Privacy Policy

Note: For information regarding data security of your training data provided via the Vanna Python package, please see our Data Security FAQ .

Date Last Revised: April 11, 2024

This Privacy Policy describes the data collection practices of Vanna AI, Inc. (“Vanna”, “we”, “us” and/or “our”). This Privacy Policy applies to all websites owned and operated by us and related online and offline services (collectively, the “Services”). Vanna AI, Inc. (2490 Black Rock Turnpike #320, Fairfield, CT 06825-2400) is the controller of your personal data to the extent we collect such data from you in connection with the Services.

Please read this Privacy Policy carefully to understand how we handle your information. This Privacy Policy should be read together with, and is incorporated into, the Vanna Terms of Use (“Terms of Use”). If you are a customer using the Services to access our solutions or data products pursuant to an agreement between you and Vanna (such as a license agreement), then your use of the Services is also governed by the applicable agreement(s) entered into between you and Vanna, which may include applicable privacy-related provisions. Except as otherwise stated, this policy does not apply to de-identified and aggregate data that we obtain or collect to build our data products.

‍What Information We Collect

Information You Provide To Us

Contact information, including first name, last name, email address, phone number, company name; Registration information, including username, password, and phone number; Business demographic information, including position, title, business address, business e-mail address, and phone, and the size, location, and needs of your company; Other information, including information and feedback you provide to us through a questionnaire, application, communication, or customer support inquiry.

Information We Collect Through Automated Means

We automatically collect certain information about the computer or devices you use to access the Services. For example, we may collect and analyze information, such as the IP address of the device you use to the access the Services; device information and location; browser type; pages and files viewed; searches, filter actions and other queries; referring website; operating system; system configuration information; and frequency of visits to the Services. We also collect certain information about the ways that you use and interact with the Services.

We use a variety of online tracking and analytics tools (e.g., cookies, flash cookies, pixel tags, and HTML5) to collect and analyze information as you use the Services. Among other things, these technologies allow us to offer you a more tailored experience in the future.

We also use third-party web analytics services (such as those of Google Analytics, Hubspot, and Amazon Web Services) on our Services to collect and analyze information collected through these tracking and analytics technologies to assist us in auditing, research, or reporting; fraud prevention; and providing certain features to you. Additionally, we may collect on a real-time basis information on how you use and navigate the Services. This may include mouse movements and how you scroll through the Services.

The types of tracking and analytics tools we and our service providers use for these purposes are:

“Cookies” are small data files stored on your computer or device to collect information about your use of the Services. Cookies may enable us to recognize you as the same user who used our Services in the past, and relate your use of the Services to other information we have about you. Cookies may also be used to enhance your experience on the Services (for example, by storing your username) and/or to collect general usage and aggregated statistical information. Most browsers can be set to detect cookies and give you an opportunity to reject them, but refusing cookies may, in some cases, limit your use of our Services or features. Please note that by blocking, disabling, or managing any or all cookies, you may not have access to certain features or offerings of the Services. “Local shared objects,” or “flash cookies,” may be stored on your computer or device using a media player or other software. Local shared objects operate much like cookies, but cannot be managed in the same way. Depending on how local shared objects are enabled on your computer or device, you may be able to manage them using software settings. For information on managing flash cookies, for example, click here. A “pixel tag” (also known as a “clear GIF” or “web beacon”) is a tiny image – typically just one pixel – that can be placed on a web page or in our electronic communications to you in order to help us measure the effectiveness of our content by, for example, counting the number of individuals who visit us online or verifying whether you’ve opened one of our emails or seen one of our web pages. “HTML5” (the language some websites, such as mobile websites, are coded in) may be used to store information on your computer or device. You can learn more about opting-out of analytics from our third-party providers by visiting their respective opt out pages and the Digital Advertising Alliance. Please note that using these opt out options does not mean that you will not receive advertising while using the Services or while you are browsing the web. We are not responsible for maintaining these opt out choices or for the advertising activities of third parties.

Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari). Please note that by blocking, disabling, or managing any or all cookies, you may not have access to certain features or offerings of the Services.

Information We Collect from Other Sources

We collect information from third party sources, such as third party service providers, third party providers of business contact information, other individual(s) at your organization, or publicly available sources. This information may include log-in and verification information; name, telephone number, email address, physical address and other contact information; company name, occupation, title, and other professional or employment information; education information; commercial information; internet activity information; and inferences about preferences and behaviors.

How We Use Your Information

We and our service providers may use the information described above for the following purposes:

to operate, maintain, and provide to you the features and functionality of our Services; to process, manage, and respond to your registration, inquiries, and requests; to communicate with you and notify you of important changes to our Services; to complete transactions with you when you register for our Services; to personalize your experience and our communications with you; to send you information and promotional materials about our company, our products and services; to provide you with seminars and webinars; to improve our products and services, including providing you with more material you are interested in and the design and layout of our Services; to provide customer support; and to secure our Services, prevent fraud, enforce the legal terms that govern your use of the Services, provide customer service support, monitor, investigate, and protect the performance, integrity and security of our Services, and serve other legal purposes. Combined Information. For the purposes discussed in this Privacy Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Privacy Policy.

