Privacy Policy
VitalPath Insights, LLC
1213 Ridgeview Hts., Novato, CA 94947
Definitions
GDPR: General Data Protection Regulation Act.
Data Controller: Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.
Data Processor: Data Processor means any natural or legal person who processes the data on behalf of the Data Controller.
Data Subject: Data Subject is any living individual who is using our Service and is the subject of Personal Data.
1. Principles for processing personal data
Our principles for processing personal data are:
Fairness and lawfulness. When we process personal data, the individual rights of the Data Subjects must be protected. All personal data must be collected and processed in a legal and fair manner.
Restricted to a specific purpose. The personal data of Data Subject must be processed only for specific purposes.
Transparency. The Data Subject must be informed of how his/her data is being collected, processed and used.
2. What personal data we collect and process
VitalPath Insights collects several different types of personal data for various purposes. Personal Data may include, but is not limited to:
First name and last name
Email address
Phone number
3. How we use the personal data
VitalPath Insights uses the collected personal data for various purposes:
To provide you with services
To notify you about changes to our services and/or products
To provide customer support
To gather analysis or valuable information so that we can improve our services
To detect, prevent and address technical issues
4. Legal basis for collecting and processing personal data
VitalPath Insights legal basis for collecting and using the personal data described in this Data Protection Policy depends on the personal data we collect and the specific context in which we collect the information:
VitalPath Insights needs to perform a contract with you
You have given VitalPath Insights permission to do so
Processing your personal data is in VitalPath Insights legitimate interests
VitalPath Insights needs to comply with the law
5. Retention of personal data
VitalPath Insights will retain your personal information only for as long as is necessary for the purposes set out in this Data Protection Policy.
VitalPath Insights will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
6. Data protection rights
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. If you wish to be informed what personal data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
The right to access, update or to delete the information we have on you
The right of rectification
The right to object
The right of restriction
The right to data portability
The right to withdraw consent
7. Physical Security
VitalPath Insights operates as a remote-first agency and does not manage or store client data on-premises or in self-hosted environments. All sensitive data is stored securely in trusted third-party cloud platforms (e.g., Google Workspace), which maintain industry-leading physical security standards, including:
24/7 monitored data centers with multi-factor access controls
Biometric and badge-restricted entry
Redundant power and fire protection systems
ISO 27001, SOC 2, and GDPR-compliant infrastructure
Our internal physical security practices include:
Use of encrypted, password-protected devices by all team members
Two-factor authentication for all cloud platforms
Secure home office setups for remote work
No printing or physical storage of participant or client data
Strict confidentiality agreements for all employees and contractors
If you have any questions about our physical or data security practices, please contact us at info@vitalpathinsights.com.