
Google Maps PlatformAddress autocomplete & static map imagesUSA (SCCs)

We may also disclose data where required by law, or to establish, exercise or defend legal claims.

7. International transfers

Some providers process data outside the UK/EEA. Where they do, we rely on the UK International Data Transfer Agreement or Addendum to the EU Standard Contractual Clauses, plus appropriate safeguards, to protect your data.

8. How long we keep it

We keep account and customer data for as long as your account is active and for a reasonable period afterwards to meet legal, tax and accounting obligations (typically up to 6 years for financial records). We delete or anonymise data when it is no longer needed. You can ask us to delete your organisation's data at any time from Settings or by contacting us.

9. Security

We protect data with encryption in transit and at rest, strict tenant isolation (row-level security), access controls, rate limiting and audit logging. No system is perfectly secure, but we take reasonable and appropriate technical and organisational measures to safeguard your data.

10. Your rights

Under UK data protection law you have the right to: access your data; correct inaccurate data; erase data; restrict or object to processing; data portability; and withdraw consent. To exercise any of these, email privacy@ventogroup.uk. You also have the right to complain to the ICO (ico.org.uk), though we'd appreciate the chance to help first.

11. Cookies

We use only essential cookies needed to sign you in and keep the platform secure. See our Cookie Policy for details.

12. Children

Vento.AI is a business tool and is not intended for anyone under 18. We do not knowingly collect data from children.

13. Changes to this policy

We may update this policy from time to time. We will post the new version here and update the "last updated" date; material changes will be notified in-app or by email.

14. Contact

Questions about this policy or your data? Email privacy@ventogroup.uk or write to us at [REGISTERED OFFICE ADDRESS], United Kingdom.