Aggregate/De-Identified Information. We may aggregate and/or de-identify any information collected through the Services so that such information can no longer reasonably be linked to you or your device (“Aggregate/De-Identified Information”). This may include information regarding your usage of the Services. We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors, in our discretion.

If you are an individual from the European Economic Area (“EEA”), the UK, or Switzerland, our legal bases under the General Data Protection Regulation (“GDPR”) for using your personal information are as follows:

Where we have your consent to do so; Where use of your information is necessary to perform our obligations under a contract with you (e.g., to comply with the Terms of Use and deliver the Services); Where use of your information is necessary for our legitimate interests or the legitimate interest of others (e.g., to operate our Services; provide security for our Services; prevent fraud; analyze use of and improve our Services; and for similar purposes); and Where use of your information is necessary to comply with applicable legal obligations.

How We Disclose Your Information

We may disclose all of the categories of information identified above as follows:

With Service Providers, including providers of data storage, web hosting, customer service, security, analytics, advertising, and fraud prevention; With Business Partners, such as businesses with which we partner to offer you certain products, services, and promotions that may be of interest to you; With Affiliates, including any parent company, subsidiaries, joint ventures or other companies under common control (“Affiliates,”), in which case we will require such Affiliates to honor this Privacy Policy; With Customers with Whom You Are Affiliated, such as if you use our Services as an authorized user of our customer, we may share your information with the affiliated customer responsible for your access to the Services, for example to verify accounts and activity, investigate suspicious activity, or enforce our terms and policies; In Connection with Legal Proceedings, such as when we believe disclosure is appropriate to respond to court orders, judicial or other official government requests, subpoenas, or warrants in the manner legally required; to defend against legal claims; or as otherwise required by law; For the Protection of Vanna and Others, such as when we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; to establish or exercise our legal rights; or to enforce this Privacy Policy, our Terms of Use, or any other agreement; In Connection with Corporate Transactions, such as in the event that Vanna is involved in, or is contemplating, a merger, acquisition, sale, bankruptcy, insolvency, reorganization, receivership, assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, or other change of control; or With Your Consent, such as if you have consented to additional sharing of your information, including as set out in this Privacy Policy.

Your Choices and Rights

Marketing Communications. You may instruct us not to use your information to contact you by email, postal mail, or phone regarding products, services, updates, promotions and special events that might appeal to your interests by contacting us using the information below. You may do so by: following the instructions located at the bottom of marketing email messages you receive from us or emailing us at Please note that, regardless of your request, we may still use and share certain information as permitted by this Privacy Policy or as required by applicable law. For example, you may not opt out of certain operational emails, such as those reflecting our transactions with you or services we provide to you.

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website for online advertising and analytics purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals.

Consumer Privacy Rights. Depending on the laws of your local jurisdiction, you may have certain rights and choices with respect to your information. For example, under local laws, you may be able to ask us to:

Provide access to certain information we hold about you; Update or correct your information; Delete certain information; and/or Restrict the use of your information. We will consider all requests and provide our response within the time period required by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances. For example, if we need to keep processing your information for our legitimate interests or to comply with a legal obligation, we may not be able to delete certain personal information. We will let you know where this is the case or if certain rights don’t apply in your country or state of residence. We may request you provide us with information necessary to verify your identity before responding to your request as required or permitted by applicable law.

You can access and update certain information we hold about you at any time by logging into your account via the Services. For other requests to review, update, delete, or otherwise limit our use of information that you have provided directly to us, you may contact

If you are a California resident, please see the “Privacy Information for California Residents” section immediately below for information about your specific rights under California law.

Privacy Information for California Residents. In many cases, if you are a California resident, the California Consumer Privacy Act, or “CCPA,” allows you to make certain requests about your personal information, as that term is defined in the CCPA. Specifically, unless certain exceptions apply, the CCPA allows you to request us to:

Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we share/disclose personal information. Provide access to and/or a copy of certain personal information we hold about you. Delete certain personal information we have about you. Provide you with information about certain financial incentives that we offer to you, if any. You also have certain rights under the CCPA not to be subject to certain negative consequences for exercising CCPA rights.

We reserve the right to verify your identity before responding to a request, which may include, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name, email address, phone number, or other information. You are also permitted to designate an authorized agent to submit certain requests on your behalf. In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorized agent’s request.

Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Services to you or to comply with legal obligations, so we would need to either reject your request to delete the information or, if we are legally permitted to delete it, we would need to terminate our provision of Services to you after deleting it. If you would like to exercise any of your rights under California law, please contact us at or at 2490 Black Rock Turnpike #320, Fairfield, CT 06825-2400.

