VCAL logo
VCAL
Semantic cache for LLM workloads
Legal Back to site
VCAL Legal

Privacy Policy

This Privacy Policy explains how we collect, use, and protect personal data when you visit the VCAL website, request a trial, or otherwise interact with us online. It also clarifies how VCAL Server handles your data when deployed in your own environment.

Last updated: 18 November 2025

Contents

1. Who We Are

This website is operated by VCAL Labs (“VCAL”, “we”, “us”, or “our”), the team behind VCAL Server and the open-source vcal-core library.

VCAL Labs is the data controller for personal data collected through this website and related online interactions described in this Privacy Policy.

You can contact us at: privacy@vcal-project.com.

2. Scope of this Policy

This Privacy Policy applies to personal data we collect when you:

  • visit or browse vcal-project.com and related pages;
  • request a trial license or download VCAL Server binaries, Docker images, or documentation;
  • contact us by email or via online forms (for example, support or sales requests);
  • subscribe to updates, newsletters, or other marketing communications (if available).

This Policy does not cover the data you store, process, or cache using VCAL Server in your own environment, except where you choose to share such data with us (for example, in support tickets or sample logs you voluntarily send).

3. Data We Collect

3.1 Data you provide to us

We collect personal data that you voluntarily provide, such as when you:

  • Request a trial license or download: name, surname, email address, company name (optional), role or usage context (if provided), and your choices for platform/architecture.
  • Contact us: email address, name, and any information you include in your message or support request (for example, configuration snippets, logs, or screenshots).
  • Subscribe to updates (if enabled): email address and your subscription preferences.

3.2 Data collected automatically

When you visit the Site, certain technical data is collected automatically by our hosting and security infrastructure, such as:

  • IP address and approximate location (city/region level, where available);
  • date and time of access;
  • pages viewed, referrer URL, and basic browser information;
  • HTTP status codes and error logs for debugging and security.

3.3 Optional analytics

If we enable privacy-friendly analytics, we may collect aggregated usage statistics (for example, page views or referral sources). Where possible, we configure such tools to avoid using invasive tracking cookies and to minimize personal data. Details, if applicable, will be added here and/or in a separate cookie banner.

4. How We Use Your Data

We use personal data for the following purposes:

  • To operate and secure the Site: ensuring the website functions correctly, preventing abuse, detecting and responding to technical issues, and maintaining security logs.
  • To provide downloads and trials: generating and delivering VCAL Server trial licenses, preparing download packages, and communicating any instructions or updates relating to your trial.
  • To respond to communications: answering your questions, providing technical support, handling sales inquiries, and following up on requests.
  • To improve our products and documentation: using aggregated, anonymized, or pseudonymized data (for example, which documentation pages are most visited) to refine VCAL Server, vcal-core, and related materials.
  • To send updates or marketing (where permitted): if you opt in, we may send you news, product updates, or relevant content about VCAL. You can unsubscribe at any time.
  • To comply with legal obligations: maintaining records as required by applicable law and responding to lawful requests from authorities.

6. Cookies, Logs & Analytics

Our hosting and security providers may use technical cookies or similar technologies that are strictly necessary to deliver the Site, balance traffic, and protect against malicious activity.

If we use additional cookies or analytics that are not strictly necessary, we will:

  • inform you through a banner or notice; and
  • seek your consent where required by law.

You can usually control cookies through your browser settings. However, disabling certain cookies may affect the functionality or performance of the Site.

7. VCAL Server & Telemetry

VCAL Server is designed to run entirely in your own infrastructure (for example, on your servers, Kubernetes cluster, or private cloud) and to cache prompts, embeddings, and model responses locally.

By default, VCAL Server does not send your prompts, completions, embeddings, or cached data to VCAL Labs or any external service. Any production data you process with VCAL Server remains under your control.

We may receive limited metadata about your usage if you choose to:

  • contact us for support and share logs, configuration snippets, or screenshots that you consider necessary; or
  • enable any optional call-home or telemetry functionality that we document separately (if such features exist in your version of VCAL Server).

In such cases, you are responsible for ensuring that any data you share with us is appropriately minimized, anonymized, or otherwise compliant with your own obligations as a data controller.

8. How We Share Your Data

We do not sell your personal data. We may share personal data with:

  • Service providers/Processors: trusted third parties that host our website, manage forms, send emails, or provide operational tools (for example, hosting providers, email delivery services, or analytics vendors). These providers are bound by contractual obligations to protect your data and process it only on our instructions.
  • Professional advisors: such as lawyers or accountants, where necessary for legitimate business purposes and subject to confidentiality obligations.
  • Authorities or other parties: if required by law or to protect our rights, users, or the public (for example, to comply with a legal request or to investigate security incidents).

9. International Transfers

Some of our service providers may be located outside your country, including outside the European Economic Area (EEA) or the UK. Where we transfer personal data internationally, we take appropriate steps to ensure a suitable level of protection, such as:

  • using countries recognized as providing an adequate level of protection; or
  • entering into Standard Contractual Clauses or similar contractual safeguards approved by relevant regulators.

10. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law. In general:

  • Trial and download records are retained for the duration of the trial period and for a reasonable period thereafter (for example, up to 24 months) for security, audit, and follow-up purposes.
  • Support communications are kept as long as needed to resolve your request and maintain a useful history of prior issues, unless you request deletion where applicable.
  • Technical logs are kept for shorter periods, unless required for security investigations or compliance.

We may retain aggregated or anonymized data that does not identify you for longer periods for analytics, research, or product improvement.

11. Security

We implement reasonable technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

No system is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the security of any systems where you deploy VCAL Server and for controlling who can access your environments and data.

12. Your Rights

Depending on your location and applicable law (for example, under the GDPR in the EEA/UK), you may have some or all of the following rights with respect to your personal data:

  • Right of access (to obtain a copy of your personal data);
  • Right to rectification (to correct inaccurate or incomplete data);
  • Right to erasure (“right to be forgotten”);
  • Right to restriction of processing;
  • Right to data portability;
  • Right to object to certain processing (including direct marketing);
  • Right to withdraw consent at any time, where processing is based on consent.

To exercise these rights, please contact us at privacy@vcal-project.com. We may need to verify your identity before responding to certain requests.

You also have the right to lodge a complaint with a supervisory authority, in particular in the country where you live, work, or where an alleged infringement has occurred.

13. Children’s Privacy

The Site and our products are intended for business and technical users and are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe that a child has provided us with personal data, please contact us and we will take appropriate steps to delete such data.

14. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we do, we will update the “Last updated” date at the top of this page.

We encourage you to review this Policy periodically. If we make material changes, we may also provide additional notice (for example, via a banner on the Site or by email, where appropriate).

15. Contact

If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us at:

Email: privacy@vcal-project.com