Privacy Policy
Last Updated: February 28, 2026
This Privacy Policy describes how Versai Labs ("Versai Labs," "we," "us," or "our") collects, uses, stores, and protects personal data in connection with the DataWell website and services. This notice is provided in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").
1. Data Controller
The data controller responsible for the processing of your personal data is:
Versai Labs
Registered Address: 11310 South Orange Blossom Trail #401, Orlando, FL 32837
Email: legal@versailabs.com
2. Categories of Personal Data Collected
We process the following categories of personal data:
- Technical data: IP address, browser type, system logs, and related metadata necessary for security and performance monitoring.
- Professional data: company name, job role (optional).
- Identification data: name, email address.
We do not collect special categories of personal data (sensitive data) under Article 9 GDPR.
3. Purposes and Legal Basis of Processing
We process personal data strictly for the purposes listed below:
| Purpose | Data Processed | Legal Basis (GDPR) |
|---|---|---|
| Provide demo access and proof-of-concept onboarding | Identification, professional data | Art. 6(1)(b): performance of a contract |
| Provide user support and communications | Identification, professional data | Art. 6(1)(b): performance of a contract |
| Security monitoring and performance optimization | Technical data | Art. 6(1)(f): legitimate interests in maintaining security and service quality |
| Sending important service updates | Identification data | Art. 6(1)(f): legitimate interests in keeping users informed of service status |
Consent (Art. 6(1)(a)) is obtained where required, specifically through form submissions and demo registration.
4. Data Recipients and Third-Party Processors
We do not sell or commercially share personal data. Data is disclosed only as follows:
- Hosting provider: Google Cloud Platform (GCP), acting as a data processor under a Data Processing Agreement (DPA). GCP maintains GDPR compliance and certifications. See Google Cloud Privacy Notice: https://cloud.google.com/security/privacy
Authorized personnel of Versai Labs may access data strictly on a need-to-know basis, subject to confidentiality obligations.
5. International Data Transfers
All personal data is hosted and processed within the European Union (EU)/European Economic Area (EEA). No international transfers occur. If future transfers outside the EU/EEA are necessary, they will only be made under appropriate safeguards in accordance with Chapter V GDPR (e.g., Standard Contractual Clauses).
6. Data Retention
- Technical and telemetry data: processed in-memory only, never written to persistent storage, and erased immediately after analysis.
- Support communications: retained for up to 12 months after closure of the support request.
- Demo and POC data (names, emails, company, role): retained for the duration of the proof-of-concept engagement and deleted within 30 days after completion, unless longer retention is required by law or requested by the user.
We regularly review retention schedules to ensure compliance with Article 5(1)(e) GDPR ("storage limitation").
7. Security Measures
We implement appropriate technical and organizational measures under Article 32 GDPR, including but not limited to:
- Regular security reviews and patch management.
- Audit logging of administrative access.
- Access controls limited to authorized Versai Labs staff.
- TLS/SSL encryption for all data in transit.
- Hosting on Google Cloud Platform, with ISO 27001 and SOC 2 certifications.
8. Data Subject Rights
Under GDPR, you have the following rights regarding your personal data:
- Right to withdraw consent (Art. 7(3)): if processing is based on consent, you may withdraw at any time.
- Right to object (Art. 21): object to processing based on legitimate interests.
- Right to data portability (Art. 20).
- Right to restriction of processing (Art. 18).
- Right to erasure (Art. 17): request deletion of your data ("right to be forgotten").
- Right to rectification (Art. 16): correct inaccurate or incomplete data.
- Right of access (Art. 15): obtain a copy of your personal data.
Requests can be submitted to legal@versailabs.com. We will respond within one month as required by GDPR.
9. Right to Lodge a Complaint
If you believe your rights under GDPR have been infringed, you have the right to lodge a complaint with your local Supervisory Authority. A list of authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en
10. Updates to this Policy
We may amend this Privacy Policy as necessary to remain compliant with GDPR and other applicable laws. Updates will be posted on this page with a new "last updated" date. Where changes materially affect data subjects, registered users will also be notified via email.
11. Contact
For all privacy-related inquiries, please contact:
Versai Labs, Data Protection
Email: legal@versailabs.com
Registered Address: 11310 South Orange Blossom Trail #401, Orlando, FL 32837