Privacy Policy

Effective May 29, 2026

This Privacy Policy explains how Vekta (“Vekta,” “we,” “us”), operated by Travis Leatherman as a sole proprietor, collects, uses, and protects information when you use the Vekta website, the Vekta plugin for Vectorworks, and related services (together, the “Service”).

We are the data controller for the personal information described here. If you have questions, contact us at hello@vekta.design.

1. Information we collect

We collect the following categories of information:

  • Account information. When you create an account we collect your email address, display name, and an encrypted password (or, if you sign in with Google, your Google profile name, email, and avatar). Authentication is handled by our provider Supabase; we never see your plaintext password.
  • Conversation and content data. When you use the AI chat, we store your messages, the assistant’s replies, and the scripts it runs, so you can revisit your conversation history. This may include document content you choose to share (see “Your drawing and document data” below).
  • Macros and Skills. Scripts and prompts you record or save are stored so you can reuse them.
  • Usage data. We log per-request token counts to enforce plan limits and understand product usage.
  • Payment information. Subscriptions are processed by Stripe. We do not store your card number; we keep only a Stripe customer reference and your plan status.
  • Contact and newsletter data. If you submit the contact form or opt into updates, we collect your name, email, and message, and (with your opt-in) add your email to our newsletter.
  • Profile facts. To make the assistant more useful, we may store short notes about how you work, which you can view and edit in your account.
  • Technical data. Basic logs such as IP address, browser/user-agent, and timestamps, used for security and debugging.

2. How we use your information

We use your information to:

  • Provide, operate, and improve the Service;
  • Process your AI requests and run the scripts you ask for;
  • Authenticate you and keep your account secure;
  • Process payments and enforce plan limits;
  • Respond to your messages and support requests;
  • Send product updates if you opted in (you can unsubscribe anytime);
  • Comply with legal obligations.

Legal bases (GDPR). Where the EU/UK GDPR applies, we rely on: performance of a contract (to provide the Service you signed up for), consent (for marketing emails, withdrawable anytime), legitimate interests (to secure and improve the Service), and legal obligation (to meet tax and compliance duties).

3. Your drawing and document data

Vekta runs inside Vectorworks and can read from and write to your active document when you ask it to. Here is exactly what happens to that data:

  • Scripts run locally on your machine through the Vekta plugin bridge. Your full drawing file never leaves your computer as a file.
  • When you chat, the relevant content needed to answer your request, for example, object data, layer names, or query results returned by a script, is sent to our AI provider, Anthropic, to generate a response, and is stored in your conversation history so you can revisit it.
  • Anthropic processes this data to serve your request and, under its commercial API terms, does not use it to train its models.
  • You can delete any conversation at any time from the palette, which removes the stored messages for that conversation.

4. How we share information

We do not sell your personal information. We share it only with service providers (“subprocessors”) who process it on our behalf to run the Service:

  • Supabase, database and authentication (United States)
  • Anthropic, AI request processing (United States)
  • Stripe, payment processing (United States)
  • Vercel, website and API hosting (United States)
  • beehiiv, newsletter delivery (United States)
  • Resend, transactional email (United States)
  • Google, optional sign-in (United States)

Each subprocessor is bound by a data-processing agreement. We may also disclose information if required by law or to protect our rights, users, or the public.

5. International data transfers

We are based in the United States and our subprocessors operate primarily in the United States. If you access the Service from the EU, UK, or elsewhere, your information will be transferred to and processed in the United States. Where required, these transfers rely on appropriate safeguards such as Standard Contractual Clauses or the EU–US Data Privacy Framework maintained by our subprocessors.

6. Data retention

We keep your information for as long as your account is active or as needed to provide the Service. Conversation history is retained until you delete it or close your account. Some records (e.g. billing and tax records) are retained longer where required by law. When you delete your account, we delete or anonymize your personal data within a reasonable period, except where retention is legally required.

7. Your rights

Depending on where you live, you may have the right to access, correct, delete, export, or restrict processing of your personal data, and to object to certain processing. EU/UK residents have these rights under the GDPR; California residents have rights under the CCPA/CPRA, including the right to know and delete personal information and to opt out of “sale” (we do not sell data). To exercise any right, email hello@vekta.design. You also have the right to lodge a complaint with your local data-protection authority.

8. Cookies

We use only the cookies necessary to keep you signed in and operate the Service. We do not currently use advertising or cross-site tracking cookies. If we add analytics in the future, we will update this policy and, where required, request your consent.

9. Security

We use industry-standard measures, encryption in transit, hashed passwords, access controls, and reputable infrastructure providers, to protect your information. No method of transmission or storage is completely secure, but we work to protect your data and will notify you and the relevant authorities of a breach where required by law.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal information. If you believe a child has provided us data, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. We will post the new version here with an updated effective date and, for material changes, notify you by email or in the app.

12. Contact

Questions or requests? Email hello@vekta.design. EU/UK residents who need an Article 27 representative may contact us at the same address and we will provide current representative details.