Privacy Policy

This Privacy Policy explains how Value8, Inc. (“Value8”, “we”, “our”) collects, uses, shares, and protects personal information in connection with our equity- and cap-table-management services (the “Service”). It applies to information processed when you use the Service, visit our marketing pages, or otherwise interact with us.

1. Roles

For information about you that we process to provide the Service to a customer organization (your employer or the company that issued your equity), we generally act as a processor on that customer's behalf. For information we collect directly from website visitors, account administrators, and prospects, we act as a controller. Your rights below apply to information for which we are the controller; for processor data, please contact the customer organization first.

2. Information We Collect

Account information: name, work email, role, company, and authentication identifiers (such as Firebase / Google IDs).

Equity and cap-table data: shareholder identifiers, holdings, vesting schedules, valuations, transactions, and supporting documents that you or your administrators upload.

Usage and device data: log entries, IP address, browser and device characteristics, pages and features used, timestamps, and diagnostic information.

Communications: support tickets, messages, and feedback you send us.

3. How We Use Information

We use personal information to: provide, secure, and operate the Service; authenticate users; render reports and integrations you request; communicate with you about your account and changes to the Service; comply with legal obligations; and improve product quality through aggregated analytics. We do not sell personal information, and we do not share Customer Data with third parties for their independent marketing.

4. Legal Bases (EEA / UK)

Where the GDPR or UK GDPR applies, we rely on the following legal bases: performance of a contract (to deliver the Service you requested); legitimate interests (to secure and improve the Service, prevent fraud, and conduct business operations); compliance with legal obligations; and consent (where required, e.g., for certain cookies). You can withdraw consent at any time by adjusting your settings or contacting us.

5. Sharing and Disclosure

Sub-processors: we share data with vetted sub-processors that help us run the Service (cloud hosting, authentication, analytics, email delivery). A current list is available on request and is governed by data processing agreements.

Customer organization: if you access the Service through an employer or issuer, that organization administers your account and may view related activity.

Legal: we may disclose information to comply with law, valid legal process, or to protect rights, property, or safety.

Business transfers: in the event of a merger, acquisition, or asset sale, information may be transferred subject to equivalent protections.

6. International Transfers

We are based in the United States and process information there and in other jurisdictions where our sub-processors operate. Where required, transfers from the EEA, UK, or Switzerland rely on appropriate safeguards such as Standard Contractual Clauses and supplementary measures.

7. Security

We use industry-standard administrative, technical, and physical safeguards to protect personal information, including encryption in transit and at rest, role-based access controls, short-lived authentication tokens, and continuous monitoring. SOC 2 Type II certification is in progress. No system is perfectly secure; if we become aware of a breach affecting your information, we will notify you and applicable authorities as required by law.

8. Data Retention

We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Customer Data is generally retained for the duration of the customer's subscription and for a grace period after termination, after which it is deleted or anonymized. Backups may persist for additional time on a defined retention schedule.

9. Your Rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal information; to data portability; and to withdraw consent. To exercise these rights, contact privacy@value8.ai. We will respond within the timeframes required by applicable law and may need to verify your identity before acting.

10. California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights including the right to know, delete, correct, and limit the use of sensitive personal information, and the right not to be retaliated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under the CPRA.

11. Children

The Service is not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

12. Cookies and Similar Tech

We use cookies and similar technologies for authentication, security, preferences, and product analytics. You can control cookies through your browser settings; disabling certain cookies may limit functionality. Where required, we display a cookie banner and request consent for non-essential cookies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. The “Last updated” date at the top reflects the most recent revision.

14. Contact

Questions, concerns, or data-protection requests: privacy@value8.ai. For security disclosures: security@value8.ai. EU/UK representative information is available on request.