Data privacy and GDPR

How Vulgate handles personal data, your rights under GDPR, and how to exercise them.

May 21, 2026

Vulgate complies with the EU's General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA). This article summarizes how that works in practice. For the legally binding details, read our Privacy Policy.

What personal data we collect

  • Account data — name, email address, language preference, and (optionally) profile picture.
  • Authentication data — password hashes (never the plaintext); OAuth identifiers if you sign in with Google, Facebook, or Microsoft.
  • Document content — everything you choose to upload. Treated as your data, not ours.
  • Usage telemetry — feature interactions in aggregate, anonymized where possible.
  • Billing data — name, billing address, and the last 4 digits of your card (full card data lives only with Stripe).
  • Support correspondence — emails and chat messages you exchange with our support team.

What we don't collect

  • We don't track your activity outside Vulgate.
  • We don't have third-party advertising trackers in the app.
  • We don't share data with data brokers.

Your rights under GDPR

If you live in the EU/EEA (or have GDPR rights by other route), you can:

  • Access the data we hold on you — via profile export or by contacting us.
  • Rectify inaccurate data — update your profile from Settings → My profile.
  • Erase ("right to be forgotten") — via account deletion.
  • Restrict processing — contact info@vulgate.ai.
  • Object to certain processing — contact info@vulgate.ai.

Most of these you can exercise yourself from the Settings page. For requests that need a human, email us at info@vulgate.ai — we aim to respond within 30 days as required by GDPR.

Sub-processors

Vulgate uses a small set of sub-processors to deliver the service:

  • Supabase — Postgres database and authentication.
  • Cloudflare R2 / AWS — file storage and compute.
  • Stripe — payments.
  • AssemblyAI — audio transcription.
  • OpenAI, Anthropic, Google — large language model APIs for chat and translation.
  • Sentry — error monitoring.
  • Mailgun — transactional email.
  • Mailchimp — marketing newsletter email.

The current list of sub-processors with their roles is available in our Privacy Policy.

Data Processing Agreement (DPA)

If you need a signed DPA for your records, email info@vulgate.ai.

Cookies

Vulgate uses cookies for:

  • Authentication — to keep you signed in.
  • Preferences — your language and Organization scope.
  • Analytics — anonymous usage metrics. You can opt out via the cookie banner.

We do not use advertising or social-media tracking cookies.

Reporting a privacy concern

If you believe Vulgate has mishandled your personal data, please contact us first: info@vulgate.ai. You also have the right to file a complaint with your national Data Protection Authority.

Related

Search help