Collection, Use, and Disclosure of Californians’ Personal Information

During the twelve months leading up to the effective date of this Privacy Policy, we collected (and continue to collect) all of the categories of personal information described in the “What Information We Collect” section of our Privacy Policy, including identifiers (such as name, address, email address and other contact information); professional or employment related information (such as your position and title, and company’s name, size, location, and needs); financial data; internet or other network or device activity, and other information described in our Privacy Policy; and other information that identifies or can be reasonably associated with you.

This data was and continues to be used for providing our Services, sending communications, personalizing the Services, engaging in transactions, improving the Services, enforcing legal terms, investigation and prevention of security issues and abuse, and compliance with laws, as described in more detail in the “How We Use Your Information” section of this Privacy Policy.

California residents may opt out of the “sale” of their personal information. We do not “sell” California residents’ personal information under the CCPA, based on our current understanding of the definition of sell. We do share certain information as set forth in “How We Disclose Your Information” section and in the chart below, and allow third parties to collect certain information about your activity, for example through cookies, as explained in “What Information We Collect” section. We also share deidentified patient information, which was deidentified pursuant to the deidentification methodology described in Section 164.514(b)(1) of Title 45 of the Code of Federal Regulations, commonly known as the HIPAA expert determination method.

During those 12 months, we made the following disclosures of personal information about Californians for the purposes described in the:

Category of personal information Categories of third parties to which it was disclosed Contact information, including first name, last name, email address, phone number, company name Your business; vendors who help us, such as data storage and hosting providers, email and notification service providers, analytics providers, network and system management providers, communication tools, IT support providers, and CRM providers (“Vendors”); other individuals, services, and partners at your request; entities involved in actual or potential significant corporate transactions; entities for legal purposes Registration information, including username, password, and phone number Vendors; entities involved in actual or potential significant corporate transactions; entities for legal purposes Business information, such as position, title, business address, business e-mail address, and phone, and the size, location, and needs of your company Your business; Vendors; entities involved in actual or potential significant corporate transactions; entities for legal purposes Financial information, such as credit card or bank account information Vendors Other information described in the Information We Collect Through Automated Means section above, some of which is personal information Vendors; entities involved in actual or potential significant corporate transactions; entities for legal purposes Inferences collected from third parties and based on the information we collect Vendors; entities involved in actual or potential significant corporate transactions; entities for legal purposes Information provided via research, surveys, sweepstakes, and/or other marketing research efforts Vendors; entities involved in actual or potential significant corporate transactions; entities for legal purposes Customer support inquiries Vendors; entities involved in actual or potential significant corporate transactions; entities for legal purposes California Shine the Light. California’s “Shine the Light” law gives California residents the right under certain circumstances to request information from us regarding the manner in which we share certain categories of “personal information” (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.

Privacy Rights for Nevada Residents. Under Nevada law, certain Nevada residents may opt out of the “sale” of “covered information” (as such terms are defined under Nevada law) for monetary consideration to a person for that person to license or sell such information to additional persons. “Covered information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online. We do not engage in such activity as of the effective date of this Privacy Policy; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of the sale of your covered information under Nevada law by emailing us at Please note we may take reasonable steps to verify your identity and the authenticity of the request.

Children’s Privacy

Our Services are not directed at or structured to attract children under the age of 18, and we do not knowingly collect or maintain personal information from persons under the age of 18. If we learn that we have inadvertently collected personal information (as defined by the United States Children’s Online Privacy Protection Act) from a child under the age of 18 without parental consent, we will take reasonable steps to delete the personal information as soon as reasonably possible. If you believe that we might have any personal information from a child under 18, please contact us at

This Privacy Policy applies only to the Services. This Services may contain links to third-party services, websites, or applications. If you choose to use these third-party services, or features, you may disclose your information not just to those third parties but also to their users and the public more generally, depending on how their services function. We are not responsible for the content or practices of such third-party services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third-party services, and not this Privacy Policy. We urge you to read the privacy and security policies of these third parties.


Although we take certain measures to protect your information, no method of security is perfect. By using our Services, you acknowledge and accept that we cannot guarantee the security of your information, and that you provide information to us at your own risk. You are responsible for keeping your username and password confidential.

Changes to our Privacy Policy

We reserve the right to modify this Privacy Policy at any time. We will make the revised Privacy Policy accessible through the Services, so you should review the Privacy Policy periodically. You can know if the Privacy Policy has changed since the last time you reviewed it by checking the “Date Last Revised” at the beginning of this Privacy Policy. If we make a material change to this Privacy Policy, we will provide you with notice in accordance with legal requirements. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Privacy Policy.


If you have any questions or concerns about this Privacy Policy, please contact us at -- We will do our best to address your questions and concerns.